SEI Insights

Recent Posts

A Taxonomy of Testing

By on

By Donald Firesmith
Principal Engineer
Software Solutions Division

While evaluating the test programs of numerous defense contractors, we have often observed that they are quite incomplete. For example, they typically fail to address all the relevant types of testing that should be used to (1) uncover defects (2) provide evidence concerning the quality and maturity of the system or software under test, and (3) demonstrate the readiness of the system or software for acceptance and being placed into operation. Instead, many test programs only address a relatively small subset of the total number of potentially relevant types of testing, such as unit testing, integration testing, system testing, and acceptance testing. In some cases, the missing testing types are actually performed (to some extent) but not addressed in test-related planning documents, such as test strategies, system and software test plans (STPs), and the testing sections of systems engineering management plans (SEMPs) and software development plans (SDP). In many cases, however, they are neither mentioned nor performed. This blog, post, the first in a series on the many types of testing, examines the negative consequences of not addressing all relevant testing types and introduces a taxonomy of testing types to help testing stakeholders understand--rather than overlook--them.

DevOps for Contractors

By on in

The challenges of DevOps--a cultural change, learning new technologies, and making a big-picture impact for a software project team--are possibly even more challenging in contract work. In this blog post, I'll expand on some of my past experiences as a contract software developer and discuss, in retrospect, how DevOps could have worked in different scenarios.

Handling Threats from Disgruntled Employees

By on in

Disgruntled employees can be a significant risk to any organization because they can have administrative privileges and access to systems that are necessary for the daily operation of the organization. These disgruntled employees can be identified and monitored, but without knowing what types of outcomes disgruntled insiders might accomplish, monitoring can become strenuous and overbearing.

Hi, I'm Richard Bavis, Insider Threat Graduate Intern at the CERT Insider Threat Center. In this blog post, I will discuss the top three outcomes of an attack conducted by a disgruntled insider to provide you with better insight into situations that could lead to an attack. By looking at these situations and outcomes, you and your organization will be able to better handle the possible threats of a disgruntled employee.

For those who were unable to attend the Software Engineering Institute (SEI) Architecture Technology User Network (SATURN) 2015 Conference, videos of many SATURN 2015 presentations are now available to view online

SATURN 2016 will be held at the Sheraton San Diego Hotel & Marina in San Diego, California, May 2-5. The SATURN Technical Committee will release the Call for Submissions for SATURN 2016 during the first week in September. We are opening the Call early this year to allow more time to submit proposals for the outstanding presentations you have come to expect from SATURN as the premier architecture conference for senior engineers. Watch for an announcement here soon!

Blogs

CERT/CC

Timely insights about vulnerabilities, network situational awareness, and research in the security field offered by CERT Division researchers.

DevOps

Technical Guidelines and practical advice for DevOps. Posts cover issues relating to understanding and achieving successful DevOps including cultural shifts, barriers to collaboration, continuous integration, continuous deployment, and automation.

Insider Threat

Advice and best practices for organizations wanting to help better deter, detect, and respond to evolving insider threats.

SATURN

The SEI Architecture Technology User Network’s blog covers topics relating to software architecture and connects the professional network of software, systems, and enterprise architects from around the world, representing industry, academia, and government.

SEI Blog

Ongoing and exploratory research on topics that include secure coding, malware analysis, testing, organizational planning, agile software development, big data, quality assurance, cloud computing, and software sustainment across the lifecycle.