search menu icon-carat-right cmu-wordmark

Publications

The SEI provides access to more than 5,000 documents from three decades of research on best practices in software engineering. These documents include technical reports, presentations, webinars, podcasts, blogs, and other searchable materials. You can search our database to find publications that span the SEI's history as well as current research.

SEI Digital Library

Our digital library holds over 30 years of publications that you can browse by topic, author, and publication type.

Browse Digital Library

New in Publications

Penetration Tests Are The Check Engine Light On Your Security Operations

Penetration Tests Are The Check Engine Light On Your Security Operations

January 07, 2020 • White Paper
Allen D. HouseholderDan J. Klinedinst

A penetration test serves as a lagging indicator of a network security operations problem. Organizations should implement and document several security controls before a penetration test can be useful.

read
Benchmarking Organizational Incident Management Practices

Benchmarking Organizational Incident Management Practices

December 17, 2019 • Podcast
Robin RuefleMark Zajicek

Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization.

learn more
Machine Learning in Cybersecurity: 7 Questions for Decision Makers

Machine Learning in Cybersecurity: 7 Questions for Decision Makers

December 12, 2019 • Podcast
Jonathan SpringApril GalyardtAngela Horneman

April Galyardt, Angela Horneman, and Jonathan Spring discuss key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.

learn more
Designing Trustworthy AI: A Human-Machine Teaming Framework to Guide Development

Designing Trustworthy AI: A Human-Machine Teaming Framework to Guide Development

December 10, 2019 • Conference Paper
Carol J Smith

The Human-Machine Teaming (HMT) Framework for Designing Ethical AI Experiences, when used with a set of technical ethics, will guide AI development teams to create AI systems that are accountable, de-risked, respectful, secure, honest, and usable

read
Component Mismatches Are a Critical Bottleneck to Fielding AI-Enabled Systems in the Public Sector

Component Mismatches Are a Critical Bottleneck to Fielding AI-Enabled Systems in the Public Sector

December 10, 2019 • Conference Paper
Grace LewisStephany BellomoApril Galyardt

We are investigating classes of mismatches in ML/AI systems integration, to identify the implicit assumptions made by practitioners in different fields (data scientists, software engineers, operations staff) and find ways to communicate the information.

read
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization

December 04, 2019 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder

This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).

read