Cybersecurity Engineering
Subscribe to this tagBlog Posts
How to Align Security Requirements and Controls to Express System Threats
This blog post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning.
Read More•By Elias Miller, Matthew Sisk
In Cybersecurity Engineering
Enhancing Security with Cloud Flow Logs
The SEI has a history of support for flow log analysis, including its 2025 releases (for Azure or AWS) of open-source scripts to facilitate cloud flow log analysis. This blog …
Read More•By Timothy J. Shimeall
In Cybersecurity Engineering
Stop Imagining Threats, Start Mitigating Them: A Practical Guide to Threat Modeling
When building a software-intensive system, a key part in creating a secure and robust solution is to develop a cyber threat model.
Read More•By Alex Vesey
In Cybersecurity Engineering
Cyber-Informed Machine Learning
This blog post proposes cyber-informed machine learning as a conceptual framework for emphasizing three types of explainability when ML is used for cybersecurity.
Read More•By Jeffrey Mellon, Clarence Worrell
In Cybersecurity Engineering
13 Cybersecurity Predictions for 2025
It’s that time of year when we reflect on the past year and eagerly look forward. This post presents 13 cyber predictions for 2025.
Read More•By Greg Touhill
In Cybersecurity Engineering
An Introduction to Hardening Docker Images
Through our work, we have seen stakeholders encountering difficulty with hardening open source container images for vulnerability mitigation.
Read More•By Maxwell Trdina, Sasank Vishnubhatla
In Cybersecurity Engineering
A Framework for Detection in an Era of Rising Deepfakes
This blog post details the evolving deepfake landscape and introduces a framework for detection.
Read More•By Matthew Walsh
In Cybersecurity Engineering
Evaluating Static Analysis Alerts with LLMs
LLMs show promising initial results in adjudicating static analysis alerts, offering possibilities for better vulnerability detection. This post discusses initial experiments using GPT-4 to evaluate static analysis alerts.
Read More•By William Klieber, Lori Flynn
In Cybersecurity Engineering
3 API Security Risks and Recommendations for Mitigation
This blog post presents three top API security risks along with recommendations for mitigating them.
Read More•By McKinley Sconiers-Hasan
In Cybersecurity Engineering
Redemption: A Prototype for Automated Repair of Static Analysis Alerts
This post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.
Read More•By David Svoboda
In Cybersecurity Engineering
