Software Engineering Institute (SEI) Podcast Series

By Members of Technical Staff at the Software Engineering Institute

Technology

What's Software Engineering Institute (SEI) Podcast Series about?

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Download our free app to listen on your phone

LAST EPISODE

Actionable Data in the DevS...

09.13.2023

In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the ...

Software Engineering Institute (SEI) Podcast Series episodes:

09.13.2023 Actionable Data in the DevSecOps Pipeline In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the ...
09.08.2023 Insider Risk Management in the Post-Pandemic Workplace In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and ...
08.09.2023 An Agile Approach to Independent Verification and Validation Independent verification and validation (IV&V;) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile ...
07.26.2023 Zero Trust Architecture: Best Practices Observed in Industry Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have ...
07.10.2023 Automating Infrastructure as Code with Ansible and Molecule In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal ...
06.20.2023 Identifying and Preventing the Next SolarWinds In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a ...
06.13.2023 A Penetration Testing Findings Repository In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is ...
06.08.2023 Understanding Vulnerabilities in the Rust Programming Language While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there ...
06.06.2023 Rust Vulnerability Analysis and Maturity Challenges While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there ...
05.18.2023 We Live in Software: Engineering Societal-Scale Systems Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms for global communication and ...
05.10.2023 Secure by Design, Secure by Default In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the ...
05.02.2023 Key Steps to Integrate Secure by Design into Acquisition and Development Secure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles rather than waiting until the system ...
04.18.2023 An Exploration of Enterprise Technical Debt Like all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because ignoring ...
03.29.2023 The Messy Middle of Large Language Models The recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jay Palat, ...
03.21.2023 An Infrastructure-Focused Framework for Adopting DevSecOps DevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable schedule and budget. Despite growing evidence and recognition of the efficacy and ...
03.15.2023 Software Security in Rust Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers ...
02.24.2023 Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron Coordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have evolved in complexity and have become as ...
02.07.2023 Asking the Right Questions to Coordinate Security in the Supply Chain In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework, which helps programs coordinate the ...
01.26.2023 Securing Open Source Software in the DoD In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Scott Hissam, a researcher within the SEI’s Software Solutions Division who works on software assurance in Department of Defense (DoD) systems, talks with Linda Parker Gates, initiative lead ...
12.13.2022 A Model-Based Tool for Designing Safety-Critical Systems In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Sam Procter and Lutz Wrage, researchers with the SEI, discuss the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to help with the design ...
12.07.2022 Managing Developer Velocity and System Security with DevSecOps In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to ...
12.07.2022 Managing Developer Velocity and System Security with DevSecOps In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to ...
11.17.2022 A Method for Assessing Cloud Adoption Risks The shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks. In this podcast from ...
11.15.2022 Software Architecture Patterns for Deployability Competitive pressures in many domains, as well as development paradigms such as Agile and DevSecOps, have led to the increasingly common practice of continuous delivery or continuous deployment where frequent updates to software systems are rapidly and reliably fielded. In ...
10.13.2022 ML-Driven Decision Making in Realistic Cyber Exercises In this podcast from the Carnegie Mellon University Software Engineering Institute, Thomas Podnar and Dustin Updyke, both senior cybersecurity engineers with the SEI’s CERT Division, discuss their work to apply machine learning to increase the realism of non-player characters (NPCs) ...
10.06.2022 A Roadmap for Creating and Using Virtual Prototyping Software In this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of "Creating and Using Virtual Prototyping Software: Principles and Practices" discuss with principal researcher Suzanne Miller experiences and insights that they gleaned from ...
09.23.2022 A Roadmap for Creating and Using Virtual Prototyping Software In this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of Creating and Using Virtual Prototyping Software: Principles, and Practices, discuss with SEI principal researcher Suzanne Miller experiences and insights that they gleaned ...
09.15.2022 Software Architecture Patterns for Robustness In this podcast from the Carnegie Mellon University Software Engineering Institute, visiting scientist Rick Kazman and principal researcher Suzanne Miller discuss software architecture patterns and the effect that certain architectural patterns have on quality attributes, such as availability and robustness. ...
09.08.2022 A Platform-Independent Model for DevSecOps DevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this podcast from the Carnegie Mellon University Software ...
08.18.2022 Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems In this podcast from the Carnegie Mellon University Software Engineering Institute, Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate Optimization Algorithm (QAOA) for the ...
08.05.2022 Trust and AI Systems To ensure trust, artificial intelligence systems need to be built with fairness, accountability, and transparency at each step of the development cycle. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in ...
07.28.2022 A Dive into Deepfakes In this podcast from the Carnegie Mellon University Software Engineering Institute, Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in recent years, their increasing technical ...
07.13.2022 Challenges and Metrics in Digital Engineering Digital engineering uses digital tools and representations in the process of developing, sustaining, and maintaining systems, including requirements, design, analysis, implementation, and test. The digital modeling approach is intended to establish an authoritative source of truth for the system, in ...
07.05.2022 The 4 Phases of the Zero Trust Journey Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations ...
06.21.2022 DevSecOps for AI Engineering In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division, discuss how to ...
06.02.2022 Undiscovered Vulnerabilities: Not Just for Critical Software In this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper ...
05.16.2022 Explainable AI Explained As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to understand and oversee. ...
04.05.2022 Model-Based Systems Engineering Meets DevSecOps In this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology. Hugues and Yankel also discuss how making ...
03.22.2022 Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse ...
03.09.2022 Software and Systems Collaboration in the Era of Smart Systems In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration and cross-pollination between ...
02.22.2022 Securing the Supply Chain for the Defense Industrial Base In this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB), and how the SEI ...
02.08.2022 Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI’s CERT Division, discuss Kaiju, a series of tools that they have ...
01.20.2022 Envisioning the Future of Software Engineering In this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led study Architecting ...
01.11.2022 Implementing the DoD's Ethical AI Principles In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI’s AI Division, discuss a recent project in ...
12.03.2021 Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems In this SEI Podcast, Nickolas Guertin, a senior systems engineer with the SEI’s Software Solutions Division, and Douglas Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss strategies for creating architectures for ...
11.18.2021 Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems Mismatches between the perspectives and practices of the roles involved in the development and fielding of ML systems—data scientists, software engineers, and operations personnel—can affect the ability of systems to achieve their intended missions. In this SEI Podcast, Grace Lewis, ...
11.11.2021 A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad In this SEI Podcast, Mike Konrad, a principal researcher in the SEI's Software Solutions Division, talks with 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture about automation and how SEI-developed process improvement methods ...
11.03.2021 Enabling Transition From Sustainment to Engineering Within the DoD Organic software sustainment organizations within the Department of Defense are expanding beyond their traditional purview of software maintenance into software engineering and development. Instead of repairing and maintaining legacy software in already deployed systems, software sustainment teams must now shift ...
10.25.2021 The Silver Thread of Cyber in the Global Supply Chain The global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience at Carnegie Mellon University’s Software Engineering ...
10.15.2021 Measuring DevSecOps: The Way Forward In this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that automate the development-to-production pipeline, can generate ...

Older episodes