sei.cmu

7 Recommendations to Improve SBOM Quality

Tobar, D., Jamieson, J., Priest, M., and Fricke, J., 2025: 7 Recommendations to Improve SBOM Quality. Carnegie Mellon University, Software Engineering Institute's ...
sei.cmu

Generative AI and Software Engineering Education

Ozkaya, I., and Schmidt, D., 2024: Generative AI and Software Engineering Education. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Auditing Bias in Large Language Models

Robinson, K., and Turri, V., 2024: Auditing Bias in Large Language Models. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

Application Programming Interface (API) Vulnerabilities and Risks

This report describes 11 common vulnerabilities and 3 risks related to application programming interfaces, providing suggestions about how to fix or reduce their impact. Application programming ...
sei.cmu

Using LLMs to Automate Static-Analysis Adjudication and Rationales

This is a pre-publication version of the article that has been accepted for publication in the August 2024 edition of “CrossTalk: The Journal of Defense Software Engineering.” Software vulnerabilities ...
sei.cmu

Applying Large Language Models to DoD Software Acquisition: An Initial Experiment

Schmidt, D., and Robert, J., 2024: Applying Large Language Models to DoD Software Acquisition: An Initial Experiment. Carnegie Mellon University, Software Engineering ...
sei.cmu

Using Large Language Models in the National Security Realm

Shannon Gallagher discusses findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use.
sei.cmu

10 Lessons in Security Operations and Incident Management

Ruefle, R., 2024: 10 Lessons in Security Operations and Incident Management. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

Using ChatGPT to Analyze Your Code? Not So Fast

Sherman, M., 2024: Using ChatGPT to Analyze Your Code? Not So Fast. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed October 27 ...
sei.cmu

Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways

Novak, W., 2023: Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways. Carnegie Mellon University, Software Engineering Institute's ...
sei.cmu

The Seven Virtues of Reconciling Agile and Earned Value Management (EVM)

Wilson, S., Place, P., and Korzec, K., 2023: The Seven Virtues of Reconciling Agile and Earned Value Management (EVM). Carnegie Mellon University, Software ...
sei.cmu

Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off

Benitez Preciado, M., 2023: Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off. Carnegie Mellon University, Software Engineering ...