Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie Mel

Developing and Using a Software Bill of Materials Framework

Apr 4th, 2024 37m 37s

With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third

The Importance of Diversity in Cybersecurity: Carol Ware

Mar 21st, 2024 26m 37s

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in

The Importance of Diversity in Software Engineering: Suzanne Miller

Mar 21st, 2024 29m 2s

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the importance o

The Importance of Diversity in Artificial Intelligence: Violet Turri

Mar 15th, 2024 16m 57s

Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineeri

The Importance of Diversity in Cybersecurity: Carol Ware

Mar 14th, 2024 26m 37s

In this podcst from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Ware, a senior cybersecurity engineer in the SEI's CERT Division, discusses her career path, the value of mentorship, and the importance of diversit

Using Large Language Models in the National Security Realm

Feb 16th, 2024 34m 45s

At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflo

Atypical Applications of Agile and DevSecOps Principles

Feb 9th, 2024 33m 41s

Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software c

When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction

Jan 31st, 2024 35m 21s

Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important conside

The Impact of Architecture on Cyber-Physical Systems Safety

Jan 24th, 2024 34m 5s

As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only crea

ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies

Dec 14th, 2023 46m 22s

To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studie

The Cybersecurity of Quantum Computing: 6 Areas of Research

Nov 28th, 2023 23m 1s

Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI

User-Centric Metrics for Agile

Nov 16th, 2023 31m 41s

Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be

The Product Manager’s Evolving Role in Software and Systems Development

Nov 10th, 2023 24m 19s

In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lif

Measuring the Trustworthiness of AI Systems

Oct 12th, 2023 19m 27s

The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build approp

Actionable Data in the DevSecOps Pipeline

Sep 13th, 2023 31m 58s

In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program

Insider Risk Management in the Post-Pandemic Workplace

Sep 8th, 2023 47m 34s

In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterp

An Agile Approach to Independent Verification and Validation

Aug 9th, 2023 31m 57s

Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineer

Zero Trust Architecture: Best Practices Observed in Industry

Jul 26th, 2023 27m 53s

Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear i

Automating Infrastructure as Code with Ansible and Molecule

Jul 10th, 2023 39m 38s

In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing role

Identifying and Preventing the Next SolarWinds

Jun 20th, 2023 46m 4s

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and ho

A Penetration Testing Findings Repository

Jun 13th, 2023 25m 47s

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that

Understanding Vulnerabilities in the Rust Programming Language

Jun 8th, 2023 36m 45s

While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree w

Rust Vulnerability Analysis and Maturity Challenges

Jun 6th, 2023 1h 30m

We Live in Software: Engineering Societal-Scale Systems

May 18th, 2023 39m 31s

Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mecha