A podcast that explores street musicians and their music, all recorded in the field. The name is a tip of the hat to the majority of instruments I find being played in the streets. They often rely on metal strings, or wind to play.
…
continue reading
Rust And Wind Podcasts
1
Software Engineering Institute (SEI) Podcast Series
Members of Technical Staff at the Software Engineering Institute
45
418
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
…
continue reading
1
API Security: An Emerging Concern in Zero Trust Implementations
17:41
17:41
Play later
Play later
Lists
Like
Liked
17:41
Application programing interfaces, more commonly known as APIs, are the engines behind the majority of internet traffic. The pervasive and public nature of APIs have increased the attack surface of the systems and applications they are used in. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconie…
…
continue reading
1
Delivering Next-Generation AI Capabilities
30:18
30:18
Play later
Play later
Lists
Like
Liked
30:18
Artificial intelligence (AI) is a transformational technology, but it has limitations in challenging operational settings. Researchers in the AI Division of the Carnegie Mellon University Software Engineering Institute (SEI) work to deliver reliable and secure AI capabilities to warfighters in mission-critical environments. In our latest podcast, M…
…
continue reading
1
The Benefits of Rust Adoption for Mission-and-Safety-Critical Systems
19:38
19:38
Play later
Play later
Lists
Like
Liked
19:38
A recent Google survey found that many developers felt comfortable using the Rust programming language in two months or less. Yet barriers to Rust adoption remain, particularly in safety-critical systems, where features such as memory and processing power are in short supply and compliance with regulations is mandatory. In our latest podcast from t…
…
continue reading
1
Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems
35:02
35:02
Play later
Play later
Lists
Like
Liked
35:02
In response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Ale…
…
continue reading
1
Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds
25:10
25:10
Play later
Play later
Lists
Like
Liked
25:10
Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such …
…
continue reading
1
Mitigating Cyber Risk with Secure by Design
32:29
32:29
Play later
Play later
Lists
Like
Liked
32:29
Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of t…
…
continue reading
1
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense
21:25
21:25
Play later
Play later
Lists
Like
Liked
21:25
A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineer…
…
continue reading
1
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space
44:26
44:26
Play later
Play later
Lists
Like
Liked
44:26
Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SE…
…
continue reading
Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit d…
…
continue reading
1
The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition
21:40
21:40
Play later
Play later
Lists
Like
Liked
21:40
A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cyberse…
…
continue reading
1
Updating Risk Assessment in the CERT Secure Coding Standard
26:04
26:04
Play later
Play later
Lists
Like
Liked
26:04
Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C …
…
continue reading
1
Delivering Next Generation Cyber Capabilities to the DoD Warfighter
27:16
27:16
Play later
Play later
Lists
Like
Liked
27:16
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in …
…
continue reading
1
Getting the Most Out of Your Insider Risk Data with IIDES
39:14
39:14
Play later
Play later
Lists
Like
Liked
39:14
Insider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insid…
…
continue reading
1
Grace Lewis Outlines Vision for IEEE Computer Society Presidency
18:14
18:14
Play later
Play later
Lists
Like
Liked
18:14
Grace Lewis, a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In…
…
continue reading
1
Improving Machine Learning Test and Evaluation with MLTE
29:06
29:06
Play later
Play later
Lists
Like
Liked
29:06
Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for…
…
continue reading
1
DOD Software Modernization: SEI Impact and Innovation
27:12
27:12
Play later
Play later
Lists
Like
Liked
27:12
As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on sof…
…
continue reading
1
Securing Docker Containers: Techniques, Challenges, and Tools
39:09
39:09
Play later
Play later
Lists
Like
Liked
39:09
Containerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasa…
…
continue reading
1
An Introduction to Software Cost Estimation
22:55
22:55
Play later
Play later
Lists
Like
Liked
22:55
Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI…
…
continue reading
1
Cybersecurity Metrics: Protecting Data and Understanding Threats
27:00
27:00
Play later
Play later
Lists
Like
Liked
27:00
One of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cyber…
…
continue reading
1
3 Key Elements for Designing Secure Systems
36:28
36:28
Play later
Play later
Lists
Like
Liked
36:28
To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, …
…
continue reading
1
Using Role-Playing Scenarios to Identify Bias in LLMs
45:07
45:07
Play later
Play later
Lists
Like
Liked
45:07
Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division,…
…
continue reading
1
Best Practices and Lessons Learned in Standing Up an AISIRT
38:29
38:29
Play later
Play later
Lists
Like
Liked
38:29
In the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI)…
…
continue reading
1
3 API Security Risks (and How to Protect Against Them)
19:28
19:28
Play later
Play later
Lists
Like
Liked
19:28
The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solu…
…
continue reading
1
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
43:05
43:05
Play later
Play later
Lists
Like
Liked
43:05
How can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
…
continue reading
1
Capability-based Planning for Early-Stage Software Development
33:55
33:55
Play later
Play later
Lists
Like
Liked
33:55
Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understa…
…
continue reading
