Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
December 19, 2016

Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks

 Jeffrey Smith (Microsoft)

Rachel Kartch

"Something that people will ask me is, How can I keep somebody from attacking me? The answer is, go off the internet. If you want to prevent somebody from trying to attack you, unplug your website and go home, and do not ever check your email, and do not worry about it...I will not say this is a solved problem, but the good news is that there are a lot of tools available so that people can protect themselves at least from being completely overwhelmed or protect themselves from being completely out of business.  "

"Something that people will ask me is, How can I keep somebody from attacking me? The answer is, go off the internet. If you want to prevent somebody from trying to attack you, unplug your website and go home, and do not ever check your email, and do not worry about it...I will not say this is a solved problem, but the good news is that there are a lot of tools available so that people can protect themselves at least from being completely overwhelmed or protect themselves from being completely out of business.  "
December 08, 2016

Cyber Security Engineering for Software and Systems Assurance

 Jeffrey Smith (Microsoft)

Nancy R. Mead

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."
November 30, 2016

Moving Target Defense

 Jeffrey Smith (Microsoft)

Andrew O. Mellinger

"Imagine a brick wall, a strong door, a gate or something like that. All those defenses, what they evoke is this kind of big monolithic, static set of walls, OK? Within enterprise networks, what we find is that that gives a lot of opportunity to our attackers to understand what we do."

"Imagine a brick wall, a strong door, a gate or something like that. All those defenses, what they evoke is this kind of big monolithic, static set of walls, OK? Within enterprise networks, what we find is that that gives a lot of opportunity to our attackers to understand what we do."
November 10, 2016

Improving Cybersecurity Through Cyber Intelligence

 Jeffrey Smith (Microsoft)

Jared Ettinger

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."
October 27, 2016

A Requirement Specification Language for AADL

 Jeffrey Smith (Microsoft)

Peter H. Feiler

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

Categories: Software Architecture