Software Engineering Institute

What Could Possibly Go Wrong? Safety Analysis for AI Systems

SEI researchers discuss their work on System Theoretic Process Analysis, or STPA, a hazard-analysis technique uniquely suitable for dealing with AI complexity when assuring AI systems.
sei.cmu

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Fricke, J., and Hoover, A., 2018: Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection. Carnegie Mellon University, Software Engineering ...
sei.cmu

SEI Software Architecture Professional Certificate

Software architecture is the primary carrier of system qualities, such as performance, modifiability, and security. Architecture helps ensure that a design approach will yield an acceptable system and ...
sei.cmu

Four Types of Shift Left Testing

Firesmith, D., 2015: Four Types of Shift Left Testing. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13, 2025, https ...
sei.cmu

Common Testing Problems: Pitfalls to Prevent and Mitigate

Firesmith, D., 2013: Common Testing Problems: Pitfalls to Prevent and Mitigate. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

Differences Between ASLR on Windows and Linux

Dormann, W., 2014: Differences Between ASLR on Windows and Linux. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13 ...
sei.cmu

An Introduction to the Mission Thread Workshop

Gagliardi, M., 2015: An Introduction to the Mission Thread Workshop. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November ...
sei.cmu

Probably Don’t Rely on EPSS Yet

Spring, J., 2022: Probably Don’t Rely on EPSS Yet. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 19, 2025, https ...
sei.cmu

Applying Large Language Models to DoD Software Acquisition: An Initial Experiment

Schmidt, D., and Robert, J., 2024: Applying Large Language Models to DoD Software Acquisition: An Initial Experiment. Carnegie Mellon University, Software Engineering ...
sei.cmu

A Hitchhiker’s Guide to ML Training Infrastructure

Palat, J., 2022: A Hitchhiker’s Guide to ML Training Infrastructure. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November ...
sei.cmu

2000 CERT Advisories

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes. This report details the description, impact, ...
sei.cmu

Best Practices for Cloud Security

Faatz, D., 2018: Best Practices for Cloud Security. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 10, 2025, https ...