search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Architecture Analysis Using AADL: A Beginner's Perspective

Architecture Analysis Using AADL: A Beginner's Perspective

• SEI Blog
Julien Delange

Introducing new software languages, tools, and methods in industrial and production environments incurs a number of challenges. Among other necessary changes, practices must be updated, and engineers must learn new methods and tools. These updates incur additional costs, so transitioning to a new technology must be carefully evaluated and discussed. Also, the impact and associated costs for introducing a new technology vary significantly by type of project, team size, engineers' backgrounds, and other factors, so...

Read More
Establishing Trust in the Wireless Emergency Alerts Service

Establishing Trust in the Wireless Emergency Alerts Service

• SEI Blog
Carol Woody

The Wireless Emergency Alerts (WEA) service went online in April 2012, giving emergency management agencies such as the National Weather Service or a city's hazardous materials team a way to send messages to mobile phone users located in a geographic area in the event of an emergency. Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),"trust" has emerged as a...

Read More
A Generalized Model for Automated DevOps

A Generalized Model for Automated DevOps

• SEI Blog
C. Aaron Cois

To maintain a competitive edge, software organizations should be early adopters of innovation. To achieve this edge, organizations from Flickr and IBM to small tech startups are increasingly adopting an environment of deep collaboration between development and operations (DevOps) teams and technologies, which historically have been two disjointed groups responsible for information technology development. "The value of DevOps can be illustrated as an innovation and delivery lifecycle, with a continuous feedback loop to learn and...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in cybersecurity risks, software assurance, advanced persistent threat, international insider threat, Wireless Emergency Alerts Service, security and survivability, and acquisition....

Read More
Needed: Improved Collaboration Between Software and Systems Engineering

Needed: Improved Collaboration Between Software and Systems Engineering

• SEI Blog
Sarah Sheard

The Government Accountability Office (GAO) recently reported that acquisition-program costs typically run 26 percent over budget, with development costs exceeding initial estimates by 40 percent. Moreover, many programs fail to deliver capabilities when promised, experiencing a 21-month delay on average. The report attributes the "optimistic assumptions about system requirements, technology, and design maturity [that] play a large part in these failures" to a lack of disciplined systems engineering analysis early in the program. What acquisition...

Read More
Heartbleed: Q&A

Heartbleed: Q&A

• SEI Blog
Will Dormann

The Heartbleed bug, a serious vulnerability in the Open SSL crytographic software library, enables attackers to steal information that, under normal conditions, is protected by the Secure Socket Layer/Transport Layer Security(SSL/TLS) encryption used to secure the internet. Heartbleed and its aftermath left many questions in its wake: Would the vulnerability have been detected by static analysis tools? If the vulnerability has been in the wild for two years, why did it take so long to...

Read More
Secure Coding to Prevent Vulnerabilities

Secure Coding to Prevent Vulnerabilities

• SEI Blog
Robert Seacord

Software developers produce more than 100 billion lines of code for commercial systems each year. Even with automated testing tools, errors still occur at a rate of one error for every 10,000 lines of code. While many coding standards address code style issues (i.e., style guides), CERT secure coding standards focus on identifying unsafe, unreliable, and insecure coding practices, such as those that resulted in the Heartbleed vulnerability. For more than 10 years, the CERT...

Read More
Two Secure Coding Tools for Analyzing Android Apps

Two Secure Coding Tools for Analyzing Android Apps

• SEI Blog
Will Klieber

This blog post is co-authored by Lori Flynn. Although the Android Operating System continues to dominate the mobile device market (82 percent of worldwide market share in the third quarter of 2013), applications developed for Android have faced some challenging security issues. For example, applications developed for the Android platform continue to struggle with vulnerabilities, such as activity hijacking, which occurs when a malicious app receives a message (in particular, an intent) that was intended...

Read More