Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
A Roadmap for Creating and Using Virtual Prototyping Software
Software Architecture Patterns for Robustness
A Platform-Independent Model for DevSecOps
Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems
Trust and AI Systems
A Dive into Deepfakes
Challenges and Metrics in Digital Engineering
The 4 Phases of the Zero Trust Journey
DevSecOps for AI Engineering
Undiscovered Vulnerabilities: Not Just for Critical Software
Explainable AI Explained
Model-Based Systems Engineering Meets DevSecOps
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy
Software and Systems Collaboration in the Era of Smart Systems
Securing the Supply Chain for the Defense Industrial Base
Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis
Envisioning the Future of Software Engineering
Implementing the DoD's Ethical AI Principles
Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems
Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems
Create your
podcast in
minutes
It is Free