Software Assurance
Blog Posts
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
• By Scott Hissam
In Secure Development

Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development

Six Acquisition Pathways for Large-Scale, Complex Systems
How to map technical reference frameworks (TRFs) to the pathways that compose the DoD’s Adaptive Acquisition Framework (AAF)
• By Douglas C. Schmidt, Nickolas Guertin
In Software Architecture


Toward Technical Reference Frameworks to Support Large-Scale Systems of Systems
Strategies for creating architectures for large-scale, complex, and interoperable systems of systems that are composed of functions covering a broad range of requirements.
• By Nickolas Guertin, Douglas C. Schmidt
In Software Architecture


Safety Assurance Does Not Provide Software Assurance
Safety engineers and software developers for cyber-physical systems have made great strides in producing devices and systems that are reliable, safe, and functional. With the growing threat posed by cyber …
• By Mark Sherman
In Cyber-Physical Systems

Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
• By Scott Hissam
In Secure Development

7 Quick Steps to Using Containers Securely
The use of containers in software development and deployment continues to trend upwards. There is good reason for this climb in usage as containers offer many benefits....
• By Thomas Scanlon, Richard Laughlin


Data-Driven Management of Technical Debt
Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. …
• By Ipek Ozkaya
In Artificial Intelligence Engineering

Automated Assurance of Security-Policy Enforcement In Critical Systems
As U.S. Department of Defense (DoD) mission-critical and safety-critical systems become increasingly connected, exposure from security infractions is likewise increasing....
• By Peter Feiler

Seven Principles for Software Assurance
The exponential increase in cybercrime is a perfect example of how rapidly change is happening in cyberspace and why operational security is a critical need. In the 1990s, computer crime …
• By Nancy Mead
