tom longstaff

The SEI's CERT Division has released a new vulnerability note ➡️ Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default (CVE-2025-3927) kb.cert.org/vuls/id/360686…

Through discussions with various DoD mission partners around enabling their workforces to implement #AI solutions, the SEI AI Workforce Development team has created 10 recommendations that organizations need to know about AI workforce development: insights.sei.cmu.edu/blog/10-things…

Market forces have sidelined #softwaresecurity, leaving software vulnerable. Industry needs to develop a standard for creating software that is secure by design, says a paper from @AFCEA International and coauthored by the SEI’s Greg Touhill - insights.sei.cmu.edu/news/new-paper…

In our latest podcast, Gregory Touhill, director of the SEI CERT Division, discusses how CERT researchers are delivering rapid capability to warfighters in the Department of Defense, from cyber best practices to #AI and protecting critical infrastructure: youtu.be/W-XXP3d-hZk?si…

The SEI's CERT Division has released a new vulnerability note: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions. Learn more ➡️ kb.cert.org/vuls/id/252619…

The SEI is #hiring a senior #AI security researcher. This position will develop state of the art approaches for analyzing the robustness of AI systems, apply these approaches to understanding vulnerabilities in AI systems, and more. Apply ➡️ cmu.wd5.myworkdayjobs.com/en-US/SEI/job/…

Logistics are essential to nearly all aspects of the economy and national security. However, a number of challenges can disrupt logistics. In this blog post, Clarence Worrell and Lauren Hoge discuss cyber attacks to #logistics decision models. insights.sei.cmu.edu/blog/cybersecu…

The SEI's CERT Division has released a new vulnerability note: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (CVE-2024-12366) ➡️ kb.cert.org/vuls/id/148244…

The SEI is hiring an associate penetration tester to develop innovative solutions for #cybersecurity challenges to enhance national security. Learn more and apply ➡️ cmu.wd5.myworkdayjobs.com/en-US/SEI/job/…

The SEI's Grace Lewis was elected the 2026 president of the IEEE Computer Society, the largest community of computer scientists and engineers. In this podcast, Lewis discusses her vision and plans for the @ComputerSociety presidency ➡️ insights.sei.cmu.edu/library/grace-…

When it comes to recognizing threats, #cybersecurity professionals may become distracted by big promises or ignore obvious inspections. In this webcast on March 26 at 1 pm ET, Dan Ruef will explain how to stay on task to secure networks and systems: eventbrite.com/e/threat-hunti…

All DoD components have been directed to adopt the #SoftwareAcquisitionPathway. The SEI helped shape the policy and has worked with DoD programs to implement it, with the goal of accelerating delivery of capability to the warfighter - insights.sei.cmu.edu/news/new-dod-m…

#DevSecOps can improve the effectiveness of a software organization and the quality of its software. This blog post proposes a framework for DevSecOps maturity, enabling organizations to focus on value delivered without excessive focus on compliance. insights.sei.cmu.edu/blog/the-devse…

The SEI is #hiring a senior #AI engineer to work with our customers to identify areas where advanced #statistical techniques can help tackle problems, plan and develop prototype solutions, and build out final products ➡️ cmu.wd5.myworkdayjobs.com/en-US/SEI/job/…

In this blog post, David Svoboda discusses a proposal for improving the SEI CERT C Coding Standard. This change would better harmonize with the current state of static analysis tools & simplify the process of source code security auditing. insights.sei.cmu.edu/blog/detection…

#ML for #cybersecurity has been researched extensively, but methods suffer from a lack of explainability. This post proposes cyber-informed machine learning as a conceptual framework and emphasizes 3 types of explainability for ML for cybersecurity: insights.sei.cmu.edu/blog/cyber-inf…

The SEI is hosting a webcast on the elements of effective #communications for #cybersecurity teams with Sharon Mudd on February 28, 2025 from 1-2 pm ET. Register here ➡️ eventbrite.com/e/elements-of-…

The SEI is teaching a live, online three-day course on insider threat on March 18-20. The course will present strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Learn more and register ➡️ insights.sei.cmu.edu/training/insid… #InsiderThreat

#Cybersecurity for AI and ML systems is a rapidly evolving space. In this post, SEI researchers highlight lessons learned from applying the coordinated vulnerability disclosure process to reported vulnerabilities in AI and ML systems: insights.sei.cmu.edu/blog/protectin…

Software modernization within the DoD has become more important than ever. In this podcast, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including the interplay between software, #cybersecurity, and #AI ➡️ youtu.be/FPU8clh-HB0