Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
August 03, 2017

Scaling Agile Methods

 Jeffrey Smith (Microsoft)

Eileen Wrubel

 Jeffrey Smith (Microsoft)

Will Hayes

"One of the interesting things about Agile is you are planning to fail. You are planning to fail in small pieces so that you can learn from that to go forward."

"One of the interesting things about Agile is you are planning to fail. You are planning to fail in small pieces so that you can learn from that to go forward."

Categories:

July 14, 2017

Ransomware: Best Practices for Prevention and Response

 Jeffrey Smith (Microsoft)

Alexander Volynkin

 Jeffrey Smith (Microsoft)

Angela Horneman

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

Categories:

June 29, 2017

Integrating Security in DevOps

 Jeffrey Smith (Microsoft)

Hasan Yasar

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."
June 15, 2017

SEI Fellows Series: Peter Feiler

 Jeffrey Smith (Microsoft)

Peter H. Feiler

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

Categories: Software Architecture

May 25, 2017

NTP Best Practices

 Jeffrey Smith (Microsoft)

Timur D. Snoke

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."