Software Assurance
Blog Posts
Challenges to Assuring Large-Scale Systems
National defense efforts have shifted from defeating terrorism to accelerating innovation, with a priority of delivering capability at speed and at scale.
Read More•By Gabriel Moreno, Anton Hristozov, John E. Robert, Mark H. Klein
In Software Engineering Research and Development
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
Read More•By Scott Hissam
In Secure Development
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
Read More•By Paul Nielsen
In Software Engineering Research and Development
Six Acquisition Pathways for Large-Scale, Complex Systems
How to map technical reference frameworks (TRFs) to the pathways that compose the DoD’s Adaptive Acquisition Framework (AAF)
Read More•By Douglas Schmidt (Vanderbilt University), Nickolas Guertin
In Software Architecture
Toward Technical Reference Frameworks to Support Large-Scale Systems of Systems
Strategies for creating architectures for large-scale, complex, and interoperable systems of systems that are composed of functions covering a broad range of requirements.
Read More•By Nickolas Guertin, Douglas Schmidt (Vanderbilt University)
In Software Architecture
Safety Assurance Does Not Provide Software Assurance
This SEI Blog on cybersecurity in cyber-physical systems (CPS), shows how safety evaluations fail to protect against cyber threats.
Read More•By Mark Sherman
In Cyber-Physical Systems
Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
Read More•By Scott Hissam
In Secure Development
7 Quick Steps to Using Containers Securely
The use of containers in software development and deployment continues to trend upwards. There is good reason for this climb in usage as containers offer many benefits....
Read More•By Tom Scanlon, Richard Laughlin
Data-Driven Management of Technical Debt
Learn about the SEI's work on technical debt analysis techniques and practices to help software engineers manage its impact on projects in this SEI Blog post.
Read More•By Ipek Ozkaya, Robert Nord
In Technical Debt
Automated Assurance of Security-Policy Enforcement In Critical Systems
As U.S. Department of Defense (DoD) mission-critical and safety-critical systems become increasingly connected, exposure from security infractions is likewise increasing....
Read More