Software Engineering Institute (SEI) Podcast Series

In this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing.

As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to understand and oversee. When such models fail or do not behave as expected or hoped, it can be hard for developers and end-users to pinpoint why or determine methods for addressing the problem. Explainable AI (XAI) meets the emerging demands of AI engineering by providing insight into the inner workings of these opaque models. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri and Rachel Dzombak, both with the SEI's AI Division, discuss explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans.

In this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology. Hugues and Yankel also discuss how making this integration between DevSecOps and MBSE explicit unlocks both the speed of DevSecOps and the risk reduction of MBSE.

Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration and cross-pollination between the disciplines of systems engineering and software engineering.

In this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB), and how the SEI works with the U.S. Department of Defense to help secure the DIB supply chain.

In this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB), and how the SEI works with the U.S. Department of Defense to help secure the DIB supply chain.

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI's CERT Division, discuss Kaiju, a series of tools that they have developed that allows for malware analysis and reverse engineering. Kajiu helps analysts take better advantage of Ghidra, the National Security Agency's reverse-engineering tool.

In this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led study Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development. In creating this multi-year research and development vision and roadmap for engineering next-generation software-reliant systems, the SEI engaged the software engineering community and assembled an advisory board of senior thought leaders across commercial industry, academia, and government, with participation from Microsoft, Google, SpaceX, Lockheed Martin, Boeing, DARPA, and others.

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI's AI Division, discuss a recent project in which they helped the Defense Innovation Unit (DIU) of the U.S. Department of Defense develop guidelines for responsible use of artificial intelligence (AI), based on the DoD's Ethical Principles for AI. These guidelines can serve as a guide for organizations in industry and government to implement responsible AI considerations into practice in real-world programs.