Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


Data Driven Software Assurance

  • If you are building software that is going to exchange messages on the internet or be part of a web service or something, there are a handful of attacks you can very well predict. They are going on all the time in the background.
  • Listen

    Loading Podcast.....
  • Related

    Technical Report | Data Driven Software Assurance

    Blog | Data Driven Software Assurance

  • Abstract

    Software vulnerabilities are defects or weaknesses in a software system that, if exploited, can lead to compromise of the control of a system or the information it contains. The problem of vulnerabilities in fielded software is pervasive and serious. In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division and determined that a large number of significant and pernicious software vulnerabilities likely had their origins early in the software development lifecycle in the requirements and design phases.

    In this podcast, SEI researchers Mike Konrad and Art Mansion discuss a project that was launched to investigate design-related vulnerabilities and quantify their effects.

  • Transcript
  • Audio

About the Speaker

  • Michael D. Konrad

    Mike Konrad is a principal researcher who has been with the Software Engineering Institute since 1988. Until 2013, Konrad was involved with Software CMM and CMMI models development. Since 2013, Konrad has been the technical leader for three research efforts that investigate the early software development lifecycle (requirements and design) in challenging environments:

    •    Eliciting Unstated Requirements at Scale
    •    Data Driven Software Assurance
    •    Concurrent Deliberation of Requirements and Analysis of Socio-Technical Ecosystem Infrastructure Improvement (CDRASII)

  • Art Manion

    Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts, and vulnerability notes for CERT/CC and US-CERT. Manion currently focuses on vulnerability discovery and other areas of applied research, including ways to automate and improve operational vulnerability response. Prior to joining the SEI, Manion was the Director of Network Infrastructure at Juniata College.