search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Ensuring Safety in Cyber-Physical Systems

Ensuring Safety in Cyber-Physical Systems

• SEI Blog
Dionisio de Niz

In some key industries, such as defense, automobiles, medical devices, and the smart grid, the bulk of the innovations focus on cyber-physical systems. A key characteristic of cyber-physical systems is the close interaction of software components with physical processes, which impose stringent safety and time/space performance requirements on the systems. This blog post describes research and development we are conducting at the SEI to optimize the performance of cyber-physical systems without compromising their safety....

Read More
The Latest Publications from the SEI

The Latest Publications from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about the latest work of SEI technologists, I will keep you apprised of SEI-related work that's published each month as SEI technical reports and notes. This post includes a listing of each report, author/s, and links where reports published in March can be accessed on the SEI website. The first report, A Framework for Evaluating Common Operating Environments, is based on a recent SEI blog...

Read More
Building a Foundation for Agile (To Enable Rapid Change)

Building a Foundation for Agile (To Enable Rapid Change)

• SEI Blog
Stephany Bellomo

This is a second in a series of posts focusing on Agile software development. In the first post, "What is Agile?" we provided a short overview of the key elements of the Agile approach, and we introduced the Agile Manifesto. One of the guiding principles from the manifesto emphasizes valuing people over developing processes. While the manifesto clearly alludes to the fact that too much focus on process (and not results) can be a bad...

Read More
 What is Agile?

What is Agile?

• SEI Blog
Stephany Bellomo

If you ask the question, "What is Agile?" you are likely to get lots of different answers. That's because there is no universally accepted formal definition for Agile. To make matters worse, there are ongoing debates over what Agile software development SHOULD mean. That being the case, when answering the question, "What is Agile?" the safest bet is to stick to what people can agree on, and people generally agree on three key elements of...

Read More
A New Approach for Handheld Devices in the Military

A New Approach for Handheld Devices in the Military

• SEI Blog
Edwin Morris

Many people today carry handheld computing devices to support their business, entertainment, and social needs in commercial networks. The Department of Defense (DoD) is increasingly interested in having soldiers carry handheld computing devices to support their mission needs in tactical networks. Not surprisingly, however, conventional handheld computing devices (such as iPhone or Android smartphones) for commercial networks differ in significant ways from handheld devices for tactical networks. For example, conventional devices and the software that...

Read More
Fuzzy Hashing Techniques in Applied Malware Analysis

Fuzzy Hashing Techniques in Applied Malware Analysis

• SEI Blog
David French

Malware--generically defined as software designed to access a computer system without the owner's informed consent--is a growing problem for government and commercial organizations. In recent years, research into malware focused on similarity metrics to decide whether two suspected malicious files are similar to one another. Analysts use these metrics to determine whether a suspected malicious file bears any resemblance to already verified malicious files. Using these metrics allows analysts to potentially save time, by identifying...

Read More
A New Approach to Modeling Malware using Sparse Representation

A New Approach to Modeling Malware using Sparse Representation

• SEI Blog
William Casey

Malicious software (known as "malware") is increasingly pervasive with a constant influx of new, increasingly complex strains that wreak havoc by exploiting computers or personal and business information stored therein for malicious or criminal purposes. Examples include code that is designed to pilfer personal and digital credentials; plunder sensitive information from government or business enterprises; or interrupt, misdirect, or render inoperable computer hardware and computer-controlled equipment. This post describes our work to create a rapid...

Read More
A Framework for Evaluating Common Operating Environments

A Framework for Evaluating Common Operating Environments

• SEI Blog
Steve Rosemergy

Large-scale DoD acquisition programs are increasingly being developed atop reusable software platforms--known as Common Operating Environments (COEs) --that provide applications and end-users with many net-centric capabilities, such as cloud computing or Web 2.0 applications, including data-sharing, interoperability, user-centered design, and collaboration. Selecting an appropriate COE is critical to the success of acquisition programs, yet the processes and methods for evaluating COEs had not been clearly defined. I explain below how the SEI developed a Software...

Read More