Key Publications and Conference Presentations

Articles

Capell, Peter S.; Nolan, Crisanne; & Shevchenko, Natasha. Achieving Balance: Agile, MBSE, and Architecture Up Front. CrossTalk: The Journal of Defense Software Engineering. May 2025. https://afscsoftware.dso.mil/crossTalkIssues/StrategizingwithAgilityCover_June_2025.pdf

Dooley, Kevin. Go with the Flow: Value Stream Mapping to Reduce Organizational Friction. CrossTalk: The Journal of Defense Software Engineering. May 2025. https://afscsoftware.dso.mil/crossTalkIssues/StrategizingwithAgilityCover_June_2025.pdf

Gates, Linda Parker. Agile Strategy: Onward and Upward. CrossTalk: The Journal of Defense Software Engineering. May 2025. https://afscsoftware.dso.mil/crossTalkIssues/StrategizingwithAgilityCover_June_2025.pdf

Mead, Nancy R.; Woody, Carol S.; & Hissam, Scott. Open Source Software: The Ultimate in Reuse or a Risk Not Worth Taking? Computer. Volume 58, Issue 2. February 2025. https://doi.org/10.1109/MC.2024.3423908

Novak, Justin M.; Hueca, Angel L.; Perl, Samuel J.; & Rodman, Christopher I. The Ontology for SOC Creation Assistance and Replication. The Online Journal of Applied Knowledge Management. Volume 13, Issue 1. June 2025. https://doi.org/10.36965/OJAKM.2025.13(1)13-34

Ruef, Daniel. Tailoring Cybersecurity Big Data Systems to Gain Effectiveness and Efficiency. CrossTalk: The Journal of Defense Software Engineering. November 2024. https://afscsoftware.dso.mil/crossTalkIssues/Big_Data_Nov_2024.pdf

Ruef, Daniel; Okafo, Ikem; Heckathorn, Matthew; Benoit, Thomas; & Shimeall, Tim. Keeping up with Cloud Security Using Available Telemetry. CrossTalk: The Journal of Defense Software Engineering. February 2025. https://afscsoftware.dso.mil/crossTalkIssues/Keeping_Up_With_the_Cloud_Feb_2025.pdf

Smith, Justin. Modernizing Independant Verification and Validation for Agile Development. CrossTalk: The Journal of Defense Software Engineering. August 2025. https://afscsoftware.dso.mil/crossTalkIssues/Future_Technology_Aug_2025.pdf

Wilson, Stephen & Grzenia, Stephanie. Risky Business: A Comprehensive Agile Approach to Risk Management. CrossTalk: The Journal of Defense Software Engineering. May 2025. https://afscsoftware.dso.mil/crossTalkIssues/StrategizingwithAgilityCover_June_2025.pdf

Woody, Carol S. Addressing Today's Software Risks Requires an Assurance-Educated Workforce. Journal of Systemics, Cybernetics and Informatics. Volume 22, Number 5. 2024. https://doi.org/10.54808/JSCI.22.05.62

Woody, Carol S. An Assurance Educated Workforce Is Critical to Addressing Software and Supply Chain Acquisition Lifecycle Risks. Proceedings of the Twenty-Second Annual Acquisition Research Symposium and Innovation Summit. Volume 3. May 2025. https://dair.nps.edu/bitstream/123456789/5432/1/SYM-AM-25-421.pdf

Conference Papers

Avgeriou, Paris; Ozkaya, Ipek; Koziolek, Heiko; Codabux, Zadia; & Ernst, Neil. Reframing Technical Debt (Dagstuhl Perspectives Workshop 24452). In Dagstuhl Reports. Volume 14, Issue 11. 2025. https://doi.org/10.4230/DagRep.14.11.16

Cho, JeiHee; Lee, Junyong; Justice, Daniel; & Kim, Shiho. Enhancing Circuit Trainability with Selective Gate Activation Strategy. In First International Workshop on Quantum Computing and Artificial Intelligence (QC+AI 2025). March 2025.

Clausner, Brent. Enhancing Validation Through Attestations. In Proceedings of the 42nd Annual Pacific Northwest Software Quality Conference. October 2024. https://pub-5e725122191f422092d6fb4c68bc26b3.r2.dev/archives/pnsqc2024.pdf

Dempsey, Colin & Hugues, Jérôme. Synergizing the Software Acquisition Pathway (SWP) with the Unified Architecture Framework (UAF) for Operationalization. In Proceedings of the Twenty-Second Annual Acquisition Research Symposium and Innovation Summit. Volume 2. May 2025. https://dair.nps.edu/handle/123456789/5362

Greenhouse, Aaron; Seibel, Joseph; & Hugues, Jérôme. Modeling Digital Threads as Executable Workflows Using SysMLv2. In 2025 IEEE International systems Conference (SysCon). May 2025. https://doi.org/10.1109/SysCon64521.2025.11014815

Grimes, Keltin; Christiani, Marco; Shriver, David; & Connor, Marissa. Concept-ROT: Poisoning Concepts in Large Language Models with Model Editing. In 13th International Conference on Learning Representations. September 2025. https://doi.org/10.48550/arXiv.2412.13341

Hansen, Jeffery; Echeverría, Sebastián; Pons, Lena E.; Zhan, Lihan; Moreno, Gabriel A.; & Lewis, Grace A. Using Drift Planning to Improve Safety of Visual Navigation in Unmanned Aerial Vehicles. In 2025 IEEE/ACM International Workshop on Responsible AI Engineering (RAIE). June 2025. https://doi.org/10.1109/RAIE66699.2025.00007

Hugues, Jérôme; Yeman, Robin; & Dempsey, Colin. A Principled Approach to Elicit Digital Thread Specification from User Stories. In American Institute of Aeronautics and Astronautics (AIAA) SciTech 2025 Forum. January 2025. https://arc.aiaa.org/doi/10.2514/6.2025-1093

Ivers, J.; Ghammam, A.; Gaaloul, K.; Ozkaya, I.; Kessentini, M.; & Aljedaani, W. Mind the Gap: The Disconnect Between Refactoring Criteria Used in Industry and Refactoring Recommendation Tools. In Proceedings of the 2024 IEEE International Conference on Software Maintenance and Evolution (ICSME). December 2024. https://doi.org/10.1109/ICSME58944.2024.00023

Rivera, Jael; Booz, Jarrett; & Hammerstein, Josh. Sabermetrics for Cyber: Collecting and Analyzing User Activity Data from Ephemeral Exercises. In Proceedings of the 24th European Conference on Cyber Warfare and Security, ECCWS 2025. Volume 24, Number 1. June 2025. https://doi.org/10.34190/eccws.24.1.3354

Schulker, David; Wang, Jishen; Mellon, Jeffrey L.; & Garrett, Robert Charles. Behavior-based Confidence Scoring to Support Access Management in Zero Trust Systems. In 35th Annual INCOSE International Symposium. October 2025. https://doi.org/10.1002/iis2.70076

Tileston, David F.; Welle, Adam; Pacheco-Casanova, Nuria; Kaar, Matt; Meyer, Toby J.; & Luz, Rick. Developing Cloud-Based Cyber Capacity Building Platforms. In Proceedings of the 24th European Conference on Cyber Warfare and Security. Volume 24, Number 1. June 2025. https://doi.org/10.34190/eccws.24.1.3632

Whisnant, Austin. Dangers of AI for Insider Risk Evaluation (DARE). In Insider Risk Management Symposium 2025. June 2025. https://doi.org/10.1184/R1/27325569

Yang, Yuwei; Grandel, Skyler; Lacomis, Jeremy; Schwartz, Edward; Vasilescu, Bogdan; Le Goues, Claire; & Leach, Kevin. A Human Study of Automatically Generated Decompiler Annotations. In 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). July 2025. https://doi.org/10.1109/DSN64029.2025.00026

Conference Presentations

Chick, Timothy A. Using MBSE to Qualitatively Define your DevSecOps Capability Maturity. Model-Based Systems Engineering (MBSE) in Practice 2025. August 2025. https://www.sei.cmu.edu/library/model-based-systems-engineering-mbse-in-practice-2025/

Cohn, Alan. 2024 IVO Summit Presentation: Identifying and Documenting Nuclear Critical Software. 2024 Independent Verification Organization (IVO) Summit. December 2024.

Connell, Anne M. & Cooper, Lauren Adele. Best Practices for Data Privacy Breach Response: Lessons Learned from Social Media Case Studies. 37th Annual FIRST Conference. June 2025. https://www.first.org/conference/2025/program#pBest-Practices-for-Data-Privacy-Breach-Response-Lessons-Learned-from-Social-Media-Case-Studies

Deffenbaugh, Grant & Kameneni, S. Cyber Resilience Strategies Throughout the System Development Lifecycle. 2025 IEEE International Conference on Cyber Security and Resilience (CSR). August 2025. https://ieeexplore.ieee.org/document/11129978

Flynn, Lori & Klieber, Will. Using LLMs to Adjudicate Static-Analysis Results. Hawaii International Conference on System Sciences (HICSS). January 2025. https://scholarspace.manoa.hawaii.edu/items/42b220fa-17f8-4cfe-9f2b-ba4553e21bc3

Flynn, Lori. Detection of Malicious Code: Taint Flow Analysis for Weapons Systems Software. DoD Weapon Systems Software Summit. December 2024. https://www.cvent.com/c/abstracts/0d3aa8b8-11ff-46d9-a1f0-3ae0dc5477ce

Gomez, Alejandro & Vesey, Alex. On the Design, Development, and Testing of Modern APIs. 27th Annual National Defense Industrial Association (NDIA) Systems & Mission Engineering (S&ME) Conference. October 2024. https://www.sei.cmu.edu/library/on-the-design-development-and-testing-of-modern-apis/

Hansen, J.; Echeverría, S.; Pons, L.; Zhan, L.; Moreno, G.A.; & Lewis, G.A. Using Drift Planning to Improve Safety of Visual Navigation in Unmanned Aerial Vehicles. 2025 IEEE/ACM International Workshop on Responsible AI Engineering (RAIE). April 2025. https://doi.org/10.1109/RAIE66699.2025.00007

Hansen, Jeffery; Pons, Lena E.; Zhan, Lihan; & Echeverría, Sebastián. Flexible and Extensible Drift Monitoring in ML Systems. Ground Systems Architectures Workshop 2025. February 2025. https://gsaw.org/wp-content/uploads/2025/10/2025-S10-2-Flexible-and-Extensible-Drift-Monitoring-in-Machine-Learning-Systems.pdf

Hansen, Jeffery; Pons, Lena E.; Zhan, Lihan; & Echeverría, Sebastián. Flexible and Extensible Drift Monitoring in ML Systems. Naval Applications of Machine Learning (NAML) Workshop 2025. February 2025.

Herr, Christopher & Kaar, Matt. Continuous Cybersecurity Instruction: Empowering Students to Build Hands-on Labs. 2025 NICE Conference and Expo. June 2025. https://niceconference.org/wp-content/uploads/2025/07/Continuous-Cybersecurity-Instruction-Empowering-Students-to-Build-Hands-on-Labs-.pdf

Hughes, Lyndsi. Prioritizing and Testing Non-Functional Requirements: A Practical Guide. Secure Software by Design 2025. August 2025. https://www.sei.cmu.edu/library/prioritizing-and-testing-non-functional-requirements-a-practical-guide/

Hugues, Jérôme & Hayes, William S. MBSynergy: A Scenario-Based Approach for Improving MBSE. Model-Based Systems Engineering (MBSE) in Practice 2025. August 2025. https://www.sei.cmu.edu/library/mbsynergy-scenario-based-approach-improving-mbse/

Hugues, Jérôme & Yeman, Robin. Five Challenges and an Approach for Synergistic Model-Based Systems Engineering and Digital Engineering. 27th Annual National Defense Industrial Association (NDIA) Systems & Mission Engineering (S&ME) Conference. October 2024.

Ivers, James; Pons, Lena E.; & Sinclair, Scott. Effective Use of Code Scanning Tools in DevSecOps. DoD Weapons Systems Software Summit. December 2024. https://www.cvent.com/c/abstracts/0d3aa8b8-11ff-46d9-a1f0-3ae0dc5477ce

Metcalf, Leigh & Sarvepalli, Vijay S. Forecasting Cybersecurity Data: Making Sense of the Senseless. 37th Annual FIRST Conference. June 2025. https://www.first.org/conference/2025/program#pForecasting-Cybersecurity-Data-Making-Sense-of-the-Senseless

Mudd, Sharon. Building a Risk Management Mindset. 28th Colloquium for Information Systems Security Education. November 2024. https://cisse.info/e/archives/54-28th-colloquium/55-2024-presentations/486-umcc-presentation

Mudd, Sharon. Elements of Effective Communications. FIRST Regional Symposium Latin America & Caribbean. October 2024. https://www.first.org/events/symposium/asuncion2024/program#pElements-of-Effective-Communications

Novak, Justin. The Ontology for SOC Creation Assistance and Replication (OSCAR): A Community-Derived Tool for Developing SOC Capabilities. 37th Annual FIRST Conference. June 2025. https://www.first.org/conference/2025/program#pThe-Ontology-for-SOC-Creation-Assistance-and-Replication-OSCAR-A-Community-Derived-Tool-for-Developing-SOC-Capabilities

Ozkaya, Ipek; Ivers, James; Kostial, Mena; Edman, Robert; & Dey, Tapajit. Shift Left with Generative AI: Automating Library Replacement. Ground System Architecture Workshop (GSAW) 2025. February 2025. https://gsaw.org/wp-content/uploads/2025/10/2025-S12-3-Shift-Left-with-Generative-AI-Automating-Library-Replacement.pdf

Robert, John E.; Karl, Ryan; Zhang, Shen; & Hindka, Yash. Accelerating Verification and Software Standards Testing (AVASST) with Large Language Models (LLMs). 58th Hawaii International Conference on System Sciences. January 2025. https://scholarspace.manoa.hawaii.edu/items/391ecf91-711a-494c-b75a-4e46fa7acee6

Robinson, Katie. Human-Machine Teaming Considerations Necessary to Develop Trustworthy, Mission Ready Large Language Models. Naval Applications of Machine Learning (NAML) Workshop 2025. February 2025.

Rossell, David. CMMC: An Assessment and Compliance How-to for Businesses. ISC2 Secure DC. June 2025.

Scanlon, Cassandra & Scanlon, Thomas P. Deepfakes Are an Emerging Cyber Risk. Can the Law Help You? ISC2 Security Congress. October 2024.

Schellenberg, Andrew; Newman, Emily; Loughlin, Charles; & Brooks, Tyler. Conduct Governance Assurance - An Architecture Implementation for High-Risk Autonomous Systems. Engineering Reliable Autonomous Systems 2025. May 2025.

Schubert, Marika E.; Langerman, David; Gretok, Evan W.; Peitzsch, Ian; Gealy, Calvin B.; Boothe, Jefferson; George, Alan D. Benchmarking Deep Learning with Representative ONNX Subgraphs. 2025 IEEE High Performance Extreme Computing Conference (HPEC). September 2025. https://doi.org/10.1109/HPEC67600.2025.11196650

Schulker, David; Svoboda, David; Mathew, Emil; Glenn, Jamie; Sherman, Mark S.; & Schiela, Robert B. The Role of LLMs (Generative AI) in Building Secure Software. Secure Software by Design 2025. August 2025. https://www.sei.cmu.edu/library/secure-software-by-design-2025-presentations/

Schumock, Grant. Detecting Drift in DNS Exfiltration Attacks. 93rd Military Operations Research Society (MORS) Symposium. June 2025.

Sherman, Mark S. Value of Using Large Language Models in Building Software for Systems. 35th Annual International Council on Systems Engineering (INCOSE) International Symposium. July 2025.

Sherman, Mark S. Using LLMs to Evaluate Security of Software. 2025 GenAI for Government: Harnessing LLMs Workshop. July 2025.

Sherman, Mark S. Using Large Language Models for Generating and Securing Code. AI Manufacturing & SCADA Technology Conference. August 2025.

Shevchenko, Greg. Preliminary Architectural Analysis. Model-Based Systems Engineering (MBSE) in Practice 2025. August 2025. https://www.sei.cmu.edu/library/preliminary-architectural-analysis/

Shevchenko, Greg. Modeling Security Policies. Secure Software by Design 2025. August 2025. https://www.sei.cmu.edu/library/secure-software-by-design-2025-presentations/

Smith, Justin. Independent Verification & Validation for Agile Projects. DoD Weapon Systems Software Summit. December 2024. https://www.cvent.com/c/abstracts/0d3aa8b8-11ff-46d9-a1f0-3ae0dc5477ce

Svoboda, David & Flynn, Lori. Static Analysis-Targeted Automated Repair to Secure Code and Reduce Effort. National Defense Industrial Association (NDIA) 27th Annual Systems and Mission Engineering Conference. October 2024.

Svoboda, David. Integrating Automated Repair into the CERT Coding Standards. Secure Software by Design 2025. August 2025. https://www.sei.cmu.edu/library/secure-software-by-design-2025-presentations/

Updyke, Dustin. Building Cloudless, Explainable LLM Applications for Secure Government Operations. 2025 GenAI for Government: Harnessing LLMs Workshop. July 2025.

Vesey, Alex. Proactive Architectural Analysis of Cybersecurity Threats. Model-Based Systems Engineering (MBSE) in Practice 2025. August 2025. https://www.sei.cmu.edu/library/model-based-systems-engineering-mbse-in-practice-2025/

Vesey, Alex. Proactive Architectural Analysis of Cybersecurity Threats. Secure Software by Design 2025. August 2025. https://www.sei.cmu.edu/library/secure-software-by-design-2025-presentations/

Wohlbier, John G.; Quartiano, Ralph; & McMillan, Scott. Co-Design for Edge AI: Modulation Recognition. Government Microcircuit Applications & Critical Technology Conference (COMACTech) 2025. March 2025.

Woody, Carol S. Can Digital Engineering Keep Up with Next-Generation Threats? National Defense Industrial Association (NDIA) Cyber-Physical Systems Security. May 2025.

Worrell, Clarence & Hoge, Lauren. Cybersecurity of Logistics Decisions Systems Presentation. 93rd Military Operations Research Society (MORS) Symposium. June 2025.

Keynotes

Ozkaya, Ipek. Resilience of Software Enabled Systems. American Institute of Aeronautics and Astronautics (AIAA) SciTech Forum 360. January 2025. https://www.youtube.com/watch?v=V_pEjgoqS6o

Ozkaya, Ipek. Application of LLMs in Software Engineering: Overblown Hype or Disruptive Change? MetLife 6th Global AppSec Day. October 2024.

Rodman, Christopher Ian. The Ontology for SOC Creation Assistance and Replication (OSCAR): A Community-Derived Tool for Developing SOC Capabilities. 3rd annual Pittsburgh Cybersecurity Summit. June 2025.

Technical Reports

Greenhouse, Aaron; Hugues, Jérôme; Procter, Sam; Wrage, Lutz; & Seibel, Joseph. A Semantics of AADL EMV2 and Its Application to Model-Based Fault Tree Generation. Software Engineering Institute, Carnegie Mellon University. September 2025. https://doi.org/10.1184/R1/24653841

Hayes, William S.; Hugues, Jérôme; Capell, Peter S.; & Shevchenko, Natasha. Report on the First MBSynergy Workshop. Software Engineering Institute, Carnegie Mellon University. July 2025. https://doi.org/10.1184/R1/28401374

Nichols, Bill; Novak, Bill; Clausner, Brent; O'Hearn, Brigid Petrie; Miller, Christopher L.; Wrubel, Eileen; Yankel, Joseph; Ludwick, Melissa; & Brown, Nanette. The State of DevSecOps. U.S. Department of Defense. March 2025. https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsStateOf.pdf

Sinha, Anusha; Lucassen, James; Grimes, Keltin; Feffer, Michael Anthony; Soto, Ellie; Heidari, Hoda; & VanHoudnos, Nathan M. What Can Generative AI Red-Teaming Learn from Cyber Red-Teaming? Software Engineering Institute, Carnegie Mellon University. July 2025. https://doi.org/10.1184/R1/29410136

Svoboda, David; Flynn, Lori; Klieber, Will; Duggan, Michael Welsh; Reimer, Nicholas H.; & Sible, Joseph Christopher. Automated Code Repair for C/C++ Static Analysis. Software Engineering Institute, Carnegie Mellon University. September 2025. https://doi.org/10.1184/R1/29905805

Svoboda, David; Flynn, Lori; Klieber, Will; Martins, Ruben; Vishnubhatla, Sasank Venkata; & Reimer, Nicholas. Design of Enhanced Pointer Ownership Model for C. Software Engineering Institute, Carnegie Mellon University. September 2025. https://doi.org/10.1184/R1/29971765

Updyke, Dustin; Podnar, Tom; Yarger, John W.; & Huff, Sean. Self-Assessment in Training and Exercise. Software Engineering Institute, Carnegie Mellon University. October 2024. https://doi.org/10.1184/R1/26060911