search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Data-Driven Management of Technical Debt

Data-Driven Management of Technical Debt

• SEI Blog
Ipek Ozkaya

This post was co-authored by Robert Nord. Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. Like financial debt, technical debt can be a burden or an investment. It can be a burden when it is taken on unintentionally without a solid plan to manage it; it can also be part of an intentional...

Read More
IPV6 Adoption:  Is your ISP ready to support IPv6?

IPV6 Adoption: Is your ISP ready to support IPv6?

• SEI Blog
Joseph Mayes

If you're considering migrating to IPv6, you may be asking, Am I ready? That's a good question to ask, but you also have to ask, Is my ISP ready? If your Internet service provider (ISP) isn't ready for an IPv6 migration, you may have external web sites that won't load, problems receiving email, and many other issues. This post is the latest in a series examining issues, challenges, and best practices when transitioning from IPv4...

Read More
Emerging Opportunities in Modularity and Open Systems Architectures - First in a Series

Emerging Opportunities in Modularity and Open Systems Architectures - First in a Series

• SEI Blog
Nickolas Guertin

This post is also co-authored by Douglas C. Schmidt and William Scherlis. In its effort to increase the capability of the warfighter, the Department of Defense (DoD) has made incremental changes in its acquisition practices for building and deploying military capacity. This capacity can be viewed as "platforms" (tanks, ships, aircraft, etc.) and the mission system "payloads" (sensors, command and control, weapons, etc.) that are populated onto those platforms to deliver the desired capability. This...

Read More
Best Practices in Network Traffic Analysis: Three Perspectives

Best Practices in Network Traffic Analysis: Three Perspectives

• SEI Blog
Angela Horneman

This post is also authored by Tim Shimeall and Timur Snoke. In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of a major, multi-national organization. Computer networks are complex, often tightly coupled systems; operators of such systems need to maintain awareness of the system status or disruptions will occur. In today's operational climate, threats and...

Read More
Decisions for Sustaining a Software Product Line

Decisions for Sustaining a Software Product Line

• SEI Blog
Robert Ferguson

A software product line is a collection of related products with shared software artifacts and engineering services that has been developed by a single organization intended to serve different missions and different customers. In industry, product lines provide both customer benefits (such as functionality, quality, and cost) and development organization benefits (such as time to market and price-margin). Moreover, these benefits last through multiple generations of products. This blog is the first in a series...

Read More
SCALe: A Tool for Managing Output from Static Analysis Tools

SCALe: A Tool for Managing Output from Static Analysis Tools

• SEI Blog
Lori Flynn

Experience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that an engineer must painstakingly examine to find legitimate flaws. As described in this blog post, we in the SEI's CERT Division have developed the SCALe (Source Code Analysis Laboratory) tool, as we have researched and prototyped methods to help analysts...

Read More
Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

• SEI Blog
Bob Binder

As Soon as Possible In the first post in this series, I introduced the concept of the Minimum Viable Capability (MVC). While the intent of the Minimum Viable Product (MVP) strategy is to focus on rapidly developing and validating only essential product features, MVC adapts this strategy to systems that are too large, too complex, or too critical for MVP. MVC is a scalable approach to validating a system of capabilities, each at the earliest...

Read More
Engaging the CSIRT Community: Cyber Capacity Building on a Global Scale

Engaging the CSIRT Community: Cyber Capacity Building on a Global Scale

• SEI Blog
Angel Luis Hueca

At the 2018 World Economic Forum, global leaders voiced concerns about the growing trend of cyberattacks targeting critical infrastructure and strategic industrial sectors, citing fears of a worst-case scenario that could lead to a breakdown of the systems that keep societies functioning. A painful example was the May 2017 WannaCry ransomware attack in which a worm rapidly spread through a number of computer networks, affecting more than 150 countries and more than 400,000 endpoints. One...

Read More