search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

The AADL Error Library: 4 Families of System Errors

The AADL Error Library: 4 Families of System Errors

• SEI Blog
Sam Procter

Peter Feiler co-authored this blog post. Classifying the way that things can go wrong in a component-based system is a hard challenge since components--and the systems that rely on them--can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven systems are increasingly used for safety-critical applications. Unfortunately, many well-established classifications and taxonomies of system errors are not what we would term operationalized (i.e., directly usable in modern,...

Read More
Managing the Consequences of Technical Debt: 5 Stories from the Field

Managing the Consequences of Technical Debt: 5 Stories from the Field

• SEI Blog
Ipek Ozkaya

Rod Nord coauthored this post. If you participate in the development of software, the chances are good that you have experienced the consequences of technical debt, which communicates additional cost and rework over the software lifecycle when a short-term, easy solution is chosen instead of a better solution. Understanding and managing technical debt is an important goal for many organizations. Proactively managing technical debt promises to give organizations the ability to control the cost of...

Read More
The Technical Architecture for Product Line Acquisition in the DoD - Fourth in a Series

The Technical Architecture for Product Line Acquisition in the DoD - Fourth in a Series

• SEI Blog
Nickolas Guertin

This post is co-authored by Douglas C. Schmidt and William Scherlis. DoD technologies have traditionally relied on cyber-physical/software-intensive systems that are now widely available to all nations and non-state actors. The DoD's past practice of incorporating commercial-off-the-shelf (COTS) technologies on a system-by-system basis are insufficient to stay ahead of its adversaries and increase its pace of change for delivering innovation. The DoD thus needs new acquisition approaches that can achieve rapid delivery, flexibility, and capacity...

Read More
The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

• SEI Blog
Nickolas Guertin

This post was co-authored by Douglas Schmidt and William Scherlis. To maintain a strategic advantage over its adversaries, the Department of Defense (DoD) must field new technologies rapidly. "It is not about speed of discovery, it is about speed of delivery to the field," Michael D. Griffin, undersecretary of defense for research and engineering, told a Senate Armed Services subcommittee in April 2018. The architecture of Department of Defenses (DoD) acquisition organizations is based on...

Read More
A 5-Step Process for Release Planning

A 5-Step Process for Release Planning

• SEI Blog
Robert Ferguson

Software products are often used for two decades or more. Several researchers have shown the cost of maintenance and sustainment ranges between 40- and 80 percent of the total lifecycle cost with a median estimate near 70 percent. Sometimes executives have asked, Why does software sustainment cost so much? This blog turns the question around to ask, Can we get better value from our continuing software investment? Of course, the answer is affirmative. We can...

Read More
Six Free Tools for Creating a Cyber Simulator

Six Free Tools for Creating a Cyber Simulator

• SEI Blog
Joseph Mayes

It can be hard for developers of cybersecurity training to create realistic simulations and training exercises when trainees are operating in closed (often classified) environments with no ability to connect to the Internet. To address this challenge, the CERT Workforce Development (CWD) Team recently released a suite of open-source and freely available tools for use in creating realistic Internet simulations for cybersecurity training and other purposes. The tools improve the realism, efficiency, and cost effectiveness...

Read More
Business Email Compromise: Operation Wire Wire and New Attack Vectors

Business Email Compromise: Operation Wire Wire and New Attack Vectors

• SEI Blog
Anne Connell

In June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States...

Read More
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications

How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications

• SEI Blog
David Svoboda

The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT). High-end automobiles today have more than 100 million lines of code, and connectivity between cars and the outside world through, for example, infotainment systems and the Global Positioning System (GPS) expose a number of interfaces that can be attacked to communicate with an automobile in unintended and...

Read More