Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
June 29, 2017

Integrating Security in DevOps

 Jeffrey Smith (Microsoft)

Hasan Yasar

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."
June 15, 2017

SEI Fellows Series: Peter Feiler

 Jeffrey Smith (Microsoft)

Peter H. Feiler

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

Categories: Software Architecture

May 25, 2017

NTP Best Practices

 Jeffrey Smith (Microsoft)

Timur D. Snoke

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."
May 18, 2017

Establishing Trust in Disconnected Environments

 Jeffrey Smith (Microsoft)

Grace Lewis

"One of the key features of the tactical cloudlets, like I said, is that they are discoverable. So a mobile device in the field is going to say, Are there any cloudlets around me? From a mobile-device perspective, I want to make sure that cloudlet is a friendly one. Is it a good cloudlet, right? And the other way around is also true. If I am a cloudlet and the mobile device says, I would like to connect to you, I need to know it is a good one."

"One of the key features of the tactical cloudlets, like I said, is that they are discoverable. So a mobile device in the field is going to say, Are there any cloudlets around me? From a mobile-device perspective, I want to make sure that cloudlet is a friendly one. Is it a good cloudlet, right? And the other way around is also true. If I am a cloudlet and the mobile device says, I would like to connect to you, I need to know it is a good one."

Categories:

April 20, 2017

Distributed Artificial Intelligence in Space

 Jeffrey Smith (Microsoft)

James Edmondson

"We are looking at a first prototype in low Earth orbit of about six tiles collaborating, sharing information."

"We are looking at a first prototype in low Earth orbit of about six tiles collaborating, sharing information."