Software Engineering Institute (SEI) Podcast Series
426 episodes - English - Latest episode: 14 days ago - ★★★★★ - 18 ratingsThe SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Applying Agile in the DoD: Eighth Principle
October 09, 2014 17:00 - 13 minutes - 12.3 MBIn this episode, the eighth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the eighth principle: Agile processes promotes sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely. Listen on Apple Podcasts.
A Taxonomy of Operational Risks for Cyber Security
October 07, 2014 17:00 - 32 minutes - 15 MBOrganizations of all sizes in both the public and private sectors are increasingly reliant on information and technology assets, supported by people and facility assets, to successfully execute business processes that, in turn, support the delivery of services. Failure of these assets has a direct, negative impact on the business processes they support. This, in turn, can cascade into an inability to deliver services, which ultimately impacts the organizational mission. Given these relationsh...
Agile Metrics
September 25, 2014 17:00 - 24 minutes - 22 MBAs the prevalence of suppliers using Agile methods grows, these professionals supporting the acquisition and maintenance of software-reliant systems are witnessing large portions of the industry moving away from so-called "traditional waterfall" lifecycle processes. The existing infrastructure supporting the work of acquisition professionals has been shaped by the experience of the industry—which up until recently has tended to follow a waterfall process. The industry is finding that the meth...
Four Principles for Engineering Scalable, Big Data Systems
September 11, 2014 17:00 - 20 minutes - 18.5 MBIn this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system. These principles can help architects continually validate major design decisions across development iterations, and hence provide a guide through the complex collection of design trade-offs all big data systems require. Listen on Apple Podcasts.
An Appraisal of Systems Engineering: Defense v. Non-Defense
August 28, 2014 17:00 - 14 minutes - 12.9 MBIn this podcast, Joseph Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness. This research is the result analysis of data collected from the 2011 Systems Engineering (SE) Effectiveness Survey performed by the National Defense Industrial Association Systems Engineering Division, the Institute of Electrical and Electronics Engineers Aerospace and Electronic Systems Society, and the SEI. This a...
HTML5 for Mobile Apps at the Edge
August 14, 2014 17:00 - 20 minutes - 19.1 MBMany warfighters and first responders operate at what we call "the tactical edge," where users are constrained by limited communication connectivity, storage availability, processing power, and battery life. In these environments, onboard sensors are used to capture data on behalf of mobile applications to perform tasks such as face recognition, speech recognition, natural language translation, and situational awareness. These applications then rely on network interfaces to send the data to n...
Applying Agile in the DoD: Seventh Principle
July 24, 2014 17:00 - 17 minutes - 16.4 MBIn this episode, the seventh in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the seventh principle: Working software is the primary measure of progress. Listen on Apple Podcasts.
AADL and Edgewater
July 10, 2014 17:00 - 8 minutes - 7.96 MBIn 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast is the third in a series based on these interviews. Listen on Apple Podcasts.
Security and Wireless Emergency Alerts
June 26, 2014 17:00 - 12 minutes - 11.5 MBThe Wireless Emergency Alerts (WEA) service depends on information technology (IT)—computer systems and networks—to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, the WEA service is susceptible to risks that may enable an attacker to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks on the alerting process may result in property destruction, financial loss, infrastructure ...
Safety and Behavior Specification Using the Architecture Analysis and Design Language
June 12, 2014 17:00 - 20 minutes - 18.9 MBIn this podcast, Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex. The behavior annex represents the functional logic of AADL components and interacts with the other system elements. SEI researchers are currently participating in the ongoing improvements of this extension of the AADL by connecting it to other analysis tools. The error model annex augments the architecture description by specifying safety con...
Characterizing and Prioritizing Malicious Code
May 29, 2014 17:00 - 27 minutes - 12.4 MBEvery day, major anti-virus companies and research organizations are inundated with new malware samples. Although estimates vary, approximately 150,000 new malware strains are released each day. Not enough manpower exists to manually address the volume of new malware samples that arrive daily in analysts' queues. Malware analysts need an approach that allows them to sort samples in a fundamental way so they can assign priority to the most malicious binary files. In this podcast, Jose Morales...
Applying Agile in the DoD: Sixth Principle
May 29, 2014 17:00 - 15 minutes - 13.7 MBIn this episode, the sixth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense (DoD), the two researchers discuss the application of the sixth principle,The most efficient and effective method of conveying information to and within a development team is face-to-face conversation. Listen on Apple Podcasts.
Using Quality Attributes to Improve Acquisition
May 15, 2014 17:00 - 18 minutes - 16.9 MBIn the acquisition of a software-intensive system, the relationship between the software architecture and the acquisition strategy is typically not examined. Although software is increasingly important to the success of government programs, there is often little consideration given to its impact on early key program decisions. The Carnegie Mellon University Software Engineering Institute (SEI) is conducting a multi-phase research initiative aimed at answering the question: is the probability ...
Best Practices for Trust in the Wireless Emergency Alerts Service
April 29, 2014 17:00 - 21 minutes - 20.1 MBTrust is a key factor in the effectiveness of the Wireless Emergency Alerts (WEA) service. Alert originators at emergency management agencies must trust WEA to deliver alerts to the public in an accurate and timely manner. The public must also trust the WEA service before they will act on the alerts that they receive. Managing trust in WEA is a responsibility shared among many stakeholders who are engaged with WEA. In this podcast, Robert Ellison and Carol Woody discuss research aimed at deve...
Three Variations on the V Model for System and Software Testing
April 10, 2014 17:00 - 21 minutes - 19.6 MBThe importance of verification and validation (especially testing) is a major reason that the traditional waterfall development cycle underwent a minor modification to create the V model that links early development activities to their corresponding later testing activities. In this podcast, Don Firesmith introduces three variants on the V model of system or software development that make it more useful to testers, quality engineers, and other stakeholders interested in the use of testing as ...
Adapting the PSP to Incorporate Verified Design by Contract
March 27, 2014 17:00 - 17 minutes - 16.2 MBThe Personal Software Process promotes the use of careful procedures during all stages of development with the aim of increasing an individual's productivity and producing high quality final products. Formal methods use the same methodological strategy as the PSP: emphasizing care in development procedures as opposed to relying on testing and debugging. They also establish the radical requirement of proving mathematically that the programs produced satisfy their specifications. Design by Cont...
Comparing IT Risk Assessment and Analysis Methods
March 25, 2014 17:00 - 37 minutes - 17.1 MBTechnical professionals are often called on to research, recommend, implement, and execute IT risk assessment and analysis processes. These processes provide important data used by management to responsibly grow and protect the business through good decision making for mitigating, accepting, transferring, or avoiding risk. These decisions must account for IT risks caused by emerging threats to the enterprise and vulnerabilities in the people, processes and technologies required for digital bu...
AADL and Aerospace
March 13, 2014 17:00 - 14 minutes - 13.7 MBIn 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, PA. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast is the second in a series based on those interviews. Listen on Apple Podcasts.
Assuring Open Source Software
February 27, 2014 17:00 - 13 minutes - 12.5 MBThe SEI has seen increased interest and adoption of OSS products across the federal government, including the Department of Defense, the intelligence community, and the Department of Homeland Security. The catalyst for this increase has been innovators in government seeking creative solutions to rapidly field urgently needed technologies. While the rise of OSS adoption signals a new approach for government t acquirers, it is not without risks that, it is not without risks that must be acknowl...
Security Pattern Assurance through Roundtrip Engineering
February 13, 2014 17:00 - 16 minutes - 14.7 MBThe process of designing and analyzing software architectures is complex. Architectural design is a minimally constrained search through a vast multi-dimensional space of possibilities. The end result is that architects are seldom confident that they have done the job optimally, or even satisfactorily. Over the past two decades, practitioners and researchers have used architectural patterns to expedite sound software design. Architectural patterns are prepackaged chunks of design that provide...
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
February 11, 2014 17:00 - 28 minutes - 13.2 MBES-C2M2 helps improve the operational resilience of the U.S. power grid. Listen on Apple Podcasts.
Applying Agile in the DoD: Fifth Principle
January 30, 2014 17:00 - 20 minutes - 19.1 MBIn this episode, the fifth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense (DoD), the two researchers discuss the application of the fifth principle, Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done. Listen on Apple Podcasts.
Software Assurance Cases
January 16, 2014 17:00 - 19 minutes - 18.2 MBFrom the braking system in automobiles to the software that controls aircraft, safety-critical systems are ubiquitous. Showing that such systems meet their safety requirements has become a critical area of work for software and systems engineers. The SEI is addressing this issue with a significant research program into assurance cases. In this podcast, the first in a series on assurance cases and confidence, Charles Weinstock introduces the concept of assurance cases and discusses how they ca...
Raising the Bar - Mainstreaming CERT C Secure Coding Rules
January 07, 2014 17:00 - 25 minutes - 11.6 MBAn essential element of secure coding in the C programming language is a set of well-documented and enforceable coding rules. The rules specified in this Technical Specification apply to analyzers, including static analysis tools, and C language compiler vendors that wish to diagnose insecure code beyond the requirements of the language standard. All rules are meant to be enforceable by static analysis. The application of static analysis to security has been done in an ad hoc manner by differ...
AADL and Télécom Paris Tech
December 26, 2013 17:00 - 10 minutes - 9.76 MBIn 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast, with Peter Feiler and Etienne Borde of Télécom Paris Tech, is the first in a series based on these interviews. Listen on Apple Podcasts.
From Process to Performance-Based Improvement
December 12, 2013 17:00 - 23 minutes - 21.8 MBIn this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked to business value. The Checkpoint Diagnostic utilizes process models, data mapping, and quantitative analytics to provide organizations with qualitative process baselines, quantitative performance baselines, benchmark performance comparison, and a prioritized listing of improvement...
An Approach to Managing the Software Engineering Challenges of Big Data
November 27, 2013 17:00 - 20 minutes - 18.4 MBIn this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a lightweight risk reduction approach to help software engineers manage the challenges of big data. Called Lightweight Evaluation and Architecture Prototyping (for Big Data), the approach is based on principles drawn from proven architecture and technology analysis and evaluation techniques to help the Department of De...
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
November 26, 2013 17:00 - 27 minutes - 12.7 MBThe U.S. Department of Homeland Security (DHS) conducts a no-cost, voluntary Cyber Resilience Review (CRR) to evaluate and enhance cybersecurity capacities and capabilities within all 18 Critical Infrastructure and Key Resources (CIKR) Sectors, as well as State, Local, Tribal, and Territorial (SLTT) governments. The goal of the CRR is to develop an understanding of an organization’s operational resilience and ability to manage cyber risk to its critical services and assets during normal opera...
Situational Awareness Mashups
November 14, 2013 17:00 - 17 minutes - 15.9 MBIn this podcast Soumya Simanta describes research aimed at creating the Edge Mission-Oriented Tactical App Generator (eMontage), a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple remote data sources. Listen on Apple Podcasts.
Applying Agile in the DoD: Fourth Principle
October 31, 2013 17:00 - 18 minutes - 16.8 MBIn this episode, the fourth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the fourth principle, "Business people and developers must work together daily throughout the project." Listen on Apple Podcasts.
Architecting Systems of the Future
October 17, 2013 17:00 - 12 minutes - 11.7 MBIn this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively parallel computing environments. Eric and his team are creating a software library that can exploit the heterogeneous parallel computers of the future and allow developers to create systems that are more efficient at computation and power consumption. Listen on Apple Podcasts.
Acquisition Archetypes
September 26, 2013 17:00 - 18 minutes - 16.8 MBIn this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition. Acquisition archetypes are developed based on experiences with actual programs, and they use concepts from systems thinking to characterize and analyze dynamics. Listen on Apple Podcasts.
Human-in-the-Loop Autonomy
September 12, 2013 17:00 - 22 minutes - 21 MBIn this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems. In particular, his research focuses on partial autonomy with an aim of complementing human users and extending their reach and capabilities in mission- critical environments. Listen on Apple Podcasts.
Mobile Applications for Emergency Managers
August 29, 2013 17:00 - 10 minutes - 9.38 MBIn late June 2013, a team of SEI researchers attended a four-day music festival at the invitation of Adam Miller, director of the Huntingdon County, Pennsylvania, Emergency Management Agency. The festival typically draws close to 100,000 concert goers to a rural farm in Pennsylvania that lacks significant infrastructure and is accessible only by a two-lane highway. Miller is charged with ensuring the public safety, so it seemed like a good match to partner with researchers from the SEI's Adva...
Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions
August 27, 2013 17:00 - 32 minutes - 15.1 MBIn recent years, rapid evolutions have occurred in technology and its application in most market sectors, leading to the introduction of many new systems, business processes, markets, and enterprise integration approaches. How do you manage the interactions of systems and processes that are continually evolving? Just as important, how can you tell if you are doing a good job of managing these changes, as well as monitoring your progress on an ongoing basis? And how do poor processes impact in...
Applying Agile in the DoD: Third Principle
August 15, 2013 17:00 - 16 minutes - 14.9 MBIn this episode, the third in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the third principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale." Listen on Apple Podcasts.
DevOps - Transform Development and Operations for Fast, Secure Deployments
July 30, 2013 17:00 - 33 minutes - 15.4 MB"Release early, release often" to significantly improve software performance, stability, and security using a DevOps approach. Listen on Apple Podcasts.
Application Virtualization as a Strategy for Cyber Foraging
July 25, 2013 17:00 - 21 minutes - 19.7 MBModern mobile devices create new opportunities to interact with their surrounding environment, but their computational power and battery capacity is limited. Code offloading to external servers located in clouds or data centers can help overcome these limitations. However, in hostile environments it is not possible to guarantee reliable networks. Consequently, stable cloud access is not available. Cyber foraging is a technique for offloading resource-intensive tasks from mobile devices to res...
Common Testing Problems: Pitfalls to Prevent and Mitigate
July 11, 2013 17:00 - 16 minutes - 15.3 MBThe National Institute of Standards & Technology (NIST) reports that inadequate testing methods and tools annually cost the U.S. economy between $22.2 billion and $59.5 billion, with roughly half of these costs borne by software developers in the form of extra testing and half by software users in the form of failure avoidance and mitigation efforts. The same study notes that between 25 percent and 90 percent of software development budgets are often spent on testing. In this episode, SEI...
Joint Programs and Social Dilemmas
June 27, 2013 17:00 - 13 minutes - 18.3 MBIn this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be affected by their underlying structure. Listen on Apple Podcasts.
Applying Agile in the DoD: Second Principle
June 13, 2013 17:00 - 12 minutes - 11.5 MBIn this episode, the second in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the second principle, "Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage." Listen on Apple Podcasts.
Managing Disruptive Events - CERT-RMM Experience Reports
June 11, 2013 17:00 - 36 minutes - 16.7 MBFour experience reports demonstrate how the CERT Resilience Management Model can be applied to manage complex and diverse operational risks. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts.
Reliability Validation and Improvement Framework
May 23, 2013 17:00 - 13 minutes - 12.6 MBIn this episode, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework. The purpose of the framework is to facilitate early defect discovery and incremental end-to-end validation. Listen on Apple Podcasts.
The Business Case for Systems Engineering
May 09, 2013 17:00 - 25 minutes - 23.2 MBIn this podcast, Joe Elm discusses the results of a recent technical report, The Business Case for Systems Engineering, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs. The report clearly shows that projects that do more SE perform better in terms of meeting budgets, schedules, and technical requirements. The survey population consisted of projects and programs executed...
Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity
May 09, 2013 17:00 - 21 minutes - 9.8 MBA common language is essential to develop a shared understanding to better analyze malicious code. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts.
Applying Agile in the DoD: First Principle
April 18, 2013 17:00 - 18 minutes - 17 MBIn this episode, the first in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the first principle, "Our highest priority is to satisfy the customer through early and continuous delivery of valuable software." Listen on Apple Podcasts.
The Evolution of a Science Project
April 04, 2013 17:00 - 19 minutes - 18.1 MBAnalysis work by the SEI on data collected from more than 100 independent technical assessments (ITAs) of software-reliant acquisition programs has produced insights into some of the most common ways that programs encounter difficulties. In this episode, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which is based on these insights, and intends to mitigate the effects of both misaligned acquisition program organizational incentives, and adve...
Securing Mobile Devices aka BYOD
March 26, 2013 17:00 - 24 minutes - 11 MBEnsuring the security of personal mobile devices that have access to enterprise networks requires action from employers and users. Listen on Apple Podcasts.
What's New With Version 2 of the AADL Standard?
March 21, 2013 17:00 - 13 minutes - 18.6 MBIn this episode, Peter Feiler, primary author of the Architecture Analysis & Design Language (AADL) standard, discusses the latest changes to the standard, the second version of which was released in January 2009. First published in 2004 by SAE International, AADL is a modeling notation that employs both a textual and graphical representation to provide modeling concepts to describe the runtime architecture of application systems in terms of concurrent tasks, their interactions, and thei...
The State of the Practice of Cyber Intelligence
March 07, 2013 17:00 - 17 minutes - 16 MBIn 2012, representatives from the government approached the SEI Innovation Center about conducting research to assess the state of the practice of cyber intelligence. The overall intent is to expose industry to the best practices in capabilities and methodologies developed by the government, and for the government to learn from the process efficiencies and tools used in industry. In areas where both the government and industry are experiencing challenges, the SEI can leverage its expertise to...