Industry

The document was issued by industry or industrial organization.
news

Visible to the public NSA-approved cybersecurity law and policy course now available online

NSA-approved cybersecurity law and policy course now available online

Cyber Scoop

Shannon Vavra

August 27th, 2019

Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

news

Visible to the public NSA-approved cybersecurity law and policy course now available online

NSA-approved cybersecurity law and policy course now available online

Cyber Scoop

Shannon Vavra

August 27th, 2019

Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

file

Visible to the public What Blockchain Got Right, No Really

file

Visible to the public Automating Avionics Certification activities using Formal Methods

Certification of avionics software is achieved by following a rigorous, prescriptive development process, defined in Software Considerations in Airborne Systems and Equipment Certification, commonly referred to as DO-178C .This process prescribes software development and verification activities that result in airworthy software. Developing compliant software that adheres to the standard is costly and time consuming; for the most-critical avionics software there are 69 objectives that must be satisfied.

file

Visible to the public Semantics-Driven Testing of the PKCS11 API

PKCS11 is an industry standard API for communicating with cryptographic devices such as hardware security modules (HSMs). PKCS11 is a security critical API, and so implementation errors can have serious consequences. However, the PKCS11 standard is large and complex, with 100 pages of documentation for almost 50 functions. As a result, it is very challenging for developers to avoid API implementation errors. This is the problem that our work addresses.

file

Visible to the public OODA Loops in Cyberspace: How Cyber Awareness Training Helps Threat Actors

Cybersecurity's human adversarial engagement is often lost in discussions of cybersecurity. We discuss how defenders' focus on technology unintentionally creates vulnerabilities which can be exploited by threat actors. In particular, we discuss how the convergence of cyber awareness training and defensive technologies is exploited by threat actors with devastating consequences.