search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Strategic Planning: Developing Business Drivers for Performance Improvement

Strategic Planning: Developing Business Drivers for Performance Improvement

• SEI Blog
Linda Parker Gates

Organizational improvement efforts should be driven by business needs, not by the content of improvement models. While improvement models, such as the Capability Maturity Model Integration (CMMI) or the Baldrige Criteria for Performance Excellence, provide excellent guidance and best practice standards, the way in which those models are implemented must be guided by the same drivers that influence any other business decision. Business drivers are the collection of people, information, and conditions that initiate and...

Read More
Writing Effective YARA Signatures to Identify Malware

Writing Effective YARA Signatures to Identify Malware

• SEI Blog
David French

In previous blog posts, I have written about applying similarity measures to malicious code to identify related files and reduce analysis expense. Another way to observe similarity in malicious code is to leverage analyst insights by identifying files that possess some property in common with a particular file of interest. One way to do this is by using YARA, an open-source project that helps researchers identify and classify malware. YARA has gained enormous popularity in...

Read More
Helping Developers Address Security with the CERT C Secure Coding Standard

Helping Developers Address Security with the CERT C Secure Coding Standard

• SEI Blog
David Keaton

By analyzing vulnerability reports for the C, C++, Perl, and Java programming languages, the CERT Secure Coding Team observed that a relatively small number of programming errors leads to most vulnerabilities. Our research focuses on identifying insecure coding practices and developing secure alternatives that software programmers can use to reduce or eliminate vulnerabilities before software is deployed. In a previous post, I described our work to identify vulnerabilities that informed the revision of the International...

Read More
Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

• SEI Blog
Bill Pollak

Last week, we presented the first posting in a series from a panel at SATURN 2012 titled "Reflections on 20 Years of Software Architecture." In her remarks on the panel summarizing the evolution of software architecture work at the SEI, Linda Northrop, director of the SEI's Research, Technology, and System Solutions (RTSS) Program, referred to the steady growth in system scale and complexity over the past two decades and the increased awareness of architecture as...

Read More
Reflections on 20 Years of Software Architecture: A Presentation by Linda Northrop

Reflections on 20 Years of Software Architecture: A Presentation by Linda Northrop

• SEI Blog
Bill Pollak

A search on the term "software architecture" on the web as it existed in 1992 yielded 88,700 results. In May, during a panel providing a 20-year retrospective on software architecture hosted at the SEI Architecture Technology User Network (SATURN) conference, moderator Rick Kazman noted that on the day of the panel discussion--May 9, 2012-- that same search yielded 2,380,000 results. This 30-fold increase stems from various factors, including the steady growth in system complexity, the...

Read More
SEI Contributes to a National Supercomputing Initiative

SEI Contributes to a National Supercomputing Initiative

• SEI Blog
Kurt Wallnau

For more than 10 years, scientists, researchers, and engineers used the TeraGrid supercomputer network funded by the National Science Foundation (NSF) to conduct advanced computational science. The SEI has joined a partnership of 17 organizations and helped develop the successor to the TeraGrid called the Extreme Science and Engineering Discovery Environment (XSEDE). This posting, which is the first in a multi-part series, describes our work on XSEDE that allows researchers open access--directly from their desktops--to...

Read More
Is Your Organization Ready for Agile? - Part 1

Is Your Organization Ready for Agile? - Part 1

• SEI Blog
Suzanne Miller

This blog post is the first in a series on Agile adoption in regulated settings, such as the Department of Defense, Internal Revenue Service, and Food and Drug Administration. All software engineering and management practices are based on cultural and social assumptions. When adopting new practices, leaders often find mismatches between those assumptions and the realities within their organizations. The SEI has an analysis method called Readiness and Fit Analysis (RFA) that allows the profiling...

Read More
Effectiveness of a Pattern for Preventing Theft by Insiders

Effectiveness of a Pattern for Preventing Theft by Insiders

• SEI Blog
Andrew Moore

Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims' organizations, and convicted felons. Among the more than 700 insider threat cases that we've documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused...

Read More