search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Is Your Organization Ready for Agile? - Part 3

Is Your Organization Ready for Agile? - Part 3

• SEI Blog
Suzanne Miller

This blog post is the third in a series on Agile adoption in regulated settings, such as the Department of Defense, Internal Revenue Service, and Food and Drug Administration. In our work with the Department of Defense (DoD) and other government agencies such as the U.S. Department of Veteran Affairs and the U.S. Department of the Treasury, we often encounter organizations that have been asked by their government program office to adopt agile methods. These...

Read More
A Strategic Approach to Software Assurance

A Strategic Approach to Software Assurance

• SEI Blog
Mike McLendon

Software is the principal, enabling means for delivering system and warfighter performance across a spectrum of Department of Defense (DoD) capabilities. These capabilities span the spectrum of mission-essential business systems to mission-critical command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems to complex weapon systems. Many of these systems now operate interdependently in a complex net-centric and cyber environment. The pace of technological change continues to evolve along with the almost total system reliance...

Read More
Assurance Cases and Confidence

Assurance Cases and Confidence

• SEI Blog
Charles Weinstock

From the braking system in your automobile to the software that controls the aircraft that you fly in, safety-critical systems are ubiquitous. Showing that such systems meet their safety requirements has become a critical area of work for software and systems engineers. "We live in a world in which our safety depends on software-intensive systems," editors of IEEE Software wrote in the magazine's May/June issue. "Organizations everywhere are struggling to find cost-effective methods to deal...

Read More
A Multi-Dimensional Approach to Insider Threat

A Multi-Dimensional Approach to Insider Threat

• SEI Blog
David Mundie

Researchers on the CERT Division's insider threat team have presented several of the 26 patterns identified by analyzing our insider threat database, which is based on examinations of more than 700 insider threat cases and interviews with the United States Secret Service, victims' organizations, and convicted felons. Through our analysis, we identified more than 100 categories of weaknesses in systems, processes, people, or technologies that allowed insider threats to occur. One aspect of our research...

Read More
Semantic Code Analysis for Malware Code Deobfuscation

Semantic Code Analysis for Malware Code Deobfuscation

• SEI Blog
Cory Cohen

In 2012, Symantec blocked more than 5.5 billion malware attacks (an 81 percent increase over 2010) and reported a 41 percent increase in new variants of malware, according to January 2013 Computer World article. To prevent detection and delay analysis, malware authors often obfuscate their malicious programs with anti-analysis measures. Obfuscated binary code prevents analysts from developing timely, actionable insights by increasing code complexity and reducing the effectiveness of existing tools. This blog post describes...

Read More
An Investment Model for Software Sustainment

An Investment Model for Software Sustainment

• SEI Blog
Robert Ferguson

Software sustainment involves coordinating the processes, procedures, people, information, and databases required to support, maintain, and operate software-reliant aspects of DoD systems. The 2011 book Examination of the U.S. Air Force's Aircraft Sustainment Needs in the Future and its Strategy to Meet Those Needs states...

Read More
AADL in the Medical Domain

AADL in the Medical Domain

• SEI Blog
Julien Delange

When life- and safety-critical systems fail, the results can be dire, including loss of property and life. These types of systems are increasingly prevalent, and can be found in the altitude and control systems of a satellite, the software-reliant systems of a car (such as its cruise control and GPS), or a medical device. When developing such systems, software and systems architects must balance the need for stability and safety with stakeholder demands and time-to-market...

Read More
Application Virtualization for Cloudlet-Based Cyber-Foraging at the Edge

Application Virtualization for Cloudlet-Based Cyber-Foraging at the Edge

• SEI Blog
Grace Lewis

Soldiers and emergency workers who carry smartphones in the battlefield, or into disaster recovery sites (such as Boston following the marathon bombing earlier this year) often encounter environments characterized by high mobility, rapidly-changing mission requirements, limited computing resources, high levels of stress, and limited network connectivity. At the SEI, we refer to these situations as "edge environments." Along with my colleagues at the SEI, my research aims to increase the computing power of mobile devices...

Read More