search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Applying Agility to Common Operating Platform Environment Initiatives

Applying Agility to Common Operating Platform Environment Initiatives

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical, software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum. The event brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in mission-critical environments found in government and many industries. This blog posting,...

Read More
Balancing Agility and Discipline at Scale

Balancing Agility and Discipline at Scale

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical, software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum. The event brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in mission-critical environments found in government and many industries....

Read More
Strategic Management of Architectural Technical Debt

Strategic Management of Architectural Technical Debt

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical, software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum. The event brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in mission-critical environments found in government and many industries. This blog posting,...

Read More
Agile Methods: Tools, Techniques, and Practices for the DoD Community

Agile Methods: Tools, Techniques, and Practices for the DoD Community

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical, software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum, which brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in mission-critical environments found in government and many industries. This blog posting, the...

Read More
Applying Agile at-Scale for Mission-Critical Software-Reliant Systems

Applying Agile at-Scale for Mission-Critical Software-Reliant Systems

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum, which brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in the mission-critical environments found in government and many industries. This blog posting,...

Read More
The CERT Perl Secure Coding Standard

The CERT Perl Secure Coding Standard

• SEI Blog
David Svoboda

As security specialists, we are often asked to audit software and provide expertise on secure coding practices. Our research and efforts have produced several coding standards specifically dealing with security in popular programming languages, such as C, Java, and C++. This posting describes our work on the CERT Perl Secure Coding Standard, which provides a core of well-documented and enforceable coding rules and recommendations for Perl, which is a popular scripting language....

Read More
Improving Security in the Latest C Programming Language Standard

Improving Security in the Latest C Programming Language Standard

• SEI Blog
David Keaton

Buffer overflows--an all too common problem that occurs when a program tries to store more data in a buffer, or temporary storage area, than it was intended to hold--can cause security vulnerabilities. In fact, buffer overflows led to the creation of the CERT program, starting with the infamous 1988 "Morris Worm" incident in which a buffer overflow allowed a worm entry into a large number of UNIX systems. For the past several years, the CERT...

Read More
Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE): An Update

Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE): An Update

• SEI Blog
David Zubrow

By law, major defense acquisition programs are now required to prepare cost estimates earlier in the acquisition lifecycle, including pre-Milestone A, well before concrete technical information is available on the program being developed. Estimates are therefore often based on a desired capability--or even on an abstract concept--rather than a concrete technical solution plan to achieve the desired capability. Hence the role and modeling of assumptions becomes more challenging. This blog posting outlines a multi-year project...

Read More