Software Engineering Institute (SEI) Podcast Series

In November 2016, Internet users across the Eastern Seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. Known as the Dyn attack, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends Report states that DDoS attack activity increased 85 percent in each of the last two years, with 32 percent of those attacks in the fourth quarter of 2015 targeting IT services, cloud computing, and software-as-a-service companies. In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them. Listen on Apple Podcasts.

Effective cybersecurity engineering requires the integration of security into the software acquisition and development lifecycle. For engineering to address security effectively, requirements that establish the target goal for security must be in place. Risk management must include identification of possible threats and vulnerabilities within the system, along with the ways to accept or address them. There will always be cyber security risk, but engineers, managers, and organizations must be able to plan for the ways in which a system should avoid as well as recognize, resist, and recover from an attack. In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles that address the challenges of acquiring, building, deploying, and sustaining software systems to achieve a desired level of confidence for software assurance. Listen on Apple Podcasts.

Dynamic network defense (or moving target defense) is based on a simple premise: a moving target is harder to attack than a stationary target. In recent years the government has invested substantially into moving target and adaptive cyber defense. This rapidly growing field has seen recent developments of many new technologies—defenses that range from shuffling of client-to-server assignments to protect against distributed denial-of-service (DDoS) attacks, to packet header rewriting, to rebooting servers. As researchers develop new technologies, they need a centralized reference platform where new technologies can be vetted to see where they complement each other and where they do not, as well as a standard against which future technologies can be evaluated. In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses. Listen on Apple Podcasts.

Cyber intelligence is the acquisition of information to identify, track, or predict the cyber capabilities and actions of malicious actors to offer courses of action to decision makers charged with protecting organizations. In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's latest work in cyber intelligence as well as the Cyber Intelligence Research Consortium, which brings together organizations from a variety of sectors to exchange cyber intelligence ideas, participate in hands-on training activities, and learn about emerging cyber intelligence technologies from experts in the field. Listen on Apple Podcasts.

In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. ReqSpec is based on the draft Requirements Definition and Analysis Language Annex, which defines a meta-model for requirement specification as annotations to AADL models. A set of plug-ins to the Open Source AADL Tool Environment (OSATE) toolset supports the ReqSpec language. Users can follow an architecture-led requirement specification process that uses AADL models to represent the system in its operational context as well as the architecture of the system of interest. ReqSpec can also be used to represent existing stakeholder and system requirement documents. Requirement documents represented in the Requirements Interchange Format can be imported into OSATE to migrate such documents into an architecture-centric virtual integration process. Finally, ReqSpec is an element of an architecture-led, incremental approach to system assurance. In this approach, requirements specifications are complemented with verification plans. When executed, these plans produce evidence that a system implementation satisfies the requirements. Listen on Apple Podcasts.

Whether you are a CISO, CISO equivalent, or have another title with organizational cybersecurity responsibilities, the role you play in your organization to protect and sustain the key information and technical assets needed to achieve the mission is critical in today's landscape of data breaches, nation-state hackers, and increased threats to the business. In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's fast-paced cybersecurity field. Listen on Apple Podcasts.

To ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle and cannot be patched away in later phases. They result from poor (or incomplete) security requirements, system designs, and architecture choices for which security has not been given appropriate priority. Effective use of metrics and methods that apply systematic consideration for security risk can highlight gaps earlier in the lifecycle before the impact is felt and when the cost of addressing these gaps is less. In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security. Listen on Apple Podcasts.

By the close of 2016, annual global IP traffic will pass the zettabyte ([ZB]; 1000 exabytes [EB]) threshold and will reach 2.3 ZBs per year by 2020, according to Cisco's Visual Networking Index. While capturing and evaluating network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions, operators of networks with even comparatively modest size struggle with building a full, comprehensive view of network activity. To make wise security decisions, operators need to understand the mission activity on their network and the threats to that activity (referred to as network situational awareness). In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security. Listen on Apple Podcasts.

In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Community College. The two-year degree program in secure software development, which is based on the SEI's software assurance curriculum, is the result of a collaboration between Central Illinois Center of Excellence for Secure Software and Illinois Central College. The program, which also incorporates an apprenticeship model, was developed in response to industry needs. Listen on Apple Podcasts.

Internet-connected devices—from cars, insulin pumps, and baby monitors to thermostats and coffee makers—are growing in number and complexity. Most of these Internet of Things (IoT) devices weren't built with connectivity and security in mind, leaving them vulnerable to attacks. In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices. Listen on Apple Podcasts.

The position of SEI Fellow is awarded to people who have made an outstanding contribution to the work of the SEI and from whom the SEI leadership may expect valuable advice for continued success in the institute's mission. Nancy Mead, a principal researcher in the SEI's CERT Division, was named an SEI Fellow in 2013. This podcast is the first in a series highlighting interviews with SEI Fellows. Listen on Apple Podcasts.

Safety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a quadcopter drone, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard. Standards such as ARP4761 mandate several analyses, such as Functional Hazard Assessment and Failure Mode and Effect Analysis. One popular type of safety analysis is Fault Tree Analysis (FTA), which provides a graphical representation of all contributors to a failure (e.g., error events and propagations). In this podcast, Julien Delange discusses the concepts of the FTA and introduce a new tool to design and analyze fault trees. Listen on Apple Podcasts.

Organizations "are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the organizations' decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services." In this podcast, Edna Conway, Chief Security Officer, Global Value Chain and Cisco, and John Haller, a member of the CERT Cyber Assurance team, discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. Listen on Apple Podcasts.

Intelligence preparation for Operational Resilience (IPOR) is a structured framework that decision makers can use to: •identify intelligence needs •consume the information received by intelligence sources •make informed decisions about the organization and courses of action In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Listen on Apple Podcasts.

In the past decade, the U.S. Air Force has built up great capability with the Distributed Common Ground System (AF DCGS), the Air Force's primary weapon system for intelligence, surveillance, reconnaissance, planning, direction, collection, processing, exploitation, analysis, and dissemination. AF DCGS employs a global communications architecture that connects multiple intelligence platforms and sensors. In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability. Listen on Apple Podcasts.

Threat modeling, which has been popularized by Microsoft in the last decade, provides vulnerability analysts a means to analyze a system and identify various attack surfaces and use that knowledge to bolster a system against vulnerabilities. In this podcast, Art Manion and Allen Householder of CERT's vulnerability analysis team, talk about threat modeling and its use in improving security of the Internet of Things. Listen on Apple Podcasts.

Due to advances in hardware and software technologies, Department of Defense (DoD) systems today are highly capable and complex. However, they also face increasing scale, computation, and security challenges. Compounding these challenges, DoD systems were historically designed using stove-piped architectures that lock the government into a small number of system integrators, each devising proprietary point solutions that are expensive to develop and sustain over the lifecycle. Although these stove-piped solutions have been problematic (and unsustainable) for years, the budget cuts occurring under sequestration are motivating the DoD to reinvigorate its focus on identifying alternative means to drive down costs, create more affordable acquisition choices, and improve acquisition program performance. A promising approach to meet these goals is open systems architecture (OSA). In this podcast, Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large monolithic business and technical architectures into manageable and modular solutions that can integrate innovation more rapidly and lower total ownership costs. Listen on Apple Podcasts.

The Department of Defense (DoD) must focus on sustaining legacy weapons systems that are no longer in production, but are expected to remain a key component of our defense capability for decades to come. Despite the fact that these legacy systems are no longer in the acquisition phase, software upgrade cycles are needed to refresh their capabilities every 18 to 24 months. In addition, significant modernization can often be made by more extensive, focused software upgrades with relatively modest hardware changes. In this podcast, Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across its software engineering centers. These examples are tied to SEI research on capability maturity models, agility, and the Architecture Analysis and Design Language (AADL) modeling notation. Listen on Apple Podcasts.

Safety-critical systems are becoming extremely software-reliant. Software complexity can increase total acquisition costs as much as 16 percent. The Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project aims to identify and remove complexity in software models. At the same time, safety-critical development is shifting from traditional programming (e.g., Ada, C) to modeling languages (e.g., Simulink, SCADE). In this podcast, Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models. Listen on Apple Podcasts.

We know from existing SEI work on attribute-driven design, Quality Attribute Workshops, and the Architecture Tradeoff Analysis Method that a focus on quality attributes prevents costly rework. Such a long-term perspective, however, can be hard to maintain in a high-tempo, agile delivery model, which is why the SEI continues to recommend an architecture-centric engineering approach, regardless of the software methodology chosen. As part of our work in value-driven incremental delivery, we conducted exploratory interviews with teams in these high-tempo environments to characterize how they managed architectural quality attribute requirements (QARs). These requirements—such as performance, security, and availability—have a profound impact on system architecture and design, yet are often hard to divide, or slice, into the iteration-sized user stories common to iterative and incremental development. This difficulty typically exists because some attributes, such as performance, touch multiple parts of the system. In this podcast, Neil Ernst discusses research on slicing (refining) performance in two production software systems and ratcheting (periodic increase of a specific response measure) of scenario components to allocate QAR work. Listen on Apple Podcasts.

Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When researchers on the CERT Secure Coding Team began writing the SEI CERT Oracle Coding Standard for Java, they thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because Java was designed with security in mind. They also assumed that a more secure language would need fewer rules than a less secure one. However, Java has 168 coding rules compared to just 116 for C. Why? Are there problems with our C or Java rules, or are Java programs, on average, just as susceptible to vulnerabilities as C programs? In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C. Listen on Apple Podcasts.

In our studies of many large-scale software systems, we have observed that defective files seldom exist alone. They are usually architecturally connected, and their architectural structures exhibit significant design flaws that propagate bugginess among files. We call these flawed structures the architecture roots, a type of technical debt that incurs high maintenance penalties. Removing the architecture roots of bugginess requires refactoring, but the benefits of refactoring have historically been difficult for architects to quantify or justify. In this podcast, Rick Kazman and Carol Woody discuss an approach to model and analyze software architecture as a set of design rule spaces). Using data extracted from the project's development artifacts, this approach identifies the files implicated in architecture flaws and suggest refactorings based on removing these flaws. Listen on Apple Podcasts.

The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real-world software security initiatives. It is built directly from data observed in 78 software security initiatives from firms in nine market sectors. The best way to use the BSIMM is to compare and contrast your own initiative with the data about what other organizations are doing as described in the model. You can then identify goals and objectives and refer to the BSIMM to determine which additional activities make sense for you.The BSIMM data show that high maturity initiatives are well-rounded—carrying out numerous activities in all 12 of the practices described by the model. The model also describes how mature software security initiatives evolve, change, and improve over time.In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations. Listen on Apple Podcasts.

Grady Booch recently delivered a presentation as part of the SEI's CTO Distinguished Speaker Series where he discussed his perspectives on the biggest challenges for the future of software engineering. During his visit to the SEI, he sat down for an interview with SEI Fellow Nancy Mead for the SEI Podcast Series. Booch will be a keynote speaker at SATURN 2016. Please click the related link below for additional details. Listen on Apple Podcasts.

Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today's increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations based on inputs from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents. Listen on Apple Podcasts.

Every day another story arises about a significant breach at a major company or Government agency. Increasingly, cybersecurity is being viewed as a risk management issue by CEOs and boards of directors. So how does corporate America address risk? Insurance. Since, like a natural disaster, a company cannot completely avoid cyber attacks, the next best option is to mitigate the impact these attacks can have. [1]In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies. Listen on Apple Podcasts.

In their haste to deliver software capabilities, developers sometimes engage in less-than-optimal coding practices. If not addressed, these shortcuts can ultimately yield unexpected rework costs that offset the benefits of rapid delivery. Technical debt conceptualizes the tradeoff between the short-term benefits of rapid delivery and long-term value. Taking shortcuts to expedite the delivery of features in the short term incurs technical debt, analogous to financial debt, that must be paid off later to optimize long-term success. Managing technical debt is an increasingly critical aspect of producing cost-effective, timely, and high-quality software products, especially in projects that apply agile methods. A delicate balance is needed between the desire to release new software features rapidly to satisfy users and the desire to practice sound software engineering that reduces rework. Too often, however, technical debt focuses on coding issues when a broader perspective—one that incorporates software architectural concerns—is needed. In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the development of a technical debt timeline. Listen on Apple Podcasts.

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (Pitt), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). The University of Pittsburgh is a large, decentralized institution with a diverse population of networks and information types. The challenge of balancing academic freedom with security and protection of research data is put to the test every day. The use of the CSF, created by NIST as a common starting point for improving the cybersecurity of critical infrastructure providers, has proven valuable to help Pitt understand its baseline security posture, prioritize gaps, and set a target profile for improvement. The flexibility of the five NIST CSF categories (Identify, Protect, Detect, Respond, Recover) provide a solid starting point from which to understand the information security practices that are already in place at Pitt and the practices that are needed to improve the overall program. The podcast is based on a presentation available here. Listen on Apple Podcasts.

Modern society is deeply and irreversibly dependent on software systems of remarkable scope and complexity in areas that are essential for preserving our way of life. Software assurance is critical to ensuring our confidence in these systems and that they are free from vulnerabilities, function in the intended manner, and provide security capabilities appropriate to the threat environment. In this podcast, Dr. Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges. Listen on Apple Podcasts.

One of the most important and widely discussed trends within the software testing community is shift left testing, which simply means beginning testing as early as practical in the lifecycle. What is less widely known, both inside and outside the testing community, is that testers can employ four fundamentally-different approaches to shift testing to the left. Unfortunately, different people commonly use the generic term shift left to mean different approaches, which can lead to serious misunderstandings. In this post, SEI principal researcher Don Firesmith explains the importance of shift left testing and defines each of these four approaches using variants of the classic V model to illustrate them. Listen on Apple Podcasts.

High performance computing is now central to the federal government and industry as evidenced by the shift from single-core and multi-core or homogeneous central processing units, also known as CPUs, to many core and heterogeneous systems that also include other types of processors like graphics processing units, also known as GPUs.In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of these more powerful heterogeneous supercomputers to perform graph analytics at larger scales and more quickly, while making them simpler to program. Graph analytics are more complex, and thus, more difficult to program. These algorithms are used in the DoD-mission applications including intelligence analysis, knowledge representation and reasoning in autonomous systems, cyber intelligence and security, routing planning, and logistics optimization. Listen on Apple Podcasts.

In this podcast, Dr. Richard Young, a professor with Carnegie Mellon's Tepper School of Business, teams with Sam Perl, a member of the CERT Division's Enterprise Threat and Vulnerability Management team, to discuss their research on how expert cybersecurity incident handlers think, learn, and act when faced with an incident. The research study focuses on critical cognitive factors that such experts use to make decisions when faced with a complex incident, including how to deal with critical information that is missing. Study results may be used to enhance the knowledge and skills of less experienced responders. Listen on Apple Podcasts.

In this podcast, Peter Feiler discusses a case study that demonstrates how an analytical architecture fault-modeling approach can be combined with confidence arguments to diagnose a time-sensitive design error in a control system and to provide evidence that proposed changes to the system address the problem. The analytical approach, based on the SAE Architecture Analysis and Design Language for its well-defined timing and fault-behavior semantics, demonstrates that such hard-to-test errors can be discovered and corrected early in the lifecycle, thereby reducing rework cost. The case study shows that by combining the analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately—increasing our confidence in the system quality. The case study analyzes an aircraft engine control system that manages fuel flow with a stepper motor. The original design was developed and verified in a commercial model-based development environment without discovering the potential for missed step commanding. During system tests, actual fuel flow did not correspond to the desired fuel flow under certain circumstances. The problem was traced to missed execution of commanded steps due to variation in execution time. Listen on Apple Podcasts.

A surprisingly large number of different types of testing exist and are used during the development and operation of software-reliant systems. While most testers, test managers, and other testing stakeholders are quite knowledgeable about a relatively small number of testing types, many people know very little about most of them and are unaware that others even exist. Understanding these different types of testing is important because different types of testing tend to uncover different types of defects and multiple testing types are needed to achieve sufficiently low levels of residual defects. Although not all of these testing types are relevant on all projects, a complete taxonomy can be used to help discover the ones that are appropriate and ensure that no relevant types of testing are accidentally overlooked. Such a taxonomy can also be useful as a way to organize and prioritize one's study of testing. In this podcast, Donald Firesmith introduces the taxonomy of testing types he created to help testers and testing stakeholders select the appropriate types of testing for their specific needs. Listen on Apple Podcasts.

Systems are increasingly software-reliant and interconnected, making design, analysis and evaluation harder than in the past. While new capabilities are welcome, they require more thorough validation. Complexity could mean that design flaws or defects could lead to hazardous conditions that are undiscovered and unresolved. In this podcast, Dr. Sarah Sheard discusses a two-year research project to investigate the nature of complexity, how it manifests in software-reliant systems, such as avionics, how to measure it, and how to tell when too much complexity might lead to safety and certifiability problems. Listen on Apple Podcasts.

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems. Listen on Apple Podcasts.

For several years, the Software Engineering Institute has researched the viability of Agile software development methods within Department of Defense programs and barriers to the adoption of those methods. In this podcast, SEI researcher Eileen Wrubel discusses how software sustainers leverage Agile methods and avoid barriers to using Agile methods. Listen on Apple Podcasts.

Most software systems have some "defects" that are identified by users. Some of these are truly defects in that the requirements were not properly implemented; some are caused by changes made to other systems; still others are requests for enhancement – improvements that would improve the users' experience. These "defects" are generally stored in a database and are worked off in a series of incrementally delivered updates. For most systems, it is not financially feasible to fix all of the concerns in the near term, and indeed some issues may never be addressed. The government program office has an obligation to choose wisely among a set of competing defects to be implemented, especially in a financially constrained environment. In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining releases. Listen on Apple Podcasts.

As the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, Dr. Anind Dey, director of the Human Computer Interaction Institute (HCII) at CMU, and Dr. Jeff Boleng, principal researcher at the SEI, introduce context-aware computing and discuss a collaboration to help dismounted soldiers using context derived from sensors on them and their mobile devices, to ensure that they have the information and sensor support they need to optimize their mission performance. Listen on Apple Podcasts.

As the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, the first in a two-part series, Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore other issues related to sensor-fueled data in the internet of things. Listen on Apple Podcasts.

Software vulnerabilities are defects or weaknesses in a software system that, if exploited, can lead to compromise of the control of a system or the information it contains. The problem of vulnerabilities in fielded software is pervasive and serious. In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division and determined that a large number of significant and pernicious software vulnerabilities likely had their origins early in the software development lifecycle in the requirements and design phases.In this podcast, SEI researchers Mike Konrad and Art Mansion discuss a project that was launched to investigate design-related vulnerabilities and quantify their effects. Listen on Apple Podcasts.

One caveat of outsourcing is that you can outsource business functions, but you cannot outsource the risk and responsibility to a third party. These must be borne by the organization that asks the population to trust they will do the right thing with their data.In this podcast, Matt Butkovic, the Technical Manager of CERT's Cybersecurity Assurance Team, and John Haller, a member of Matt's team, discuss approaches for more effectively managing supply chain risks, focusing on risks arising from "external entities that provide, sustain, or operate Information and Communications Technology (ICT) to support your organization." This is sometimes referred to as third party or external dependency risk. Listen on Apple Podcasts.

In this episode, the 12th and final podcast in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the 12th principle: at regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly. Listen on Apple Podcasts.

In Department of Defense programs, a system of systems (SoS) is integrated to accomplish a number of missions that involve cooperation among individual systems. Understanding the activities conducted within each system and how they interoperate to accomplish the missions of the SoS is of vital importance. A mission thread is a sequence of end-to-end activities and events, given as a series of steps, that accomplish the execution of one or more capabilities that the SoS supports. However, listing the steps and describing them do not reveal all the important concerns associated with cooperation among the systems to accomplish the mission; understanding the architectural and engineering considerations associated with each mission thread is also essential. In this podcast, Michael Gagliardi introduces the Mission Thread Workshop (MTW), a facilitated, stakeholder-centric workshop whose purpose is to elicit and refine end-to-end quality attribute, capability, and engineering considerations for SoS mission threads. Listen on Apple Podcasts.

In this episode, the 11th in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the 11th principle: the best architectures, requirements, and designs emerge from self-organizing teams. Listen on Apple Podcasts.

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop, and identifying improvements for future offerings. The Measuring What Matters Workshop introduces the Goal-Question-Indicator-Metric (GQIM) approach that enables users to derive meaningful metrics for managing cybersecurity risks from strategic and business objectives. This approach helps ensure that organizational leaders have better information to make decisions, take action, and change behaviors. Katie Stewart, Michelle Valdez, Lisa Young, and Julia Allen, the developers and facilitators of this workshop, are all members of CERT's Cyber Resilience Management team. Further details about this workshop can be found in our workshop report. Listen on Apple Podcasts.

In this episode, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the tenth principle: Simplicity—the art of maximizing the amount of work not done—is essential. Listen on Apple Podcasts.

Security vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. In this podcast, Carol Woody and Bill Nichols discuss how a combination of software development and quality techniques can improve software security. Listen on Apple Podcasts.

In this episode, the ninth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the ninth principle: continuous attention to technical excellence and good design enhances Agile. Listen on Apple Podcasts.

The goal of any cybersecurity investment is to reduce the potential impact from cyber risk. Initial investments should be in capability development—the implementation of controls to protect and sustain operations that depend on technology. As capability increases, additional capability investments produce diminishing returns—the curve flattens. At that point, investment in cyber insurance becomes an efficient means to further reduce risk.In this podcast, Jim Cebula, the Technical Manager of CERT's Cybersecurity Risk Management Team, and David White, Chief Knowledge Officer with Axio Global, discuss cyber insurance, its potential role in reducing operational and cybersecurity risk, and how organizations are using it today. We also discuss ongoing CERT research on this topic. Listen on Apple Podcasts.