Cognitive Programming Model for Reliable and Inspectable Automated Decision Making using Large Language Models
Systems today are primarily assemblies of reused components many of which are Open-Source software. The reuse of software has enabled faster fielding of systems since common components, but all software comes with vulnerabilities, and attackers have expanded their capabilities to exploit them in products that have broad use especially Open Source. How should an organization make appropriate trade-off choices among cost, schedule, and cybersecurity?
The Software Engineering Institute (SEI) has explored many aspects of software measurement. Over the history of software engineering, we have learned that software metrics for both the process and the product are needed. We have also explored many aspects of cybersecurity measurement and determined that we must be able to measure the processes for developing and using software and how those measurement results affect the product’s cybersecurity. It is insufficient to measure only operational code, its vulnerabilities, and the attendant risk of successful hacks. Relying on the assumption that many eyeballs looking at the software ensures better security is of little value without an understanding of what was analyzed and how knowledgeable were those performing the analysis.
Dr. Carol Woody is principal researcher for the CERT division of the Software Engineering Institute. She focuses on cybersecurity engineering for building capabilities and competencies to measure, manage, and sustain cybersecurity and software assurance for highly complex software-reliant systems and systems of systems. She has been a member of the CERT technical staff for over 20 years. Dr. Woody coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate, a self-paced online training program, is based on research she led.