ICYMI: The SEI's CERT Division released a vulnerability note: Various #GPT services are vulnerable to #Inception jailbreak, allows for bypass of safety guardrails ➡️ kb.cert.org/vuls/id/667211…

Through discussions with various DoD mission partners around enabling their workforces to implement #AI solutions, the SEI AI Workforce Development team has created 10 recommendations that organizations need to know about AI workforce development: insights.sei.cmu.edu/blog/10-things…

Bringing a codebase into compliance with SEI CERT Coding Standards requires a cost of time and effort, but planned updates to the SEI CERT C Coding Standard aim to simplify source code security auditing. This podcast discusses proposed changes ➡️ youtu.be/7X64me50D00?si…

How good are LLMs really at analyzing code and offering fixes when code is insecure? “These things are getting better … but it still has a way to go,” said Software Engineering Institute's Mark Sherman at an RSAConference session. #RSAC #AI #cybersecurity #infosec bit.ly/44AecrF

The SEI's CERT Division has released a new vulnerability note ➡️ Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default (CVE-2025-3927) kb.cert.org/vuls/id/360686…

The SEI has released its 2024 Year in Review, which highlights some of the institute’s most impactful national defense work: #machinelearning in artillery fire missions, #DevSecOps practices in the DoD, fuel savings in the Air Force, and much more - insights.sei.cmu.edu/news/2024-year…

An SEI study, released by the @DoD_CIO, baselines the state of DoD DevSecOps, highlights successes, and offers insights for how the DoD can implement its successes at scale – insights.sei.cmu.edu/news/sei-study…

When building a #software-intensive system, a key part in creating a secure and robust solution is to develop a #cyber #threatmodel - insights.sei.cmu.edu/blog/stop-imag…

The SEI is making public 180+ software bills of materials (SBOMs) submitted to the SEI’s 2024 #SBOM Harmonization Plugfest. The Plugfest investigated divergence in SBOMs for the same software. Want to learn more? Check out the Plugfest SBOM repository - github.com/cmu-sei/sbom-p…

Managing and maintaining deployments of complex #software present engineers with a multitude of challenges: security #vulnerabilities, outdated dependencies, and unpredictable and asynchronous vendor release cadences - insights.sei.cmu.edu/blog/a-5-stage…

Machine learning models developed in isolation from their intended software system can fail in production. The SEI’s recent #MachineLearning Test and Evaluation (MLTE) version 2.0.0 process and tool helps ensure ML models are production ready - insights.sei.cmu.edu/news/updated-m…

Registration and a call for presentations are open for Model-Based Systems Engineering in Practice 2025. The on-site event will feature #MBSE panels and presentations on August 21 at the Cooperative Plaza Conference Center in Arlington, Virginia - insights.sei.cmu.edu/news/model-bas…

In our latest post SEI director Paul Nielsen outlines ongoing and future efforts to provide support for continuous, resilient, and timely deployment of capability for the warfighter - insights.sei.cmu.edu/blog/deliverin…

Our latest podcast presents a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment - youtube.com/watch?v=F1lcK1…

Our latest podcast presents a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment - youtube.com/watch?v=F1lcK1…

Our latest post, Out of Distribution Detection: Knowing When #AI Doesn't Know - insights.sei.cmu.edu/blog/out-of-di…

Secure Software by Design, Aug. 19-20 in Arlington, Va., will host workshops on security in the software lifecycle: Data Science for Cybersecurity, Secure Coding, Zero Trust/#DevSecOps/APIs, #MBSE in Cybersecurity, and Open Source Software Transparency – insights.sei.cmu.edu/news/secure-so…

A New #CERT #Vulnerability Note: A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable - kb.cert.org/vuls/id/806555

Can you really #hack a radio signal? Recent reports indicate the DoD is susceptible to radio frequency (RF) attacks. Our latest post discusses RF tools and ways malicious actors can attack systems - insights.sei.cmu.edu/blog/radio-fre…

Gregory Touhill, director of the SEI’s CERT Division, is nominated in the Cybersecurity Visionary category of the #CyberScoop50 Awards 2025. Voting is open to all through July 25.