SEI Insights

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Malicious software (known as "malware") is increasingly pervasive with a constant influx of new, increasingly complex strains that wreak havoc by exploiting computers or personal and business information stored therein for malicious or criminal purposes. Examples include code that is designed to pilfer personal and digital credentials; plunder sensitive information from government or business enterprises; or interrupt, misdirect, or render inoperable computer hardware and computer-controlled equipment. This post describes our work to create a rapid search capability that allows analysts to quickly analyze a new piece of malware.

Large-scale DoD acquisition programs are increasingly being developed atop reusable software platforms--known as Common Operating Environments (COEs) --that provide applications and end-users with many net-centric capabilities, such as cloud computing or Web 2.0 applications, including data-sharing, interoperability, user-centered design, and collaboration. Selecting an appropriate COE is critical to the success of acquisition programs, yet the processes and methods for evaluating COEs had not been clearly defined. I explain below how the SEI developed a Software Evaluation Framework and applied it to help assess the suitability of COEs for the US Army.

Continuous technological improvement is the hallmark of the hardware industry. In an ideal world--one without budgets or schedules--software would be redesigned and redeveloped from scratch to leverage each such improvement. But applying this process for software is often infeasible--if not impossible--due to economic constraints and competition. This posting discusses our research in applying verification, namely regression verification, to help the migration of real-time embedded systems from single-core to multi-core platforms.

Strategic planning is a process for defining an organization's approach for achieving its mission. Conducting successful strategic planning is essential because it creates a foundation for executing work, as well as setting the stage for enterprise architecture, process improvement, risk management, portfolio management, and any other enterprise-wide initiatives. Government organizations are operating in an environment of almost near-constant change, however, which makes it hard to conduct strategic planning efforts successfully. Moreover, when organizations do tackle strategy, they often get bogged down reflecting on the past or speculating on an uncertain future. This posting describes recent work investigating and integrating techniques to improve organizational strategic planning.

As software becomes an ever-increasing part of our daily lives, organizations find themselves relying on software that originates from unknown and untrusted sources. The vast majority of such software is available only as executables, known as "binaries." Many binaries--such as malware or different versions and builds of a software package--are simply minor variants of old programs (or in some cases exact copies) that have been run through a different compiler.

When I joined the SEI last year, one of my top priorities was to advance the scope and impact of SEI R&D programs, along with increasing the visibility of the excellent work of SEI technologists who staff these programs. While the SEI is well known for its innovation and impact in several key areas, the breadth and depth of our expertise extends far beyond our most popular technologies. To increase awareness of all that we're doing, we've established a blog to highlight SEI R&D initiatives, methods, and solutions that are meeting the needs of our customers and partners in government and industry. This initial post will introduce the goals and themes of the new SEI blog.