[ad_1]
As a part of an ongoing effort to maintain you knowledgeable about our newest work, this weblog publish summarizes some just lately printed SEI studies, podcasts, and webcasts highlighting our work in coordinated vulnerability disclosure, cyber danger and resilience administration, automation, and the science of cybersecurity. These publications spotlight the most recent work of SEI technologists in these areas.
Now we have additionally included the SEI 12 months in Evaluation in addition to a podcast exploring the significance of fostering variety in software program engineering and a webcast that includes alternatives for girls in cybersecurity.
This publish features a itemizing of every publication, creator(s), and hyperlinks the place they are often accessed on the SEI web site.
The SEI listens and probes intently to study our sponsor’s wants, in order that our work gives a path to fixing vital synthetic intelligence (AI), software program engineering, and cybersecurity points. On this SEI 12 months in Evaluation, you’ll learn of some distinguished current outcomes that specific our loud and clear response:
- With funding and help by the Workplace of the Director of Nationwide Intelligence, the SEI is fostering a group to develop a self-discipline for AI engineering, to guarantee that AI-enabled techniques are scalable, strong and safe, and human-centered.
- Having been on the forefront of software program engineering applied sciences and practices for many years, we’ve launched an effort to construct and lead a group that may type a nationwide agenda to architect the way forward for software program engineering and articulate a analysis roadmap.
Persevering with to carry collectively authorities and business, we launched the CERT/CC Vulnerability Data and Coordination Surroundings (VINCE) to extend the extent of direct collaboration between vulnerability reporters, coordinators, and software program distributors.
Obtain the SEI 12 months in Evaluation.
A State-Primarily based Mannequin for Multi-Get together Coordinated Vulnerability Disclosure (MPCVD)
by Allen D. Householder, Jonathan Spring
Coordinated Vulnerability Disclosure (CVD) stands as a consensus response to the persistent reality of weak software program, but few efficiency indicators have been proposed to measure its efficacy on the broadest scales. On this report, we search to fill that hole. We start by deriving a mannequin of all doable CVD histories from first ideas, organizing these histories right into a partial ordering primarily based on a set of desired standards. We then compute a baseline expectation for the frequency of every desired standards and suggest a brand new set of efficiency indicators to measure the efficacy of CVD practices primarily based on the differentiation of ability and luck in commentary knowledge. As a proof of idea, we apply these indicators to quite a lot of longitudinal observations of CVD follow and discover proof of serious ability to be prevalent. We conclude with reflections on how this mannequin and its accompanying efficiency indicators may very well be utilized by numerous stakeholders (distributors, system house owners, coordinators, and governments) to interpret the standard of their CVD practices.
Obtain the SEI particular report.
Planning and Design Concerns for Information Facilities
by Lyndsi A. Hughes, David Sweeney, and Mark Kasunic
This report shares vital classes discovered from establishing small- to mid-size knowledge facilities. These knowledge facilities had been established inside their very own group and for shopper organizations inside the US authorities to help improvement and operations. Their present focus is to ascertain on-premises knowledge facilities that help fashionable DevSecOps practices and enabling applied sciences.
This report is meant to assist info know-how (IT) personnel and administration who’re chargeable for designing and deploying knowledge heart know-how to grow to be aware of matters that have to be addressed for a profitable end result. Whereas it’s past the scope of the report back to delve into all the small print related to implementing knowledge heart operations, it’ll assist IT personnel and administration get began.
Obtain the SEI technical observe.
Accenture: An Automation Maturity Journey
by Rajendra T. Prasad (Accenture)
Accenture, an early adopter of the Functionality Maturity Mannequin Integration (CMMI) framework, confronted quite a few challenges associated to a quickly altering market. Its purchasers had been trying to Accenture to assist them “hyper-drive” system transformations to attain larger value effectiveness, sooner pace, higher high quality, and steady innovation to remain related out there. To realize these objectives, Accenture launched an automation journey constructed round what it calls “The 4S Mannequin”: Easy, Seamless, Scalable, Sustainable. The method produced clever instruments to automation for transformation that enabled Accenture and its purchasers to remodel quickly and meet the challenges of a altering market and enterprise panorama. Course of enchancment initiatives at the moment are carried out throughout greater than 50 % of Accenture’s business shopper base, with new automation alternatives recognized each three hours. Automation technique, course of, and know-how applications established have proven an influence on shopper worth delivered, supply efficiency, and folks efficiency. A number of the key metrics which have proven a big enchancment persistently are productiveness, high quality (defects), effort, and schedule. In 2020, the Carnegie Mellon College Software program Engineering Institute and IEEE acknowledged Accenture with the Watts Humphrey Software program Course of Achievement Award. For extra info on the SPA Award, go to https://assets.sei.cmu.edu/news-events/occasions/watts/.
Obtain the SEI technical report.
Fostering Variety in Software program Engineering
Grace Lewis, Ipek Ozkaya, Jay Palat, Nathan R. West
On this SEI Podcast, Grace Lewis hosts a panel dialogue with Ipek Ozkaya, Nathan West, and Jay Palat about variety in software program engineering. Panelists share their views about their very own experiences within the software program engineering discipline, the worth of variety to boost downside fixing from a number of views, and methods for supporting and inspiring underrepresented teams to grow to be concerned within the discipline.
View/hearken to the podcast.
Alternatives for Ladies in Cybersecurity
by Matthew J. Butkovic, Ebonie McNeil, Sharon Mudd, Marisa Midler
In Could 2021, in accordance with CyberSeek, the cybersecurity job market useful resource, there have been roughly 465,000 open positions in cybersecurity nationwide. With such a big pool of jobs, alternatives exist for all candidates.
On this episode, you meet SEI employees members who come from various, academic, cultural, {and professional} backgrounds. SEI technical director Matthew Butkovic interviews Sharon Mudd, senior cybersecurity operation researcher; Ebonie McNeil, DevOps engineer; Marisa Midler, affiliate penetration tester; and Wei-ren Murray, software program engineer. They focus on careers in cybersecurity, and share the highlights of their work on the SEI, in addition to challenges and classes discovered alongside the way in which. In addition they overview the SEI’s involvement within the WiCYS (Ladies in Cybersecurity) 2021 Convention and the way it’s serving to recruit candidates to fill open positions.
View the webcast.
Making use of Scientific Strategies in Cybersecurity
by Leigh B. Metcalf and Jonathan Spring
On this SEI Podcast, Leigh Metcalf and Jonathan Spring focus on with Suzanne Miller the applying of scientific strategies to cybersecurity. As described of their just lately printed guide, Utilizing Science in Cybersecurity, Metcalf and Spring describe a common sense method and sensible instruments for making use of scientific rigor to the sector of cybersecurity.
View/hearken to the podcast.
Extra Sources
View the most recent SEI analysis within the SEI Digital Library.
View the most recent installments within the SEI Podcast Collection.
View the most recent installments within the SEI Webinar Collection.
[ad_2]
