search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Architecting Service-Oriented Systems

Architecting Service-Oriented Systems

• SEI Blog
Grace Lewis

In 2009, a popular blogger published a post entitled "SOA is Dead," which generated extensive commentary among those who work in the field of service-oriented architecture (SOA). Many practitioners in this field completely misinterpreted the post; some read the title and just assumed that the content referenced the demise of SOA. Quite the opposite, the post was inviting people to stop thinking about SOA as a set of technologies and start embracing SOA as an...

Read More
Common Testing Problems: Pitfalls to Prevent and Mitigate

Common Testing Problems: Pitfalls to Prevent and Mitigate

• SEI Blog
Donald Firesmith

A widely cited study for the National Institute of Standards & Technology (NIST) reports that inadequate testing methods and tools annually cost the U.S. economy between $22.2 and $59.5 billion, with roughly half of these costs borne by software developers in the form of extra testing and half by software users in the form of failure avoidance and mitigation efforts. The same study notes that between 25 and 90 percent of software development budgets are...

Read More
The SEI Blog: A Two-Year Retrospective

The SEI Blog: A Two-Year Retrospective

• SEI Blog
Douglas C. Schmidt

In launching the SEI blog two years ago, one of our top priorities was to advance the scope and impact of SEI research and development projects, while increasing the visibility of the work by SEI technologists who staff these projects. After 114 posts, and 72,608 visits from readers of our blog, this post reflects on some highlights from the last two years and gives our readers a preview of posts to come....

Read More
Using the Pointer Ownership Model to Secure Memory Management in C and C++

Using the Pointer Ownership Model to Secure Memory Management in C and C++

• SEI Blog
David Svoboda

This blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++. Memory problems in C and C++ can lead to serious software vulnerabilities including difficulty fixing bugs, performance impediments, program crashes (including null pointer deference and out-of-memory errors), and remote code execution....

Read More
Is Your Organization Ready for Agile? - Part 2

Is Your Organization Ready for Agile? - Part 2

• SEI Blog
Suzanne Miller

This blog post is the second in a series on Agile adoption in regulated settings, such as the Department of Defense, Internal Revenue Service, and Food and Drug Administration. The adoption of new practices, such as agile or any new practice for that matter, is a task that is best undertaken with both eyes open. There are often disconnects between the adopting organization's current practice and culture and the new practices being adopted. This posting...

Read More
Introduction to the Architecture Analysis & Design Language

Introduction to the Architecture Analysis & Design Language

• SEI Blog
Julien Delange

When a system fails, engineers too often focus on the physical components, but pay scant attention to the software. In software-reliant systems ignoring or deemphasizing the importance of software failures can be a recipe for disaster. This blog post is the first in a series on recent developments with the Architecture Analysis Design Language (AADL) standard. Future posts will explore recent tools and projects associated with AADL, which provides formal modeling concepts for the description...

Read More
Standards in Cloud Computing Interoperability

Standards in Cloud Computing Interoperability

• SEI Blog
Grace Lewis

In 2011, Col. Timothy Hill, director of the Futures Directorate within the Army Intelligence and Security Command, urged industry to take a more open-standards approach to cloud computing. "Interoperability between clouds, as well as the portability of files from one cloud to another, has been a sticking point in general adoption of cloud computing," Hill said during a panel at the AFCEA International 2011 Joint Warfighting Conference. Hill's view has been echoed by many in...

Read More
Evaluation and Validity for SEI Research Projects

Evaluation and Validity for SEI Research Projects

• SEI Blog
Bill Scherlis

Some of the principal challenges faced by developers, managers, and researchers in software engineering and cybersecurity involve measurement and evaluation. In two previous blog posts, I summarized some features of the overall SEI Technology Strategy. This post focuses on how the SEI measures and evaluates its research program to help ensure these activities address the most significant and pervasive problems for the Department of Defense (DoD). Our goal is to conduct projects that are technically...

Read More