Home
Videos uploaded by user “Software Engineering Institute | Carnegie Mellon University”
Source Code Analysis Laboratory (SCALe) Demo: Running Fortify
 
04:09
David Svoboda, CERT® Software Security Engineer demonstrates the Source Code Analysis Laboratory (SCALe): Running Fortify. We do research and development to create tools to support creation of secure code right from the start, and analytical tools to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). http://www.sei.cmu.edu/legal/index.cfm
Cadence in Agile Development
 
02:17
Watch Will Hayes in this SEI Cyber Minute as he discusses "Cadence in Agile Development."
What is Cyber Intelligence?
 
02:09
Jay McAllister of the SEI describes what "cyber Intelligence" is.
SATURN 2017 Talk: From REST to gRPC: An API Evolution Story
 
29:51
Watch Michael Keeling and Joe Runde deliver their SATURN 2017 talk "From REST to gRPC: AnAPI Evolution Story."
SATURN 2017 Talk: Architecture Decision Records in Action
 
28:08
Watch Michael Keeling and Joe Runde deliver their SATURN 2017 talk "Architecture Decision Records in Action ."
Cyber Investigator Certificate Program
 
02:31
Watch Larry Rogers in this SEI Cyber Minute as he discusses "Teaching Investigators How To Investigate Crimes with a Cyber Component."
What Makes a Good Software Architect?
 
01:29:02
In this webinar, SEI researchers and an industry colleague discussed in two talks What Makes a Good Software Architect? For training the SEI offers in the area of software architecture please see: https://www.sei.cmu.edu/education-outreach/courses/index.cfm Or for information on our annual software architecture conference (SATURN) see: https://resources.sei.cmu.edu/news-events/events/saturn/
Secure Coding Certificates
 
01:53
Watch Bob Schiela in this SEI Cyber Minute as he discusses the "CERT Secure Coding Certificates". For more information on this program please see: http://cert.org/go/secure-coding/
Integrating Security in DevOps
 
28:50
Watch Hasan Yasar discuss "Integrating Security in DevOps" in the SEI Blog & Podcast Series video.
Source Code Analysis Laboratory (SCALe) Demo: Coverity
 
02:44
David Svoboda, CERT® Software Security Engineer demonstrates the Source Code Analysis Laboratory (SCALe): Coverity. We do research and development to create tools to support creation of secure code right from the start, and analytical tools to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). http://www.sei.cmu.edu/legal/index.cfm
CERT Resilience Management Model (RMM)
 
01:23
Watch Lisa Young in this SEI Cyber Minute as she discusses "CERT Resilience Management Model (RMM)".
Improving Cybersecurity Through Cyber Intelligence
 
18:46
SEI Podcast Series: Improving Cybersecurity Through Cyber Intelligence with Jared Ettinger.
Secure Coding Best Practices
 
31:14
Learn why secure coding practices are important to reduce common programming errors that lead to vulnerabilities.
Source Code Analysis Laboratory (SCALe) Demo: Coverity GUI
 
04:42
David Svoboda, CERT® Software Security Engineer demonstrates the Source Code Analysis Laboratory (SCALe): Coverity GUI. We do research and development to create tools to support creation of secure code right from the start, and analytical tools to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). http://www.sei.cmu.edu/legal/index.cfm
FloCon 2015: Finding a Needle in a PCAP by Emily Sarneso
 
30:51
Watch Emily Sarneso of the Software Engineering Institute discuss Finding a Needle in PCAP.
Come Join the SEI
 
03:40
The SEI serves the nation as a Federally Funded Research and Development Center (FFRDC) sponsored by the U.S. Department of Defense (DoD) and is based at Carnegie Mellon University, a global research university annually rated among the best for its programs in computer science and engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.
Tactical Cloudlets
 
01:36
Watch Grace Lewis in this SEI Cyber Minute as she discusses "Tactical Cloudlets".
Moving Target Defense
 
13:05
SEI Podcast Series: Moving Target Defense with Andrew Mellinger.
Authentication and Authorization for Internet of Things (IoT) Devices in Edge Environments
 
11:57
Watch SEI Researcher, Grace Lewis, discuss "Authentication and Authorization for Internet of Things (IoT) Devices in Edge Environments".
Defects in Software
 
01:52
Watch James McHale in this SEI Cyber Minute as he discusses "Defects in Software".
Penetration Testing
 
02:10
Watch Mike Cook in this SEI Cyber Minute as he discusses "Penetration Testing".
Cyber Risk Appetite
 
03:26
Watch Summer Fowler as she discusses "Cyber Risk Appetite" in this SEI Cyber Minute.
SATURN 2016 Keynote: Rethinking Software Design
 
01:17:47
Watch Daniel Jackson from the MIT Computer Science and Artificial Intelligence Laboratory discuss "Rethinking Software Design."
SATURN 2017 Talk: EventStorming: Collaborative Learning for Complex Domains
 
01:28:42
Watch Paul Rayner deliver his SATURN 2017 talk "EventStorming: Collaborative Learning for Complex Domains."
Cyber Security Risk Oversight
 
02:40
Watch Summer Fowler as she discusses "Cyber Security Risk Oversight" in this SEI Cyber Minute.
A Complete DevOps Pipeline: The Foundation for Success
 
02:05
Shane Ficorilli explains some of the requirements for successfully implementing DevOps in your organization, including how to establish a complete deployment pipeline.
Technical Debt as a Core Software Engineering Practice
 
23:04
SEI Podcast Series: Technical Debt as a Core Software Engineering Practice by Ipek Ozkaya
Exploring the System Design Tradespace
 
02:32
Here at the Software Engineering Institute, we have created a new tool prototype that helps explore a system’s design tradespace. The tradespace is the possible combinations of system software, hardware, and configuration options. Our prototype – which combines previous work here at the SEI with software developed at Penn State University – enables system designers to evaluate design options in the tradespace rapidly and automatically. You can find more on guided design tradespace exploration in these SEI resources: SEI Cyber Minutes video • Safety-Critical Design by Shopping https://www.youtube.com/watch?v=M8hcVB6tmaw Poster • Guided Architecture Trade Space Exploration for Safety-Critical Software Systems -- https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=506434 Blog • AADL: Four Real-World Perspectives -- https://insights.sei.cmu.edu/sei_blog/2015/03/aadl-four- real-world-perspectives.htmlhttps://insights.sei.cmu.edu/sei_blog/2014/11/tactical-cloudlets- moving-cloud-computing-to-the-edge.html For more information, write to [email protected]
Best Practices: Network Border Protection
 
24:06
Watch Rachel Kartch discuss "Best Practices: Network Border Protection" in this SEI Podcast Series video.
Is Java More Secure Than C?
 
18:41
SEI Podcast Series: Is Java More Secure Than C? by David Svoboda
CERT® Insider Threat Center Certificate Programs
 
02:46
The insider threat certificates from Carnegie Mellon University's Software Engineering Institute can help organizations satisfy the requirements of Executive Order 13587 with sophisticated, flexible insider threat programs that are tailored to the unique circumstances of individual organizations.
Secure Coding Standards
 
02:10
Watch Bob Schiela in this SEI Cyber Minute as he discusses the "CERT Secure Coding Standards". For more information on this program please see: http://cert.org/go/secure-coding/
What are the challenges in bringing cloud computing to edge environments?
 
03:43
Watch Grace Lewis discuss "What are the challenges in bringing cloud computing to edge environments?" For related content please see: • Establishing Trust in Disconnected Environments (https://insights.sei.cmu.edu/sei_blog/2017/02/establishing-trust-in-disconnected-environments.html) • Tactical Cloudlets: Moving Cloud Computing to the Edge (https://insights.sei.cmu.edu/sei_blog/2014/11/tactical-cloudlets-moving-cloud-computing-to-the-edge.html) • SEI Cyber Minute: Safely Using IoT at the Edge (https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=511232) • Two Perspectives on IoT Security (poster) (https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=506396) • Pursuing an Imagined End-State in Software-based Capability (https://insights.sei.cmu.edu/sei_blog/2017/10/pursuing-an-imagined-end-state-in-software-based-capability.html) • KD-Cloudlet (KVM-based Discoverable Cloudlets (https://github.com/SEI-AMS/pycloud/wiki)
Adding Security to Agile's Scrum
 
02:16
Watch Mark Sherman in this SEI Cyber Minute as he discusses "Adding Security to Agile's Scrum".
SATURN 2017 Talk: Functional Programming Invades Architecture
 
01:23:05
Watch George Fairbanks deliver his SATURN 2017 talk "Functional Programming Invades Architecture."
Explainable AI and Human Computer Interaction
 
04:16
Watch SEI Researcher, April Galyardt, discuss "Explainable AI and Human Computer Interaction".
SATURN 2018 Panel: Death of the Architect, by Paulo Merson et al.
 
45:33
For a long time, various architect titles have been used across the industry, but the roles and responsibilities of the architect have never been very clear. In several places, architects have moved away from engineering responsibilities, forcing some of the brightest engineers to perform tasks that didn't quite require engineering skills or the appetite to learn new technologies. More recently, in many organizations, architecture is becoming a shared concern. In this panel, we'll debate what's happening to the role of software architect and how teams should make important crosscutting design decisions.
Predictable, Scalable Artificial Intelligence
 
02:15
Watch James Edmondson in this SEI Cyber Minute as he discusses "Predictable, Scalable Artificial Intelligence." For more information on the subject of this Cyber Minute, please see the following: Introduction to Autonomy Software: http://sei.cmu.edu/training/ Open-sourced Software MADARA: http://madara.sourceforge.net GAMS: http://jredmondson.github.io/gams DART: http://cps-sei.github.io/dart Autonomy videos: NATO demonstrations: https://www.youtube.com/watch?v=N6PfUubaVMY SMASH project: https://youtu.be/iLnNHwp-H8E
Representing Your Technical Debt
 
02:36
Watch Ipek Ozkaya as she discusses "Representing Your Technical Debt" in this SEI Cyber Minute.
SEI Cyber Minute: The Promise of Quantum Computing
 
03:20
Rob Cunningham discusses the promise of Quantum Computing and highlights some of the remaining scientific and engineering challenges.
Malware Analysis
 
11:02
Automation of static analysis of malicious binaries amplifies the effort of a limited pool of malware analysts and accelerates insight generation captured by higher-level abstractions accessible to more network defenders within the U.S. Department of Defense (DoD). Analyzing large numbers of malware attacking the DoD worldwide infrastructure is a time-consuming process. Malware analysis requires specialized skills, and when confronted with novel malware binaries, malware analysts can spend days (or even weeks) reverse-engineering a single sample. This bottleneck in the process of deriving actionable insights by understanding the threat presented by malware can be mitigated by both automating repetitive tasks and providing more semantically rich abstractions used by a malware analyst and others who use his or her results.
SATURN 2017 Talk: An In-Depth Look at Event Sourcing With CQRS
 
01:34:05
Watch Sebastian von Conrad deliver his SATURN 2017 talk "An In-Depth Look at Event Sourcing With CQRS ."
Software Defined World
 
01:32
Watch Jeff Boleng in this SEI Cyber Minute as he discusses a "Software Defined World".
SATURN 2018 Talk: Cloud-Native Patterns/Anti-Patterns, by Vishal Prabhu and Sean Gilbert
 
27:59
Most enterprises understand the value of the cloud but have a significant drag on their ability to define a path forward. While cloud strategies are being defined and target states identified, enterprises typically lack resources, funding, and skill sets to refactor applications for the cloud. Mining cloud-native patterns/anti-patterns has established a rule set for assessing cloud suitability of .NET and Java enterprise applications. These rules assess the vulnerabilities, performance, availability, dependencies, scalability, portability, and code quality attributes in the application. In this presentation, we will examine a few critical samples of 350-plus rules for Java applications and 250-plus rules for .NET applications identified so far to assess an application’s cloud readiness. These rules form the basis of the cloud assessment tool’s rule set that we are implementing as the SonarQube plugin. The tool helps enterprises accelerate cloud adoption by assessing application code in minutes instead of months. The tool has been used successfully in multiple enterprise assessments and helped migrate existing systems to cloud. Attendees will learn the cloud-native patterns/anti-patterns for assessing cloud suitability of .NET and Java enterprise applications and the common challenges in enterprise systems migrating to cloud.
SEI Cyber Minute: Deep Learning in Cybersecurity
 
01:37
Eliezer Kanal explains deep learning, a subfield of artificial intelligence, and how the SEI is conducting research to learn how it might be used to advance cybersecurity.
SATURN 2015 Talk: My Silver Toolbox: Building Models Quickly + Carefully by George Fairbanks
 
07:13
Watch George Fairbanks discuss My Silver Toolbox: Building Models Quickly + Carefully.
DNS Best Practices
 
27:05
SEI Podcast Series: DNS Best Practices by Mark Langston
Coordinated Vulnerability Disclosure
 
01:45
Watch Art Manion in this SEI Cyber Minute as he discusses "Coordinated Vulnerability Disclosure".