search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Prototyping for Developing Big Data Systems

Prototyping for Developing Big Data Systems

• SEI Blog
Rick Kazman

There are several risks specific to big data system development. Software architects developing any system--big data or otherwise--must address risks associated with cost, schedule, and quality. All of these risks are amplified in the context of big data. Architecting big data systems is challenging because the technology landscape is new and rapidly changing, and the quality attribute challenges, particularly for performance, are substantial. Some software architects manage these risks with architecture analysis, while others use...

Read More
EMFTA: an Open Source Tool for Fault Tree Analysis

EMFTA: an Open Source Tool for Fault Tree Analysis

• SEI Blog
Julien Delange

Safety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a quadcopter drone, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard. Standards such as ARP4761 mandate several analyses, such as Functional Hazard Assessment (FHA) and Failure Mode and Effect Analysis (FMEA). One popular...

Read More
A Naval Perspective on Open-Systems Architecture

A Naval Perspective on Open-Systems Architecture

• SEI Blog
Douglas C. Schmidt

This blog post was co-authored by Carol Sledge. To deliver enhanced, integrated warfighting capability at lower cost, the DoD must move away from stove-piped solutions and embrace open systems architecture (OSA) approaches that integrate business and technical practices to create systems with interoperable and reusable components. In November, the SEI launched a series of blog posts that highlight the perspectives of DoD stakeholders--including contractor and government employees--on OSA-based approaches and how they can best be...

Read More
Top 10 SEI Blog Posts of 2016

Top 10 SEI Blog Posts of 2016

• SEI Blog
Douglas C. Schmidt

The crop of Top 10 SEI blog posts published in the first half of 2016 (judged by the number of visits by our readers) represents a cross section of the type of cutting-edge work that we do at the SEI: at-risk emerging technologies, cyber intelligence, big data, vehicle cybersecurity, and what ant colonies can teach us about securing the internet. In all, readers visited the SEI blog more than 52,000 times for the first six...

Read More
Got Technical Debt? Track Technical Debt to Improve Your Development Practices

Got Technical Debt? Track Technical Debt to Improve Your Development Practices

• SEI Blog
Stephany Bellomo

What is technical debt? Why identify technical debt? Shouldn't it be captured as defects and bugs? Concretely communicating technical debt and its consequences is of interest to both researchers and software engineers. Without validated tools and techniques to achieve this goal with repeatable results, developers resort to ad hoc practices, most commonly using issue trackers or backlog-management practices to capture and track technical debt. We examined 1,264 issues from four issue trackers used in open-source...

Read More
Using Quality Metrics and Security Methods to Predict Software Assurance

Using Quality Metrics and Security Methods to Predict Software Assurance

• SEI Blog
Carol Woody

This blog post was co-authored by Nancy Mead, SEI Fellow. To ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle...

Read More
Helping Large Government Programs Adopt and Adapt to Agile Methods

Helping Large Government Programs Adopt and Adapt to Agile Methods

• SEI Blog
Harry Levinson

The mix of program-scale Agile and technical baseline ownership drives cheaper, better, and faster deployment of software-intensive systems. Although these practices aren't new, the SEI has seen how their combination can have dramatic effects. The Air Force Distributed Common Ground System (AF DCGS)--the Air Force's primary weapon system for intelligence, surveillance, reconnaissance, planning, direction, collection, processing, exploitation, analysis, and dissemination--employs a global communications architecture that connects multiple intelligence platforms and sensors. The AF DCGS challenge...

Read More
Prioritizing Alerts from Static Analysis to Find and Fix Code Flaws

Prioritizing Alerts from Static Analysis to Find and Fix Code Flaws

• SEI Blog
Lori Flynn

In 2015, the National Vulnerability Database (NVD) recorded 6,488 new software vulnerabilities, and the NVD documents a total of 74,885 software vulnerabilities discovered between 1988-2016. Static analysis tools examine code for flaws, including those that could lead to software security vulnerabilities, and produce diagnostic messages ("alerts") indicating the location of the purported flaw in the source code, the nature of the flaw, and often additional contextual information. A human auditor then evaluates the validity of...

Read More