Software Engineering Institute

Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model

This podcast explores updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal ...
sei.cmu

Rust Software Security: A Current State Assessment

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

UEFI: 5 Recommendations for Securing and Restoring Trust

Sarvepalli, V., 2023: UEFI: 5 Recommendations for Securing and Restoring Trust. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

DataOps: Towards More Reliable Machine Learning Systems

DeCapria, D., 2025: DataOps: Towards More Reliable Machine Learning Systems. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

New DoD Memo Accelerates Software Acquisition Modernization

March 13, 2025—Secretary of Defense Pete Hegseth has directed all Department of Defense (DoD) components to adopt the Software Acquisition Pathway (SWP) as “the preferred pathway for all software ...
sei.cmu

Introducing MLTE: A Systems Approach to Machine Learning Test and Evaluation

Derr, A., Echeverría, S., Maffey, K., and Lewis, G., 2025: Introducing MLTE: A Systems Approach to Machine Learning Test and Evaluation. Carnegie Mellon University ...
sei.cmu

Using LLMs to Adjudicate Static-Analysis Alerts

Software analysts use static analysis as a standard method to evaluate the source code for potential vulnerabilities, but the volume of findings is often too large to review in their entirety, causing ...
sei.cmu

Generative AI and Software Engineering Education

Ozkaya, I., and Schmidt, D., 2024: Generative AI and Software Engineering Education. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Applying Large Language Models to DoD Software Acquisition: An Initial Experiment

Schmidt, D., and Robert, J., 2024: Applying Large Language Models to DoD Software Acquisition: An Initial Experiment. Carnegie Mellon University, Software Engineering ...
sei.cmu

Example Case: Using DevSecOps to Redefine Minimum Viable Product

Yankel, J., 2024: Example Case: Using DevSecOps to Redefine Minimum Viable Product. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

10 Lessons in Security Operations and Incident Management

Ruefle, R., 2024: 10 Lessons in Security Operations and Incident Management. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

Considerations for Evaluating Large Language Models for Cybersecurity Tasks

Generative artificial intelligence (AI) and large language models (LLMs) have taken the world by storm. The ability of LLMs to perform tasks seemingly on par with humans has led to rapid adoption in a ...