Software Engineering Institute

What Could Possibly Go Wrong? Safety Analysis for AI Systems

SEI researchers discuss their work on System Theoretic Process Analysis, or STPA, a hazard-analysis technique uniquely suitable for dealing with AI complexity when assuring AI systems.
sei.cmu

From Hype to Adoption: Guiding Organizations in Their AI Journey

This newsletter compiles the latest SEI releases and news about guiding organizations on their AI journeys, presentations from the Secure Software by Design 2025 event, a model-based approach for ...
sei.cmu

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Fricke, J., and Hoover, A., 2018: Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection. Carnegie Mellon University, Software Engineering ...
sei.cmu

Four Types of Shift Left Testing

Firesmith, D., 2015: Four Types of Shift Left Testing. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13, 2025, https ...
sei.cmu

SEI Software Architecture Professional Certificate

Software architecture is the primary carrier of system qualities, such as performance, modifiability, and security. Architecture helps ensure that a design approach will yield an acceptable system and ...
sei.cmu

Differences Between ASLR on Windows and Linux

Dormann, W., 2014: Differences Between ASLR on Windows and Linux. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13 ...
sei.cmu

An Introduction to the Mission Thread Workshop

Gagliardi, M., 2015: An Introduction to the Mission Thread Workshop. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November ...
sei.cmu

Applying Large Language Models to DoD Software Acquisition: An Initial Experiment

Schmidt, D., and Robert, J., 2024: Applying Large Language Models to DoD Software Acquisition: An Initial Experiment. Carnegie Mellon University, Software Engineering ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

A Hitchhiker’s Guide to ML Training Infrastructure

Palat, J., 2022: A Hitchhiker’s Guide to ML Training Infrastructure. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November ...
sei.cmu

2000 CERT Advisories

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes. This report details the description, impact, ...
sei.cmu

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Dormann, W., 2016: Windows 10 Cannot Protect Insecure Applications Like EMET Can. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...