Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series

Selected Category: Vulnerability Analysis

August 25, 2016

Security and the Internet of Things

 Jeffrey Smith (Microsoft)

Art Manion

"The car is a safety-critical system, right? You need the brakes to work, the throttle, the steering, and all these things. What we are doing now is connecting the car to the Internet in a variety of ways."

"The car is a safety-critical system, right? You need the brakes to work, the throttle, the steering, and all these things. What we are doing now is connecting the car to the Internet in a variety of ways."
May 12, 2016

Threat Modeling and the Internet of Things

 Jeffrey Smith (Microsoft)

Art Manion

 Jeffrey Smith (Microsoft)

Allen D. Householder

"The manufacturers making these things might have been a business for 50 or 60 years. They are great at making cars or refrigerators or light bulbs. They have now, in some cases, literally bolted on a small embedded computer with a number of network connections."

"The manufacturers making these things might have been a business for 50 or 60 years. They are great at making cars or refrigerators or light bulbs. They have now, in some cases, literally bolted on a small embedded computer with a number of network connections."
February 04, 2016

Identifying the Architectural Roots of Vulnerabilities

 Jeffrey Smith (Microsoft)

Rick Kazman

 Jeffrey Smith (Microsoft)

Carol Woody

"The greater number of architectural flaws a file is implicated in, the greater number of security bugs it experiences. Design flaws don’t care. They are going to make everything worse."

"The greater number of architectural flaws a file is implicated in, the greater number of security bugs it experiences. Design flaws don’t care. They are going to make everything worse."
May 28, 2015

Defect Prioritization With the Risk Priority Number

 Jeffrey Smith (Microsoft)

Will Hayes

 Jeffrey Smith (Microsoft)

Julie B. Cohen

"A defect that exists on my path is not really a high priority for you, but it is everything to me because it blocks my ability to use the system."

"A defect that exists on my path is not really a high priority for you, but it is everything to me because it blocks my ability to use the system."
April 09, 2015

Data Driven Software Assurance

 Jeffrey Smith (Microsoft)

Michael D. Konrad

 Jeffrey Smith (Microsoft)

Art Manion

"If you are building software that is going to exchange messages on the internet or be part of a web service or something, there are a handful of attacks you can very well predict. They are going on all the time in the background.  "

"If you are building software that is going to exchange messages on the internet or be part of a web service or something, there are a handful of attacks you can very well predict. They are going on all the time in the background.  "