search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Resilience, Model-Driven Engineering, Software Quality, and Android App Analysis - The Latest Research from the SEI

Resilience, Model-Driven Engineering, Software Quality, and Android App Analysis - The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in governing operational resilience, model-driven engineering, software quality, Android app analysis, software architecture, and emerging technologies. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the...

Read More
Model Driven Engineering: Automatic Code Generation and Beyond

Model Driven Engineering: Automatic Code Generation and Beyond

• SEI Blog
John Klein

Acquisition executives in domains ranging from modernizing legacy business systems to developing real-time communications systems often face the following challenge:Vendors claim that model-driven engineering (MDE) tools enable developers to generate software code automatically and achieve extremely high developer productivity....

Read More
Designing Security Into Software-Reliant Systems

Designing Security Into Software-Reliant Systems

• SEI Blog
Christopher Alberts

Software is a growing component of systems used by Department of Defense (DoD), government, and industry organizations. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Despite this rise in security risk exposure, most organizations follow a familiar pattern when managing those risks....

Read More
Information Technology Systems Modernization

Information Technology Systems Modernization

• SEI Blog
William Wood

Legacy systems represent a massive operations and maintenance (O&M) expense. According to a recent study, 75 percent of North American and European enterprise information technology (IT) budgets are expended on ongoing O&M, leaving a mere 25 percent for new investments. Another study found nearly three quarters of the U.S. federal IT budget is spent supporting legacy systems. For decades, the Department of Defense (DoD) has been attempting to modernize about 2,200 business systems, which are...

Read More
Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

• SEI Blog
Carol Woody

This post was co-authored by Bill Nichols. Mitre's Top 25 Most Dangerous Software Errors is a list that details quality problems, as well as security problems. This list aims to help software developers "prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped." These vulnerabilities often result in software that does not function as intended, presenting an opportunity for attackers to compromise...

Read More
Top 10 Insider Threat Posts

Top 10 Insider Threat Posts

• SEI Blog
Greg Shannon

For two consecutive years, organizations reported that insider crimes caused comparable damage (34 percent) to external attacks (31 percent), according to a recent cybercrime report co-sponsored by the CERT Division at the Carnegie Mellon University Software Engineering Institute. Despite this near parity, media reports of attacks often focus on external attacks and their aftermath, yet an attack can be equally or even more devastating when carried out from within an organization. Insider threats are influenced...

Read More
Top 10 CERT/CC Blog Posts on Vulnerabilities and SSL Tools

Top 10 CERT/CC Blog Posts on Vulnerabilities and SSL Tools

• SEI Blog
Greg Shannon

In 2014, approximately 1 billion records of personably identifiable information were compromised as a result of cybersecurity vulnerabilities. In the face of this onslaught of compromises, it is important to examine fundamental insecurities that CERT researchers have identified and that readers of the CERT/CC blog have found compelling. This post, the first in a series highlighting CERT resources available to the public including blogs and notes, focuses on the CERT/CC blog. This blog post highlights...

Read More
An Introduction to the Mission Thread Workshop

An Introduction to the Mission Thread Workshop

• SEI Blog
Michael Gagliardi

In Department of Defense (DoD) programs, cooperation among software and system components is critical. A system of systems (SoS) is used to accomplish a number of missions where cooperation among individual systems is critical to providing (new) capabilities that the systems could not provide. SoS capabilities are a major driver in the architecture of the SoS and selection of constituent systems for the SoS. There are additional critical drivers, however, that must be accounted for...

Read More