search menu icon-carat-right cmu-wordmark

Posts by Rick Kazman

Rapid Software Composition by Assessing Untrusted Components

Rapid Software Composition by Assessing Untrusted Components

• Blog
Rick Kazman

Today, organizations build applications on top of existing platforms, frameworks, components, and tools; no one constructs software from scratch. Hence today's software development paradigm challenges developers to build trusted systems that include increasing numbers of largely untrusted components. Bad decisions are easy to make and have significant long-term consequences. For example, decisions based on outdated knowledge or documentation, or skewed to one criterion (such as performance) may lead to substantial quality problems, security risks, and...

Read More
Prototyping for Developing Big Data Systems

Prototyping for Developing Big Data Systems

• Blog
Rick Kazman

There are several risks specific to big data system development. Software architects developing any system--big data or otherwise--must address risks associated with cost, schedule, and quality. All of these risks are amplified in the context of big data. Architecting big data systems is challenging because the technology landscape is new and rapidly changing, and the quality attribute challenges, particularly for performance, are substantial. Some software architects manage these risks with architecture analysis, while others use...

Read More
A Case Study in Locating the Architectural Roots of Technical Debt

A Case Study in Locating the Architectural Roots of Technical Debt

• Blog
Rick Kazman

Recent research has demonstrated that in large scale software systems, bugs seldom exist in isolation. As detailed in a previous post in this series, bugs are often architecturally connected. These architectural connections are design flaws. Static analysis tools cannot find many of these flaws, so they are typically not addressed early in the software development lifecycle. Such flaws, if they are detected at all, are found after the software has been in use; at this...

Read More
A Tool to Address Cybersecurity Vulnerabilities Through Design

A Tool to Address Cybersecurity Vulnerabilities Through Design

• Blog
Rick Kazman

This post was also co-authored by Carol Woody. Increasingly, software development organizations are finding that a large number of their vulnerabilities stem from design weaknesses and not coding vulnerabilities. Recent statistics indicate that research should focus on identifying design weaknesses to alleviate software bug volume. In 2011, for example when MITRE released its list of the 25 most dangerous software errors, approximately 75 percent of those errors represented design weaknesses. Viewed through another lens, more...

Read More
Security Pattern Assurance through Round-trip Engineering

Security Pattern Assurance through Round-trip Engineering

• Blog
Rick Kazman

The process of designing and analyzing software architectures is complex. Architectural design is a minimally constrained search through a vast multi-dimensional space of possibilities. The end result is that architects are seldom confident that they have done the job optimally, or even satisfactorily. Over the past two decades, practitioners and researchers have used architectural patterns to expedite sound software design. Architectural patterns are prepackaged chunks of design that provide proven structural solutions for achieving particular...

Read More
Measuring the Impact of Explicit Architecture Documentation

Measuring the Impact of Explicit Architecture Documentation

• Blog
Rick Kazman

The SEI has long advocated software architecture documentation as a software engineering best practice. This type of documentation is not particularly revolutionary or different from standard practices in other engineering disciplines. For example, who would build a skyscraper without having an architect draw up plans first? The specific value of software architecture documentation, however, has never been established empirically. This blog describes a research project we are conducting to measure and understand the value of...

Read More

Contact the Author

Rick Kazman

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Rick Kazman

View publications