search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

A Taxonomy of Testing

A Taxonomy of Testing

• SEI Blog
Donald Firesmith

By Donald Firesmith Principal Engineer Software Solutions Division While evaluating the test programs of numerous defense contractors, we have often observed that they are quite incomplete. For example, they typically fail to address all the relevant types of testing that should be used to (1) uncover defects (2) provide evidence concerning the quality and maturity of the system or software under test, and (3) demonstrate the readiness of the system or software for acceptance and...

Read More
The SEI Technical Strategic Plan

The SEI Technical Strategic Plan

• SEI Blog
Kevin Fall

By Kevin FallDeputy Director, Research, and CTO This is the second installment in a series on the SEI's technical strategic plan. Department of Defense (DoD) systems are becoming increasingly software reliant, at a time when concerns about cybersecurity are at an all-time high. Consequently, the DoD, and the government more broadly, is expending significantly more time, effort, and money in creating, securing, and maintaining software-reliant systems and networks. Our first post in this series provided...

Read More
The Pharos Framework: Binary Static Analysis of Object Oriented Code

The Pharos Framework: Binary Static Analysis of Object Oriented Code

• SEI Blog
Jeffrey Gennari

Object-oriented programs present considerable challenges to reverse engineers. For example, C++ classes are high-level structures that lead to complex arrangements of assembly instructions when compiled. These complexities are exacerbated for malware analysts because malware rarely has source code available; thus, analysts must grapple with sophisticated data structures exclusively at the machine code level. As more and more object-oriented malware is written in C++, analysts are increasingly faced with the challenges of reverse engineering C++ data...

Read More
10 Recommended Practices for Achieving Agile at Scale

10 Recommended Practices for Achieving Agile at Scale

• SEI Blog
SPRUCE Project

This is the second installment of two blog posts highlighting recommended practices for achieving Agile at Scale that was originally published on the Cyber Security & Information Systems Information Analysis Center (CSIAC) website. The first post in the series by Ipek Ozkaya and Robert Nord explored challenges to achieving Agile at Scale and presented the first five recommended practices: 1. Team coordination2. Architectural runway3. Align development and decomposition.4. Quality-attribute scenarios5. Test-driven developmentThis post presents the...

Read More
SEI Unveils a New Blogging Platform

SEI Unveils a New Blogging Platform

• SEI Blog
Douglas C. Schmidt

We are writing to let our SEI Blog readers know about some changes to SEI blogs that make our content areas more accessible and easier to navigate. On August 6, 2015, the SEI will unveil a new website, SEI Insights, that will give you access to all SEI blogs--the CERT/CC, Insider Threat, DevOps and SATURN, and SEI--in one mobile-friendly location. At SEI Insights, readers can quickly review the most recent posts from all SEI blogs...

Read More
10 Recommended Practices for Achieving Agile at Scale

10 Recommended Practices for Achieving Agile at Scale

• SEI Blog
SPRUCE Project

This post is the first in a two-part series highlighting 10 recommended practices for achieving agile at scale. Software and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply agile methods in government acquisition frameworks, systematic verification and validation of safety-critical systems, and operational risk management. In the Department of Defense (DoD), these techniques are just a few of the options available...

Read More
A Field Study of Technical Debt

A Field Study of Technical Debt

• SEI Blog
Neil Ernst

In their haste to deliver software capabilities, developers sometimes engage in less-than-optimal coding practices. If not addressed, these shortcuts can ultimately yield unexpected rework costs that offset the benefits of rapid delivery. Technical debt conceptualizes the tradeoff between the short-term benefits of rapid delivery and long-term value. Taking shortcuts to expedite the delivery of features in the short term incurs technical debt, analogous to financial debt, that must be paid off later to optimize long-term...

Read More
Context-Aware Computing in the DoD

Context-Aware Computing in the DoD

• SEI Blog
Jeff Boleng

In their current state, wearable computing devices, such as glasses, watches, or sensors embedded into your clothing, are obtrusive. Jason Hong, associate professor of computer science at Carnegie Mellon University, wrote in a 2014 co-authored article in Pervasive Computing that while wearables gather input from sensors placed optimally on our bodies, they can also be "harder to accommodate due to our social context and requirements to keep them small and lightweight."...

Read More