#
Title
1

Software-Defined Warfare: Expanding the Frontier

2

From Coordination Chaos to Mission Focus: The Waypoints Framework

3

An LLM Evaluation Framework for High-Stakes AI

4

Protecting AI Systems Against Data Poisoning

5

Goal-Line Defense: A Tool to Discover and Mitigate UEFI Vulnerabilities

6

Leadership, Legacy, and the Power of Mentors: Insights from Dr. Paul Nielsen

7

With a Little Help from Our Civilian Friends: Cybersecurity Reserve Is Both Feasible and Advisable

8

Maturing AI Adoption: From Chaos to Consistency

9

Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model

10

AI for the Warfighter: Acquisition Challenges and Guidance

11

Visibility Through the Clouds with Network Flow Logs

12

Orchestrating the Chaos: Protecting Wireless Networks from Cyber Attacks

13

From Data to Performance: Understanding and Improving Your AI Model

14

What Could Possibly Go Wrong? Safety Analysis for AI Systems

15

Getting Your Software Supply Chain In Tune with SBOM Harmonization

16

API Security: An Emerging Concern in Zero Trust Implementations

17

Delivering Next-Generation AI Capabilities

18

The Benefits of Rust Adoption for Mission-and-Safety-Critical Systems

19

Threat Modeling: Protecting Our Nation's Complex Software-Intensive Systems

20

Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds

21

Mitigating Cyber Risk with Secure by Design

22

The Magic in the Middle: Evolving Scaled Software Solutions for National Defense

23

Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space

24

Deploying on the Edge

25

The Best and Brightest: 6 Years of Supporting the President's Cup Cybersecurity Competition

26

Updating Risk Assessment in the CERT Secure Coding Standard

27

Delivering Next Generation Cyber Capabilities to the DoD Warfighter

28

Getting the Most Out of Your Insider Risk Data with IIDES

29

Grace Lewis Outlines Vision for IEEE Computer Society Presidency

30

Improving Machine Learning Test and Evaluation with MLTE

31

DOD Software Modernization: SEI Impact and Innovation

32

Securing Docker Containers: Techniques, Challenges, and Tools

33

An Introduction to Software Cost Estimation

34

Cybersecurity Metrics: Protecting Data and Understanding Threats

35

3 Key Elements for Designing Secure Systems

36

Using Role-Playing Scenarios to Identify Bias in LLMs

37

Best Practices and Lessons Learned in Standing Up an AISIRT

38

3 API Security Risks (and How to Protect Against Them)

39

Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices

40

Capability-based Planning for Early-Stage Software Development

41

Safeguarding Against Recent Vulnerabilities Related to Rust

42

Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)

43

Automated Repair of Static Analysis Alerts

44

Developing and Using a Software Bill of Materials Framework

45

Using Large Language Models in the National Security Realm

46

Atypical Applications of Agile and DevSecOps Principles

47

When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction

48

The Impact of Architecture on Cyber-Physical Systems Safety

49

ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies

50

The Cybersecurity of Quantum Computing: 6 Areas of Research

51

User-Centric Metrics for Agile

52

The Product Manager's Evolving Role in Software and Systems Development

53

Measuring the Trustworthiness of AI Systems

54

Actionable Data in the DevSecOps Pipeline

55

Insider Risk Management in the Post-Pandemic Workplace

56

An Agile Approach to Independent Verification and Validation

57

Zero Trust Architecture: Best Practices Observed in Industry

58

Automating Infrastructure as Code with Ansible and Molecule

59

Identifying and Preventing the Next SolarWinds

60

A Penetration Testing Findings Repository

61

Understanding Vulnerabilities in the Rust Programming Language

62

We Live in Software: Engineering Societal-Scale Systems

63

Secure by Design, Secure by Default

64

Key Steps to Integrate Secure by Design into Acquisition and Development

65

An Exploration of Enterprise Technical Debt

66

The Messy Middle of Large Language Models

67

An Infrastructure-Focused Framework for Adopting DevSecOps

68

Software Security in Rust

69

Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron

70

Asking the Right Questions to Coordinate Security in the Supply Chain

71

Securing Open Source Software in the DoD

72

A Model-Based Tool for Designing Safety-Critical Systems

73

Managing Developer Velocity and System Security with DevSecOps

74

A Method for Assessing Cloud Adoption Risks

75

Software Architecture Patterns for Deployability

76

ML-Driven Decision Making in Realistic Cyber Exercises

77

A Roadmap for Creating and Using Virtual Prototyping Software

78

Software Architecture Patterns for Robustness

79

A Platform-Independent Model for DevSecOps

80

Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems

81

Trust and AI Systems

82

A Dive into Deepfakes

83

Challenges and Metrics in Digital Engineering

84

The 4 Phases of the Zero Trust Journey

85

DevSecOps for AI Engineering

86

Undiscovered Vulnerabilities: Not Just for Critical Software

87

Explainable AI Explained

88

Model-Based Systems Engineering Meets DevSecOps

89

Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy

90

Software and Systems Collaboration in the Era of Smart Systems

91

Securing the Supply Chain for the Defense Industrial Base

92

Securing the Supply Chain for the Defense Industrial Base

93

Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis

94

Envisioning the Future of Software Engineering

95

Implementing the DoD's Ethical AI Principles

96

Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems

97

Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems

98

A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad

99

Enabling Transition From Sustainment to Engineering Within the DoD

100

The Silver Thread of Cyber in the Global Supply Chain

101

Measuring DevSecOps: The Way Forward

102

Bias in AI: Impact, Challenges, and Opportunities

103

Agile Strategic Planning: Concepts and Methods for Success

104

Applying Scientific Methods in Cybersecurity

105

Zero Trust Adoption: Benefits, Applications, and Resources

106

Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions

107

11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula

108

Benefits and Challenges of Model-Based Systems Engineering

109

Can DevSecOps Make Developers Happier?

110

Is Your Organization Ready for AI?

111

Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems

112

AI Workforce Development

113

Moving from DevOps to DevSecOps

114

Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs

115

Digital Engineering and DevSecOps

116

A 10-Step Framework for Managing Risk

117

7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts

118

Ransomware: Evolution, Rise, and Response

119

VINCE: A Software Vulnerability Coordination Platform

120

Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network

121

An Introduction to CMMC Assessment Guides

122

The CMMC Level 3 Assessment Guide: A Closer Look

123

The CMMC Level 1 Assessment Guide: A Closer Look

124

Achieving Continuous Authority to Operate (ATO)

125

Challenging the Myth of the 10x Programmer

126

A Stakeholder-Specific Approach to Vulnerability Management

127

Optimizing Process Maturity in CMMC Level 5

128

Reviewing and Measuring Activities for Effectiveness in CMMC Level 4

129

Situational Awareness for Cybersecurity: Beyond the Network

130

Quantum Computing: The Quantum Advantage

131

CMMC Scoring 101

132

Developing an Effective CMMC Policy

133

The Future of Cyber: Educating the Cybersecurity Workforce

134

Documenting Process for CMMC

135

Agile Cybersecurity

136

CMMC Levels 1-3: Going Beyond NIST SP-171

137

The Future of Cyber: Secure Coding

138

Challenges to Implementing DevOps in Highly Regulated Environments

139

The Future of Cyber: Cybercrime

140

An Ethical AI Framework

141

The CERT Guide to Coordinated Vulnerability Disclosure

142

The Future of Cyber: Security and Privacy

143

The Future of Cyber: Security and Resilience

144

Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools

145

Benchmarking Organizational Incident Management Practices

146

Machine Learning in Cybersecurity: 7 Questions for Decision Makers

147

Human Factors in Software Engineering

148

Improving the Common Vulnerability Scoring System

149

Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities

150

Selecting Metrics for Software Assurance

151

AI in Humanitarian Assistance and Disaster Response

152

The AADL Error Library: 4 Families of Systems Errors

153

Privacy in the Blockchain Era

154

Cyber Intelligence: Best Practices and Biggest Challenges

155

Assessing Cybersecurity Training

156

DevOps in Highly Regulated Environments

157

The Role of the Software Factory in Acquisition and Sustainment

158

Defending Your Organization Against Business Email Compromise

159

Managing Technical Debt: A Focus on Automation, Design, and Architecture

160

Leading in the Age of Artificial Intelligence

161

Applying Best Practices in Network Traffic Analysis

162

10 Types of Application Security Testing Tools and How to Use Them

163

Using Test Suites for Static Analysis Alert Classifiers

164

Blockchain at CMU and Beyond

165

Leading in the Age of Artificial Intelligence

166

System Architecture Virtual Integration: ROI on Early Discovery of Defects

167

A Technical Strategy for Cybersecurity

168

Best Practices for Security in Cloud Computing

169

Risks, Threats, and Vulnerabilities in Moving to the Cloud

170

How to Be a Network Traffic Analyst

171

Workplace Violence and Insider Threat

172

Why Does Software Cost So Much?

173

Cybersecurity Engineering & Software Assurance: Opportunities & Risks

174

Software Sustainment and Product Lines

175

Best Practices in Cyber Intelligence

176

The Evolving Role of the Chief Risk Officer

177

Obsidian: A Safer Blockchain Programming Language

178

Agile DevOps

179

Is Software Spoiling Us? Technical Innovations in the Department of Defense

180

Is Software Spoiling Us? Innovations in Daily Life from Software

181

How Risk Management Fits into Agile & DevOps in Government

182

5 Best Practices for Preventing and Responding to Insider Threat

183

Pharos Binary Static Analysis: An Update

184

Positive Incentives for Reducing Insider Threat

185

Mission-Practical Biometrics

186

At Risk Emerging Technology Domains

187

DNS Blocking to Disrupt Malware

188

Best Practices: Network Border Protection

189

Verifying Software Assurance with IBM's Watson

190

The CERT Software Assurance Framework

191

Scaling Agile Methods

192

Ransomware: Best Practices for Prevention and Response

193

Integrating Security in DevOps

194

SEI Fellows Series: Peter Feiler

195

NTP Best Practices

196

Establishing Trust in Disconnected Environments

197

Distributed Artificial Intelligence in Space

198

Verifying Distributed Adaptive Real-Time Systems

199

10 At-Risk Emerging Technologies

200

Technical Debt as a Core Software Engineering Practice

201

DNS Best Practices

202

Three Roles and Three Failure Patterns of Software Architects

203

Security Modeling Tools

204

Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks

205

Cyber Security Engineering for Software and Systems Assurance

206

Moving Target Defense

207

Improving Cybersecurity Through Cyber Intelligence

208

A Requirement Specification Language for AADL

209

Becoming a CISO: Formal and Informal Requirements

210

Predicting Quality Assurance with Software Metrics and Security Methods

211

Network Flow and Beyond

212

A Community College Curriculum for Secure Software Development

213

Security and the Internet of Things

214

The SEI Fellow Series: Nancy Mead

215

An Open Source Tool for Fault Tree Analysis

216

Global Value Chain – An Expanded View of the ICT Supply Chain

217

Intelligence Preparation for Operational Resilience

218

Evolving Air Force Intelligence with Agile Techniques

219

Threat Modeling and the Internet of Things

220

Open Systems Architectures: When & Where to Be Closed

221

Effective Reduction of Avoidable Complexity in Embedded Systems

222

Toward Efficient and Effective Software Sustainment

223

Quality Attribute Refinement and Allocation

224

Is Java More Secure Than C?

225

Identifying the Architectural Roots of Vulnerabilities

226

Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations

227

An Interview with Grady Booch

228

Structuring the Chief Information Security Officer Organization

229

How Cyber Insurance Is Driving Risk and Technology Management

230

A Field Study of Technical Debt

231

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

232

A Software Assurance Curriculum for Future Engineers

233

Four Types of Shift Left Testing

234

Toward Speed and Simplicity: Creating a Software Library for Graph Analytics

235

Capturing the Expertise of Cybersecurity Incident Handlers

236

Improving Quality Using Architecture Fault Analysis with Confidence Arguments

237

A Taxonomy of Testing Types

238

Reducing Complexity in Software & Systems

239

Designing Security Into Software-Reliant Systems

240

Agile Methods in Air Force Sustainment

241

Defect Prioritization With the Risk Priority Number

242

SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers

243

An Introduction to Context-Aware Computing

244

Data Driven Software Assurance

245

Applying Agile in the DoD: Twelfth Principle

246

Supply Chain Risk Management: Managing Third Party and External Dependency Risk

247

Introduction to the Mission Thread Workshop

248

Applying Agile in the DoD: Eleventh Principle

249

A Workshop on Measuring What Matters

250

Applying Agile in the DoD: Tenth Principle

251

Predicting Software Assurance Using Quality and Reliability Measures

252

Applying Agile in the DoD: Ninth Principle

253

Cyber Insurance and Its Role in Mitigating Cybersecurity Risk

254

AADL and Dassault Aviation

255

Tactical Cloudlets

256

Agile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs

257

Coding with AADL

258

The State of Agile

259

Applying Agile in the DoD: Eighth Principle

260

A Taxonomy of Operational Risks for Cyber Security

261

Agile Metrics

262

Four Principles for Engineering Scalable, Big Data Systems

263

An Appraisal of Systems Engineering: Defense v. Non-Defense

264

HTML5 for Mobile Apps at the Edge

265

Applying Agile in the DoD: Seventh Principle

266

AADL and Edgewater

267

Security and Wireless Emergency Alerts

268

Safety and Behavior Specification Using the Architecture Analysis and Design Language

269

Applying Agile in the DoD: Sixth Principle

270

Characterizing and Prioritizing Malicious Code

271

Using Quality Attributes to Improve Acquisition

272

Best Practices for Trust in the Wireless Emergency Alerts Service

273

Three Variations on the V Model for System and Software Testing

274

Adapting the PSP to Incorporate Verified Design by Contract

275

Comparing IT Risk Assessment and Analysis Methods

276

AADL and Aerospace

277

Assuring Open Source Software

278

Security Pattern Assurance through Roundtrip Engineering

279

The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

280

Applying Agile in the DoD: Fifth Principle

281

Software Assurance Cases

282

Raising the Bar - Mainstreaming CERT C Secure Coding Rules

283

AADL and Télécom Paris Tech

284

From Process to Performance-Based Improvement

285

An Approach to Managing the Software Engineering Challenges of Big Data

286

Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience

287

Situational Awareness Mashups

288

Applying Agile in the DoD: Fourth Principle

289

Architecting Systems of the Future

290

Acquisition Archetypes

291

Human-in-the-Loop Autonomy

292

Mobile Applications for Emergency Managers

293

Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

294

Applying Agile in the DoD: Third Principle

295

DevOps - Transform Development and Operations for Fast, Secure Deployments

296

Application Virtualization as a Strategy for Cyber Foraging

297

Common Testing Problems: Pitfalls to Prevent and Mitigate

298

Joint Programs and Social Dilemmas

299

Applying Agile in the DoD: Second Principle

300

Managing Disruptive Events - CERT-RMM Experience Reports

301

Reliability Validation and Improvement Framework

302

Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity

303

The Business Case for Systems Engineering

304

Applying Agile in the DoD: First Principle

305

The Evolution of a Science Project

306

Securing Mobile Devices aka BYOD

307

What's New With Version 2 of the AADL Standard?

308

The State of the Practice of Cyber Intelligence

309

Mitigating Insider Threat - New and Improved Practices Fourth Edition

310

Technology Readiness Assessments

311

Standards in Cloud Computing Interoperability

312

Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk

313

The Latest Developments in AADL

314

The Fundamentals of Agile

315

Software for Soldiers who use Smartphones

316

Managing Disruptive Events: Making the Case for Operational Resilience

317

Architecting Service-Oriented Systems

318

The SEI Strategic Plan

319

Quantifying Uncertainty in Early Lifecycle Cost Estimation

320

Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities

321

Architecting a Financial System with TSP

322

The Importance of Data Quality

323

How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them

324

Misaligned Incentives

325

How a Disciplined Process Enhances & Enables Agility

326

Agile Acquisition

327

An Architecture-Focused Measurement Framework for Managing Technical Debt

328

Cloud Computing for the Battlefield

329

U.S. Postal Inspection Service Use of the CERT Resilience Management Model

330

Insights from the First CERT Resilience Management Model Users Group

331

NIST Catalog of Security and Privacy Controls, Including Insider Threat

332

Cisco's Adoption of CERT Secure Coding Standards

333

How to Become a Cyber Warrior

334

Considering Security and Privacy in the Move to Electronic Health Records

335

Measuring Operational Resilience

336

Why Organizations Need a Secure Domain Name System

337

Controls for Monitoring the Security of Cloud Services

338

Building a Malware Analysis Capability

339

Using the Smart Grid Maturity Model (SGMM)

340

Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM

341

Conducting Cyber Exercises at the National Level

342

Indicators and Controls for Mitigating Insider Threat

343

How Resilient Is My Organization?

344

Public-Private Partnerships: Essential for National Cyber Security

345

Software Assurance: A Master's Level Curriculum

346

How to Develop More Secure Software - Practices from Thirty Organizations

347

Mobile Device Security: Threats, Risks, and Actions to Take

348

Establishing a National Computer Security Incident Response Team (CSIRT)

349

Securing Industrial Control Systems

350

The Power of Fuzz Testing to Reduce Security Vulnerabilities

351

Protect Your Business from Money Mules

352

Train for the Unexpected

353

The Role of the CISO in Developing More Secure Software

354

Computer and Network Forensics: A Master's Level Curriculum

355

Introducing the Smart Grid Maturity Model (SGMM)

356

Leveraging Security Policies and Procedures for Electronic Evidence Discovery

357

Integrating Privacy Practices into the Software Development Life Cycle

358

Using the Facts to Protect Enterprise Networks: CERT's NetSA Team

359

Ensuring Continuity of Operations When Business Is Disrupted

360

Managing Relationships with Business Partners to Achieve Operational Resiliency

361

The Smart Grid: Managing Electrical Power Distribution and Use

362

Electronic Health Records: Challenges for Patient Privacy and Security

363

Mitigating Insider Threat: New and Improved Practices

364

Rethinking Risk Management

365

The Upside and Downside of Security in the Cloud

366

More Targeted, Sophisticated Attacks: Where to Pay Attention

367

Is There Value in Identifying Software Security "Never Events?"

368

Cyber Security, Safety, and Ethics for the Net Generation

369

An Experience-Based Maturity Model for Software Security

370

Mainstreaming Secure Coding Practices

371

Security: A Key Enabler of Business Innovation

372

Better Incident Response Through Scenario Based Training

373

An Alternative to Risk Management for Information and Software Security

374

Tackling Tough Challenges: Insights from CERT's Director Rich Pethia

375

Climate Change: Implications for Information Technology and Security

376

Using High Fidelity, Online Training to Stay Sharp

377

Integrating Security Incident Response and e-Discovery

378

Concrete Steps for Implementing an Information Security Program

379

Virtual Communities: Risks and Opportunities

380

Developing Secure Software: Universities as Supply Chain Partners

381

Security Risk Assessment Using OCTAVE Allegro

382

Getting to a Useful Set of Security Metrics

383

How to Start a Secure Software Development Program

384

Managing Risk to Critical Infrastructures at the National Level

385

Analyzing Internet Traffic for Better Cyber Situational Awareness

386

Managing Security Vulnerabilities Based on What Matters Most

387

Identifying Software Security Requirements Early, Not After the Fact

388

Making Information Security Policy Happen

389

Becoming a Smart Buyer of Software

390

Building More Secure Software

391

Connecting the Dots Between IT Operations and Security

392

Getting in Front of Social Engineering

393

Using Benchmarks to Make Better Security Decisions

394

Protecting Information Privacy - How To and Lessons Learned

395

Initiating a Security Metrics Program: Key Points to Consider

396

Insider Threat and the Software Development Life Cycle

397

Tackling the Growing Botnet Threat

398

Building a Security Metrics Program

399

Inadvertent Data Disclosure on Peer-to-Peer Networks

400

Information Compliance: A Growing Challenge for Business Leaders

401

Internal Audit's Role in Information Security: An Introduction

402

What Business Leaders Can Expect from Security Degree Programs

403

The Path from Information Security Risk Assessment to Compliance

404

Computer Forensics for Business Leaders: Building Robust Policies and Processes

405

Business Resilience: A More Compelling Argument for Information Security

406

Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity

407

The Human Side of Security Trade-Offs

408

Dual Perspectives: A CIO's and CISO's Take on Security

409

Tackling Security at the National Level: A Resource for Leaders

410

Reducing Security Costs with Standard Configurations: U.S. Government Initiatives

411

Real-World Security for Business Leaders

412

Using Standards to Build an Information Security Program

413

Getting Real About Security Governance

414

Convergence: Integrating Physical and IT Security

415

IT Infrastructure: Tips for Navigating Tough Spots

416

The Value of De-Identified Personal Data

417

Adapting to Changing Risk Environments: Operational Resilience

418

Computer Forensics for Business Leaders: A Primer

419

The Real Secrets of Incident Management

420

The Legal Side of Global Security

421

A New Look at the Business of IT Education

422

Crisis Communications During a Security Incident

423

Assuring Mission Success in Complex Environments

424

Privacy: The Slow Tipping Point

425

Building Staff Competence in Security

426

Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology

427

Inside Defense-in-Depth

428

Protecting Against Insider Threat

429

Change Management: The Security 'X' Factor

430

CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT

431

The ROI of Security

432

Compliance vs. Buy-in

433

Why Leaders Should Care About Security

434

Proactive Remedies for Rising Threats