Podcasts about software engineering institute sei

At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University's Software Engineering Institute (SEI) from May 2023 through September 2023. The Mayflower Project attempted to answer the following questions: How might the IC set up a baseline, stand-alone LLM? How might the IC customize LLMs for specific intelligence use cases? How might the IC evaluate the trustworthiness of LLMs across use cases? In this SEI Podcast, Shannon Gallagher, AI engineering team lead, and Rachel Dzombak, special advisor to the director of the SEI's AI Division, discuss the findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use cases.

We must be methodical and intentional about how Artificial Intelligence (AI) systems are designed, developed, deployed, and operationalized, particularly in critical infrastructure contexts. CISA, the UK-NCSC, and our partners advocate a secure by design approach where security is a core requirement and integral to the development of AI systems from the outset, and throughout their lifecycle, to build wider trust that AI is safe and secure to use. This talk will focus on challenges and opportunities in the secure deployment, operation, and maintenance of AI software systems. The talk will use publications on the practice of coordinated vulnerability disclosure as a motivating example. About the speaker: Dr. Jonathan Spring is a cybersecurity specialist in the Cybersecurity and Infrastructure Security Agency. Working within the Cybersecurity Division's Vulnerability Management Office, his area of focus includes researching and producing reliable evidence to support effective cybersecurity policies at various levels of vulnerability management, machine learning, and threat intelligence.Prior to joining CISA, Jonathan held positions in the Computer Emergency Response Team (CERT) division of the Software Engineering Institute (SEI) at Carnegie Mellon University and was adjunct professor at the University of Pittsburgh's School of Information Sciences.

In this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make wrong predictions and give inaccurate estimates for the uncertainty of their predictions. It can be difficult to predict when their predictions will be wrong. Heim also discusses new techniques to quantify uncertainty, identify causes of uncertainty, and efficiently update ML models to reduce uncertainty in their predictions. The work of Heim and colleagues at the SEI Emerging Technology Center closes the gap between the scientific and mathematical advances from the ML research community and the practitioners who use the systems in real-life contexts, such as software engineers, software developers, data scientists, and system developers.  

For more than two decades, Carnegie Mellon University’s Software Engineering Institute (SEI) has been instrumental in the creation and development of the field of software architecture. In our past webcasts, What Makes a Good Software Architect? (https://www.youtube.com/watch?v=CbLJC...) and What Makes a Good Software Architect (2019 Edition)? (https://www.youtube.com/watch?v=UFqys...), we have discussed what makes a good software architect. The range of knowledge and skills involved can be daunting, particularly given the pace of change in technologies and practices. In this session, a panel of architects will discuss their personal paths to becoming software architects and how they have helped others on that journey.

Michael C. Theis uses his 25+ years as a Counterintelligence Special Agent supporting the US Intelligence Community along with his 30+ years of concurrent computer systems engineering experience to aid the CERT© Insider Threat Center further its research and development of socio-technical controls to prevent, detect and respond to insider threats. He is also a Senior Member of the Technical Staff at the Software Engineering Institute (SEI). Previously, Theis was the first-ever Chief of Cyber-Counterintelligence for the National Reconnaissance Office, where he served as the Chief for Cyber-CI investigations and operations for over six years. In 2006, he was named one of the Premier 100 IT Leaders in the nation by Computerworld magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e59

Robert Binder is a Senior Engineer member of the technical staff at the Software Engineering Institute (SEI) of Carnegie Mellon University. He has 43 years of experiencing working in technology on everything from mainframe computers to embedded cyber physical systems, including work in institutions in financial markets in Chicago including the CBOE (Chicago Board Options Exchange).We talked about how the drivers of economics and business are sending Facebook in the same direction AT&T was sent. Topics include:Classical EconomicsThe Network EffectThe Monopolist's Demand CurveWhen it came to AT&T's breakup in the 1980s, it was not just the new technology that mattered, it was the business opportunities created at that moment. Capital investment and risk taking and entrepreneurial activity that resulted happened at a very large scale.Timestamps:3:15 How Robert got involved with software in 19764:00 2 GTE software project the theory of the firm monopolist's demand curve2.40 Robert's project with GTE Automatic Electric, which operated specialized telephone networks. At the time AT&T operated all the wires and owned all the phones. People leased their home phones from AT&T.The deregulation in 1985 of ATT opened the door for cellular networks and led to what we have today; this is a hugely complex topic. But we discussed a few aspects. 6:00 The Theory of the Firm6:15 In a competitive market, no individual company can control price; they price based on supply and demand6:43 The Monopolist's Demand Curve7:09 Martin Shkreli and high cost drug monopoly- ‘Pharma bro’ Martin Shkreli sentenced to 7 years in prison — says, ‘This is my fault’9:20 AT&T was a monopoly but they made more money by charging less - not gouging customers even though they could10:00 Facebook is the greatest deal in advertising but is quickly increasing in cost11:02 The power of monopoly is a street that cuts both ways for Facebook (privacy issues, scrutiny)11:20 Most users don't realize Facebook owns Instagram or that user data is the product - the model is much more complex than AT&T's monopoly12:20 In the 1930s people realized that if the telephone system was to grow, they would need to employ an inordinate amount of humans to man the switches - not scalable13:20 Was there skepticism about technology like the telephone like there has been for the PC, the smart phone, email, and now voice technology?13:50 Long distance calls were expensive14:15 New technology, when scalable and affordable, can be adopted readily and becomes quotidian14:30 The Network Effect (the value of a network increases to a power of two with the number of connections) - exponential growth See acast.com/privacy for privacy and opt-out information.

For the sake of security and safety, exercise environments where cyber operators train often need to be disconnected from real networks. To make these environments more realistic, the Software Engineering Institute (SEI) developed software that simulates the public Internet to give trainees the sense that they are in a real environment. In this SEI Cyber Talk episode, Rotem Guttman and Gabe Somlo explain how this software works to replicate common websites that users see on the Internet and make them as realistic as possible, which includes the addition of a DNS server infrastructure and making the websites appear as if they are hosted in different geographic locations. Rotem and Gabe also discuss how the software supports less common, but important, use cases like performing cryptocurrency transactions or running onion nodes.

In today's global business environment, risk management must be aligned to business strategy. As companies continue to shift their business models, strategies change and risk management becomes even more important. A company must find the right balance between risk resiliency and risk agility. The chief risk officer (CRO) role is an important catalyst to make that happen, so a company's long term strategic objectives may be realized. The CRO Certificate Program is developed and delivered by Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, and the CERT Division of the Software Engineering Institute (SEI). In this podcast, Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program. Listen on Apple Podcasts.

The Software Process and Measurement Cast features my interview with Jeff Dalton.  Jeff returns to the Software Process and Measurement Cast to discuss the 12 attributes of successful Agile organizations. Jeff talks about the relatively small set of attributes that successful Agile organizations possess and exhibit. These attributes don’t occur by accident, but rather are a reflection of hard work and consistency of purpose.  We can all reflect and adopt these attributes in our pursuit of success. Jeff shows us how! Jeff’s Bio: Jeff Dalton is President of Broadsword, a Certified Lead Appraiser, CMMI Instructor, ScrumMaster and author of “agileCMMI,” Broadsword’s leading methodology for incremental and iterative process improvement, as well as many published articles and ebooks on performance innovation. Jeff has been selected Keynote Speaker at numerous conferences including the International Conference on CMMI in Lima, Peru, the PMI Great Lakes 2013 Symposium, the 2014 QUEST Conference and Expo, the CMMI SEPG Conference 2014, the CMMI Global Congress 2015, the PM Symposium Indianapolis 2015 and the PM Symposium Chicago 2015.  He has appeared multiple times at Agile Development West, Better Software, Agile Processes and Tools, AgileDC, and at Software Process Improvement Network (SPIN) and Agile Leadership Network (ALN) meetups throughout North America. Jeff served as the Chairman of the Partner Advisory Board at the Software Engineering Institute (SEI) and CMMI Institute from 2011-2014 during their transition period.  He has been president of Great Lakes Software Process Improvement Network, and is a recipient of the prestigious Software Engineering Institute’s SEI Member Award for Outstanding Representative for his work uniting the Agile and CMMI communities through his popular blog “Ask the CMMI Appraiser.” He holds degrees in Music and Computer Science and builds experimental airplanes in his spare time.  Jeff can be reached at appraiser@broadswordsolutions.com. Contact Data: Email: appraiser@broadswordsolutions.com. Twitter: @CMMIAppraiser Blog: http://askthecmmiappraiser.blogspot.com/ Web: http://www.broadswordsolutions.com/ also see: www.cmmi-tv.com Previous Appearances on the podcast: SPaMCAST 296 – Jeff Dalton, CMMI, Agile, Resiliency SPaMCAST 176 - Jeff Dalton, CMMI, Scrum and Agile Call to Action! Review the SPaMCAST on iTunes, Stitcher or your favorite podcatcher/player and then share the review! Help your friends find the Software Process and Measurement Cast. After all, friends help friends find great podcasts! Re-Read Saturday News Remember that the Re-Read Saturday of The Mythical Man-Month returns this week when we tackle the essay titled “The Other Face” Check out the new installment at Software Process and Measurement Blog.   Upcoming Events Agile Development Conference East November 8-13, 2015 Orlando, Florida http://adceast.techwell.com/ I will be speaking on November 12th on the topic of Agile Risk. Let me know if you are going and we will have a SPaMCAST Meetup. Next SPaMCAST The next Software Process and Measurement Cast returns to the topic of Agile Project Charters, tackling the concepts needed to scale a charter to an Agile project or program. When Agile projects scale up to handle larger efforts additional steps are often required. Additional steps can lead to bloat if you do not take care. We will also have a new installment of Jeremy Berriault’s QA Corner! We discussed the definition of test cases and why they are so important to delivering quality code! Shameless Ad for my book! Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: “This book will prove that software projects should not be a tedious process for you or your team.” Support SPaMCAST by buying the book here. Available in English and Chinese.  

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems. Listen on Apple Podcasts.

On April 25, 2014, technical staff from the Software Engineering Institute (SEI) and Codenomicon participated in a live-streamed panel discussion on the impact of the Heartbleed OpenSSL vulnerability along with methods to mitigate and even prevent crises like this in the future. Chris Clark, Security Engineer from Codenomicon, one of the cybersecurity organizations that discovered the Heartbleed vulnerability, joined members of SEI's technical staff from the CERT and Software Solutions divisions and from the SEI's Information Technology department. They will be discussing how software vulnerabilities like Heartbleed can be mitigated through the different phases of the secure software lifecycle using techniques available today. They will also discuss how changes to our current software development and management techniques need to be managed to more effectively reduce the effects of incidents like Heartbleed.

Watch Randy Trzeciak and David Mundie discuss an "Overview of the Threat Posed by Insiders to Critical Assets" from the virtual event Managing the Insider Threat: What Every Organization Should Know. About the Speaker(s) Randy Trzeciak is Technical Manager of CERT’s Enterprise Threat and Vulnerability Management Team and the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute. The team’s mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas, developing and conducting information security assessments, and providing information, solutions and training for preventing, detecting, and responding to illicit activity. David Mundie is a member of the CSIRT Development Team within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has been at CERT since 2000 and has worked in a variety of areas including insider threat, malware analysis, and incident management capability metrics. From 2006 to 2009, he was a member of the Q-CERT project, which established a national information security team for the country of Qatar.

Show 56 features an interview with Bill Phifer of EDS, an HP Company.  We discussed the importance of measurement and metrics in sourcing arrangements.Bill Phifer is a Fellow at EDS, an HP Company, with responsibility for enterprise strategies related to quality standards and models for the Global Quality and Service Excellence group. He is a Software Engineering Institute (SEI) authorized Capability Maturity Model Integration (CMMI) Lead Appraiser with over 33 years in IT including 16 years in software process implementation and improvement, measurement, and project management. Bill is also a Lead Evaluator for Carnegie Mellon University’s eSourcing Capability Model for Service Providers (eSCM-SP) with an interest in sourcing best practices. This includes a focus on game theory and balancing the needs of customers and service providers with relationship management. He is a regular presenter at IT industry conferences and seminars such as SEI’s SEPG, itSMF USA Fusion, and IEEE. Bill is currently concentrating on end-to-end IT lifecycle process integration between applications and infrastructure using multiple models and standards such as CMMI, ITIL, eSCM, ISO 9000, ISO 27001 and CObIT. Along with this, he is researching approaches and methods for multi-model diagnostics and appraisals.Contact information:Email: bill.phifer@verizon.netPhone: (610) 232-5203Tell a friend about the Software Process and Measurement Cast and show them how to subscribe.  Let me know and I will acknowledge you on the next show!  The essay is titled “Interested or Interesting?”  I recently heard the suggestion that it was more important to focus on being interested rather than being interesting in the essay we explore why.Join the SPaMCAST’s community by joining the SPaMCAST Facebook page and get involved!!!!  http://tinyurl.com/62z5elThere are a number of ways to share your thoughts with SPaMCAST: •    Email SPaMCAST at spamcastinfo@gmail.com•    Voice messages can be left at 1-206-888-6111•    Twitter – www.twitter.com/tcagley•    BLOG – www.tcagley.wordpress.com•    FACEBOOK!!!! Software Process and Measurement               http://tinyurl.com/62z5elNext Software Process and Measurement Cast: The next Software Process and Measurement Cast will feature an interview Joe Schofield.  We discussed software sizing.  Size and how you get to size really does matter. 

In this Episode we discuss software architecture evaluation with Dragos Manolescu, an architect at Microsoft's patterns & practices group. We start off the discussion by trying to define what software architecture evaluation is and when and you want to evaluate an architecture in the system's lifecycle. We then make sure evaluators set the expectations for the evaluation process right - it is important to understand that architecture evaluation is typically not primarily a review of the technology decisions made for the architecture. We then discuss the kinds of notations that are useful for describing architectures, and which of these are especially helpful for the evaluator. Next we look at the core of the architecture evaluation task, namely, the integration of the various stakeholders and their views. We also discuss real reviews from reviews that are staged "for show" only. Next in the discussion is a brief look at the tools you can use for architecture evaluation, as well as a closer look at the various methods for achitecture evalualtion proposed by the Software Engineering Institute (SEI). We conclude the discussion by outlining how architecture evaluation fits into an agile development process. ... and finally, we briefly plug the PLOPD5 book, on which Dragos, Markus and James Noble have been working recently :-)

In this Episode we discuss software architecture evaluation with Dragos Manolescu, an architect at Microsoft's patterns & practices group. We start off the discussion by trying to define what software architecture evaluation is and when and you want to evaluate an architecture in the system's lifecycle. We then make sure evaluators set the expectations for the evaluation process right - it is important to understand that architecture evaluation is typically not primarily a review of the technology decisions made for the architecture. We then discuss the kinds of notations that are useful for describing architectures, and which of these are especially helpful for the evaluator. Next we look at the core of the architecture evaluation task, namely, the integration of the various stakeholders and their views. We also discuss real reviews from reviews that are staged "for show" only. Next in the discussion is a brief look at the tools you can use for architecture evaluation, as well as a closer look at the various methods for achitecture evalualtion proposed by the Software Engineering Institute (SEI). We conclude the discussion by outlining how architecture evaluation fits into an agile development process. ... and finally, we briefly plug the PLOPD5 book, on which Dragos, Markus and James Noble have been working recently :-)

In this Episode we discuss software architecture evaluation with Dragos Manolescu, an architect at Microsoft's patterns & practices group. We start off the discussion by trying to define what software architecture evaluation is and when and you want to evaluate an architecture in the system's lifecycle. We then make sure evaluators set the expectations for the evaluation process right - it is important to understand that architecture evaluation is typically not primarily a review of the technology decisions made for the architecture. We then discuss the kinds of notations that are useful for describing architectures, and which of these are especially helpful for the evaluator. Next we look at the core of the architecture evaluation task, namely, the integration of the various stakeholders and their views. We also discuss real reviews from reviews that are staged "for show" only. Next in the discussion is a brief look at the tools you can use for architecture evaluation, as well as a closer look at the various methods for achitecture evalualtion proposed by the Software Engineering Institute (SEI). We conclude the discussion by outlining how architecture evaluation fits into an agile development process. ... and finally, we briefly plug the PLOPD5 book, on which Dragos, Markus and James Noble have been working recently :-)