BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Content provided by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Software Engineering Institute (SEI) Podcast Series
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Developing and Using a Software Bill of Materials Framework
Manage episode 410676853 series 3018913
Content provided by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish a more comprehensive set of practices and processes that organizations can leverage as they build their programs. They also offer guidance for government agencies who are interested in incorporating SBOMs into their work.
408 episodes
Share
Manage episode 410676853 series 3018913
Content provided by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish a more comprehensive set of practices and processes that organizations can leverage as they build their programs. They also offer guidance for government agencies who are interested in incorporating SBOMs into their work.
408 episodes
All episodes
×
S
Software Engineering Institute (SEI) Podcast Series
1 Updating Risk Assessment in the CERT Secure Coding Standard 26:04
26:04 
Play Later 
Play Later 
Lists 
Like 
Liked26:04
Play Later Play Later Lists Like LikedBringing a codebase into compliance with the SEI CERT Coding Standards , requires a cost of time and effort, namely in the form of a static analysis tool. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools, as well as simplify the process of source code security auditing. In this podcast David Svoboda and Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations team in CERT, to discuss the proposed changes, specifically in the area of risk assessment.…
S
Software Engineering Institute (SEI) Podcast Series
1 Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16
27:16 Play Later Play Later Lists Like Liked27:16
Play Later Play Later Lists Like LikedIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Getting the Most Out of Your Insider Risk Data with IIDES 39:14
39:14 Play Later Play Later Lists Like Liked39:14
Play Later Play Later Lists Like LikedInsider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insider incidents. IIDES facilitates insider incident information handling to help organizations better protect themselves against the compromise of sensitive information and mission-critical systems, which is essential to maintaining national security and defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14
18:14 Play Later Play Later Lists Like Liked18:14
Play Later Play Later Lists Like LikedGrace Lewis , a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In this SEI podcast, Lewis sits down with Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, to discuss her vision and plans for the IEEE CS presidency.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Machine Learning Test and Evaluation with MLTE 29:06
29:06 Play Later Play Later Lists Like Liked29:06
Play Later Play Later Lists Like LikedMachine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for ML test and evaluation. MLTE can aid organizations across the DoD in more effectively negotiating, documenting, and evaluating model and system qualities.…
S
Software Engineering Institute (SEI) Podcast Series
1 DOD Software Modernization: SEI Impact and Innovation 27:12
27:12 Play Later Play Later Lists Like Liked27:12
Play Later Play Later Lists Like LikedAs software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including controlling the attack surface, incorporating industry practices such as DevSecOps, and the interplay between software, cybersecurity, and AI.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Docker Containers: Techniques, Challenges, and Tools 39:09
39:09 Play Later Play Later Lists Like Liked39:09
Play Later Play Later Lists Like LikedContainerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasank Venkata Vishnubhatla and Maxwell Trdina, both engineers in the SEI CERT Division, sit down with Tim Chick, technical manager of the Applied Systems Group, to explore issues surrounding containerization, including recent vulnerabilities.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Introduction to Software Cost Estimation 22:55
22:55 Play Later Play Later Lists Like Liked22:55
Play Later Play Later Lists Like LikedSoftware cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Cybersecurity Metrics: Protecting Data and Understanding Threats 27:00
27:00 Play Later Play Later Lists Like Liked27:00
Play Later Play Later Lists Like LikedOne of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cybersecurity measurement, what kinds of measurements are used in cybersecurity, and what those metrics can tell us about cyber systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 3 Key Elements for Designing Secure Systems 36:28
36:28 Play Later Play Later Lists Like Liked36:28
Play Later Play Later Lists Like LikedTo make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, and operating secure systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Role-Playing Scenarios to Identify Bias in LLMs 45:07
45:07 Play Later Play Later Lists Like Liked45:07
Play Later Play Later Lists Like LikedHarmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division, discuss their recent work using role-playing game scenarios to identify biases in LLMs.…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices and Lessons Learned in Standing Up an AISIRT 38:29
38:29 Play Later Play Later Lists Like Liked38:29
Play Later Play Later Lists Like LikedIn the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI) recognized a need to create an entity that would identify, research, and identify mitigation strategies for AI vulnerabilities to protect national assets against traditional cybersecurity, adversarial machine learning, and joint cyber-AI attacks. In this SEI podcast, Lauren McIlvenny, director of threat analysis in the SEI’s CERT Division, discusses best practices and lessons learned in standing up an AI Security Incident Response Team (AISIRT).…
S
Software Engineering Institute (SEI) Podcast Series
1 3 API Security Risks (and How to Protect Against Them) 19:28
19:28 Play Later Play Later Lists Like Liked19:28
Play Later Play Later Lists Like LikedThe exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.…
S
Software Engineering Institute (SEI) Podcast Series
1 Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices 43:05
43:05 Play Later Play Later Lists Like Liked43:05
Play Later Play Later Lists Like LikedHow can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
S
Software Engineering Institute (SEI) Podcast Series
1 Capability-based Planning for Early-Stage Software Development 33:55
33:55 Play Later Play Later Lists Like Liked33:55
Play Later Play Later Lists Like LikedCapability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understandably vary across these domains. In this SEI podcast, Anandi Hira, a data scientist, and William R. Nichols, an initiative lead for Software Engineering Measurement and Analysis, introduce CBP and its use and application in software acquisition.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Software Engineering Institute (SEI) Podcast Series
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
