Software Engineering Institute | Carnegie Mellon University

[Blog] An Introduction to Hardening Docker Images Maxwell Trdina Sasank Vishnubhatla https://lnkd.in/eG-mkJgt "Using unvetted container images can increase security risks through the introduction of vulnerable software into an organization’s software supply chain. For example, unvetted container images could contain packages with known Common Vulnerabilities and Exposures (CVEs), introducing a potential exploitation vector. As this blog post details, hardening these container images, or selecting verified pre-hardened container images before usage, decreases the risk of introducing vulnerable software." #docker #containers

We're #hiring a new Software Measurement and Estimation Data Scientist in Pittsburgh, Pennsylvania. Apply today or share this post with your network.

We're #hiring a new Front Desk Coordinator in Arlington, Virginia. Apply today or share this post with your network.

My group at the Software Engineering Institute | Carnegie Mellon University has opened registration and call for abstracts for our 21st annual FloCon, a cybersecurity analysis and engineering conference. It will be in Pittsburgh, at the SEI building, March 4th - 6th, 2025. For those reading that aren't in the field, I'm guessing your employer has an IT security group that you can forward this to. Please reach out with any questions or discussions of topics for presentations. https://lnkd.in/esq4Pyan (I don't know why it says FloCon 2023 in the preview...the site is updated)

The SEI is seeking participants for a project to investigate SBOM generation tools and processes as well as potential sources of divergent outcomes. Join us for the virtual kickoff of the SBOM Harmonization Plugfest 2024, sponsored by Cybersecurity and Infrastructure Security Agency, on November 19: https://lnkd.in/erFTSR7D   The SEI has selected eight software targets, covering a range of software languages, for SBOM generation. Participants will have until December 10 to submit SBOMs based on these targets. To learn more about SBOM Harmonization Plugfest 2024, visit https://lnkd.in/eHtnGni9. #SBOM #software

Heads up, DoD acquisition friends! I am growing my team here at the SEI again! We work with acquisition programs and policymakers to devise effective, innovative, data-driven strategies and policies to accelerate the realization of software-enabled capability throughout the acquisition lifecycle, and collaborate with researchers across the SEI to transition software, cybersecurity, and AI research innovations into broad use. We are looking for another software-acquisition-savvy creative thinker to join us in this important work. Every day, I get to team up with leaders like Brigid O'Hearn, Rita Creel, Linda Parker Gates, William Nichols, Anandi Hira, Ipek Ozkaya, Chris Miller, Carol J. Smith, Grace Lewis, Matthew Butkovic, CISA, CISSP to help the DoD solve its toughest software challenges - and have a lot of fun along the way. It's a heck of a group photo. If you can envision yourself in it, check out the link below or hit me up. https://lnkd.in/g5aCZwd3 (This position would be based in our Pittsburgh or Arlington offices.)

[Blog] Introduction to MLOps: Bridging Machine Learning and Operations by Dan DeCapria https://lnkd.in/eXw8_MES "In this post, we'll explore the fundamentals of MLOps and introduce how it's applied in specialized contexts, such as the DoD." #MLOps #ML #machinelearning

We're #hiring a new Special Programs Security Coordinator in Pittsburgh, Pennsylvania. Apply today or share this post with your network.

We're #hiring a new IT Compliance Specialist in Pittsburgh, Pennsylvania. Apply today or share this post with your network.

Cyber Challenges in Health Care: Managing for Operational Resilience https://lnkd.in/eMSmiSQK In this webcast, Matthew Butkovic, CISA, CISSP and Dr. Darrell Keeling, PhD, MBA, CHCIO, CHISL, CDH-E, CPHIMS, CISSP explore approaches to maximize return on cybersecurity investment in the health-care context. #healthcare #cybersecurity #operationalresilience