Publications
The SEI provides access to more than 5,000 documents from three decades of research on best practices in software engineering. These documents include technical reports, presentations, webinars, podcasts, blogs, and other searchable materials. You can search our database to find publications that span the SEI's history as well as current research.
SEI Digital Library
Our digital library holds over 30 years of publications that you can browse by topic, author, and publication type.
New in Publications
Penetration Tests Are The Check Engine Light On Your Security Operations
January 07, 2020 • White Paper
Allen D. HouseholderDan J. Klinedinst
A penetration test serves as a lagging indicator of a network security operations problem. Organizations should implement and document several security controls before a penetration test can be useful.
read
Benchmarking Organizational Incident Management Practices
December 17, 2019 • Podcast
Robin RuefleMark Zajicek
Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization.
learn more
Machine Learning in Cybersecurity: 7 Questions for Decision Makers
December 12, 2019 • Podcast
Jonathan SpringApril GalyardtAngela Horneman
April Galyardt, Angela Horneman, and Jonathan Spring discuss key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.
learn more
Designing Trustworthy AI: A Human-Machine Teaming Framework to Guide Development
December 10, 2019 • Conference Paper
Carol J Smith
The Human-Machine Teaming (HMT) Framework for Designing Ethical AI Experiencesdes, when used with a set of technical ethics, will guide AI development teams to create AI systems that are accountable, de-risked, respectful, secure, honest, and usable
read
Component Mismatches Are a Critical Bottleneck to Fielding AI-Enabled Systems in the Public Sector
December 10, 2019 • Conference Paper
Grace LewisStephany BellomoApril Galyardt
We are investigating classes of mismatches in ML/AI systems integration, to identify the implicit assumptions made by practitioners in different fields (data scientists, software engineers, operations staff) and find ways to communicate the information.
read
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization
December 04, 2019 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder
This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read