Mark Sherman
Software Engineering Institute
Dr. Mark Sherman is the Technical Director of the Cyber Security Foundations group in the SEI's CERT® Division at the Carnegie Mellon University Software Engineering Institute. His team focuses on foundational research on the life cycle for building secure software and on data-driven analysis of cybersecurity. Prior to joining CERT, Dr. Sherman was at IBM and various startups, working on mobile systems, integrated hardware-software appliances, transaction processing, languages and compilers, virtualization, network protocols and databases. He has published over 50 papers on various topics in computer science.
Publications by Mark Sherman
-
Threats for Machine Learning
October 07, 2020 • Webinar
Mark Sherman
Mark Sherman explains where machine learning applications can be attacked, the means for carrying out the attack and some mitigations you can use.
watch -
Threats to Machine Learning Applications
August 18, 2020 • Presentation
Mark Sherman
This presentation illustrates where machine learning applications can be attacked, the means for carrying out the attacks, and some mitigations that can be employed.
read -
Using AI to Build More Secure Software
August 26, 2019 • Presentation
Mark Sherman
This presentation will discuss why the construction of secure software is a concern beyond the IT industry, the elements of a secure software development process and how artificial intelligence could be applied to improve that process.
read -
Influence Attacks on Machine Learning
December 12, 2018 • Video
Mark Sherman
Mark Sherman explains how deep learning is playing an increasing role in developing new applications and how adversaries can attack machine learning systems in a variety of ways.
watch -
SEI Cyber Minute: Cybersecurity in the Defense Acquisition System
November 13, 2017 • Video
Mark Sherman
Unfortunately, where there is software, there are risks from vulnerabilities. In response, the Department of Defense has recently expanded the key document governing acquisition, 5000.02.
watch -
Verifying Software Assurance with IBM’s Watson
September 07, 2017 • Podcast
Mark Sherman
In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review.
learn more -
SEI Cyber Minute: Adding Security to Agile's Scrum
June 08, 2017 • Video
Mark Sherman
Watch Mark Sherman in this SEI Cyber Minute as he discusses "Adding Security to Agile's Scrum".
watch -
Building Secure Software for Mission Critical Systems
March 23, 2017 • Presentation
Mark Sherman
This presentation explores the expanding landscape of vulnerabilities that accompanies the increasing reliance on software and then examines some key steps to help mitigate the increased risk.
read -
Risks in the Software Supply Chain
March 23, 2017 • Presentation
Mark Sherman
This presentation describes the parts of the software supply chain, how vulnerabilities have been introduced, and the actions developers can employ to avoid or mitigate the risks inherent in an assembly-based software development strategy.
read -
Construction and Implementation of CERT Secure Coding Rules Improving Automation of Secure Coding
November 30, 2016 • Presentation
Mark ShermanAaron Ballman
This presentation describes the need for secure coding standards, which help reduce vulnerabilities due to programming errors.
read -
From Secure Coding to Secure Software
November 10, 2016 • Webinar
Mark ShermanRobert Schiela
In this webinar, we discussed how you can improve your organization's secure coding capabilities.
watch -
Experiences Developing an IBM Watson Cognitive Processing Application
November 01, 2016 • Presentation
Mark Sherman
Inquiry into whether DoD could use IBM Watson to improve assurance
read -
Developing and IBM Watson Cognitive Processing Application
October 18, 2016 • Poster
Mark Sherman
Supporting Application Security (Software Assurance)
read -
Secure Software Development Landscape
July 08, 2016 • Webinar
Mark Sherman
Examine how security can be introduced throughout the software development lifecycle to blunt vulnerabilities.
watch -
Cybersecurity Considerations for Vehicles
December 10, 2015 • White Paper
Mark ShermanJens Palluch (Method Park)
In this paper the authors discuss the number of ECUs and software in modern vehicles and the need for cybersecurity to include vehicles.
read -
Building Secure Software for Mission Critical Systems (2015)
November 18, 2015 • Presentation
Mark Sherman
This presentation explores the expanding landscape of vulnerabilities that accompanies an increasing reliance on software and examines key steps to help mitigate the increased risk.
read