The SEI contributed its expertise to the development of the Software Acquisition Pathway (SWP), which the Department of Defense (DoD) issued in 2020 as DoD Instruction 5000.87. Since the SWP’s issuance, SEI researchers have collaborated with DoD program teams and policy owners to effectively implement the pathway in different program contexts, identify barriers and challenges, and monitor outcomes. Throughout that work, we’ve ident...

Experts agree that quantum computing will likely become powerful enough to break modern-day encryption within the next 10–15 years on “Q Day.” Once encryption is defeated, the computing world will never be the same. Organizations need to identify the correct courses of action to take today so that the sudden onset of quantum computing does not threaten their critical assets. In this webcast, Brett Tucker, Dan Justice, and Mat...

Often, Agile implementations are a struggle. Dedicated agile teams focus hard and deliver value on a regular cadence. But when results are tallied, the value teams produce may not fit neatly into the expectations of senior stakeholders. Why? In this webcast, Peter Capell addresses the importance of a practical vision to express outcomes, so that the program's “target picture” is clear to all parties involved. Peter highlights the v...

Finding and growing AI and Data talent is essential for mission success, but many skilled workers remain unseen because they lack traditional credentials. This session introduces practical strategies and prototype tools that help individuals demonstrate what they know while helping managers identify and evaluate emerging talent in these fields. Attendees will explore micro-assessments reflecting real data science and AI workflows, see how skil...

Threat modeling is intended to help defend a system from attack. It tops the list of techniques recommended by the National Institute of Standards and Technology (NIST) to secure critical systems. In a world where people with malicious intent have deadlier tools at their disposal, defenders need to take advantage of Model-Based Systems Engineering (MBSE) to form mitigation strategies effective from early in the systems engineering lifecycle. T...

Quantum accelerated supercomputing allows domain scientists to address complex problems in machine learning (ML) and across various disciplines. These hybrid systems will require not only an understanding of quantum computing (QC) but also of High Performance Computing (HPC) skills to manage and optimize quantum-classical workflows. Modern university-level QC curriculums will address QC, ML, and hybrid algorithms; but they overlook the practic...

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization partnered with the Software Engineering Institute (SEI) to conduct the first study to baseline the st...

Today, we have seen our national security and defense organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our national security and defense...

Why aren't malware analysis practitioners making more use academic research results? In this webcast, we suggest that one reason is the general difficulty of replicating and reproducing research results in this field. We randomly selected 100 papers on "malware classification" from Google Scholar results and attempted to replicate each one. We were only able to find released code for 6 of these 100 papers, and what's worse, only 6 of the 88 re...

The CERT Insider Risk Team has developed a new standard for storing and exchanging insider threat case data. The Insider Incident Data Exchange Standard (IIDES) includes structures for collecting and analyzing a variety of technical, non-technical, organizational, and incident response information to meet the varied needs of researchers and practitioners. IIDES is designed to allow practitioners to build, maintain, deidentify, and share inside...