Software Engineering Institute (SEI) Podcast Series

In this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make wrong predictions and give inaccurate estimates for the uncertainty of their predictions. It can be difficult to predict when their predictions will be wrong. Heim also discusses new techniques to quantify uncertainty, identify causes of uncertainty, and efficiently update ML models to reduce uncertainty in their predictions. The work of Heim and colleagues at the SEI Emerging Technology Center closes the gap between the scientific and mathematical advances from the ML research community and the practitioners who use the systems in real-life contexts, such as software engineers, software developers, data scientists, and system developers.

In this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University's Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in concert with the Architecture Analysis and Design Language (AADL) to model and validate confidentiality. Greenhouse and Miller also discuss 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model. Mapping Bell–LaPadula to AADL allows the expression of key concepts within the AADL model so that they can be analyzed automatically.

Nataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University's Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design. MBSE is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems.

Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University's Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.

In this SEI Podcast, digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith, both with the SEI's Emerging Technology Center at Carnegie Mellon University, discuss how AI Engineering can support organizations to implement AI systems. The conversation covers the steps that organizations need to take (as well as the hard conversations that need to occur) before they are AI ready.

The robustness and security of artificial intelligence, and specifically machine learning (ML), is of vital importance. Yet, ML systems are vulnerable to adversarial attacks. These can range from an attacker attempting to make the ML system learn the wrong thing (data poisoning), do the wrong thing (evasion attacks), or reveal the wrong thing (model inversion). Although there are several efforts to provide detailed taxonomies of the kinds of attacks that can be launched against a machine learning system, none are organized around operational concerns. In this podcast, Jonathan Spring, Nathan VanHoudnos, and Allen Householder, all researchers at the Carnegie Mellon University Software Engineering Institute, discuss the management of vulnerabilities in ML systems as well as the Adversarial ML Threat Matrix, which aims to close this gap between academic taxonomies and operational concerns.

In this SEI Podcast, Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by AI and machine learning—and the critical need for an AI engineering discipline to grow the AI workforce.

DevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization, as well as with acquirers, suppliers, and other stakeholders in the life of a software system. In this SEI podcast, Hasan Yasar, technical director of the Continuous Deployment of Capability group in the Software Solutions Division of the SEI, discusses the transition from DevOps to DevSecOps.

In this SEI Podcast, Keith Korzec discusses the Mission-Based Prioritization method for prioritizing Agile backlogs. This method overcomes the shortcomings of prioritization based on "weighted shortest job first" and utilizes objective, mission-focused criteria while allowing ongoing re-prioritization to be conducted with minimal overhead.

Digital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are developed for everything, not just for software, but for all components of a system of systems, hardware and software. The models and associated data are stored in a singular repository of knowledge and are the single source that is used by all contractors and everyone working on the project. In this SEI Podcast, David Shepard, a researcher with the Carnegie Mellon University Software Engineering Institute, discusses digital engineering and its relationship with DevSecOps.