Software Engineering Institute (SEI) Podcast Series

Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. "If you discover [software defects] at system integration test, the cost of fixing a problem is 300 to 1,000 times higher than doing it upfront. So if upfront, you spent $10,000 fixing it, it's between $3 and $10 million on the backend that you are saving by the way."

Roberta "Bobbie" Stempfley, who was appointed director of the SEI's CERT Division in June 2017, discusses a technical strategy for cybersecurity. "There is never enough time, money, power, resources—whatever it is—and we make design tradeoffs. Adversaries are looking at what opportunities that creates. They are looking at failures in implementation."

Don Faatz and Tim Morrow, researchers with the SEI's CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services.

Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. "If you look at large organizations like the DoD, they have embraced this. They are looking to buy infrastructures as a service and even moving office automation to the cloud. For smaller organizations, though, it is something of a challenge, so we wanted to look at and give people some ideas about the challenges they will face when they do this."

Tim Shimeall and Timur Snoke, researchers in the SEI's CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. "Part of it is the ability to use a wide variety of tools to answer questions about what is happening on the network and to figure out ways to go past inference and supposition and to get facts that can actually provide support for the hypothesis that you're coming up with.

Tracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee's intent to cause physical harm. "A chronology naturally fell out that gave a temporal description of how a particular incident unfolded. So we can see precursor events that foreshadowed the event or the escalation of events that were to

To contain costs, it is essential to understand which factors drive costs over the longer term and can be controlled. In studies of software development, as a research community, we have not done an adequate job of differentiating causal influences from noncausal statistical correlations. In this podcast, Mike Konrad and Bob Stoddard discuss the use of an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve as a better basis for guidance on how to intervene to better control costs.

In this podcast, Dr. Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. The courses for this certificate program focus on software-reliant systems engineering and acquisition activities. The goal of the program is to infuse an awareness of cybersecurity (and an approach to identifying security requirements, engineering risk, and supply chain risk) early in the lifecycle. Listen on Apple Podcasts.

In the SEI's examination of the software sustainment phase of the Department of Defense (DoD) acquisition lifecycle, we have noted that the best descriptor for sustainment efforts for software is "continuous engineering." Typically, during this phase, the hardware elements are repaired or have some structural modifications to carry new weapons or sensors. Software, on the other hand, continues to evolve in response to new security threats, new safety approaches, or new functionality provided within the system of systems. In this podcast, Mike Phillips and Harry Levinson will examine the intersection of three themes—product line practices, software sustainment, and public-private partnerships—that emerged during our work with one government program. Listen on Apple Podcasts.

The SEI Emerging Technology Center is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will culminate in a published report. Through interviews with U.S.-based organizations from a variety of sectors, researchers are identifying tools, practices, and resources that help those organizations make informed decisions that protect their information and assets. In this podcast, Jared Ettinger describes preliminary findings from the interviews including best practices in cyber intelligence. Listen on Apple Podcasts.