The Latest Publications from the SEI
Happy Memorial Day from all of us here at the SEI. I'd like to take advantage of this special occasion to keep you apprised of some recent technical reports and notes from the SEI. It's part of an ongoing effort to keep you informed about the latest work of SEI technologists. These reports highlight the latest work of SEI technologists in embedded systems, cyber security, appraisal requirements for CMMI Version 1.3, improving the quality and use of data, and software assurance. This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website.
As always, we welcome your feedback on our work.
Trusted Computing in Embedded Systems Workshop
By Archie Andrews & Jonathan McCune
This report describes the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University. This workshop brought together various groups concerned with advancing research into improving the trustworthiness in embedded systems. The workshop format provided the opportunity to focus on embedded systems while examining the application of related trust technologies in order to foster collaborative approaches and information exchange in this area. Presentations and discussion addressed the capabilities and limitations of effectively employing trusted hardware-enabled components in embedded systems. This included, but was not restricted to, the following areas: new research and development in enabling trust in embedded systems, methods and techniques for establishing trust in embedded systems, lessons learned from research and development projects on embedded systems security, and gaps in current research. The workshop resulted in identification of gaps in current research and recommendations for potential research directions.
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, & Bradford J. Willke
As nations recognize that their critical infrastructures have integrated sophisticated information and communications technologies (ICT) to provide greater efficiency and reliability, they quickly realize the need to effectively manage risk arising from the use of these technologies. Establishing a national computer security incident management capability can be an important step in managing that risk. In this document, this capability is referred to as a National Computer Security Incident Response Team (CSIRT), although the specific organizational form may vary among nations. Nations face various challenges when working to strengthen incident management, such as the lack of information providing guidance for establishing a national capability, determining how this capability can support national cyber security, and managing the national incident management capability. This document, first in the Best Practices for National Cyber Security series, provides information that interested organizations and governments can use to develop a national incident management capability. The document explains the need for national incident management and provides strategic goals, enabling goals, and additional resources pertaining to the establishment of National CSIRTs and organizations like them.
Appraisal Requirements for CMMI Version 1.3 (ARC, V1.3)
By the SCAMPI Upgrade Team
This report, the Appraisal Requirements for CMMI, Version 1.3 (ARC, V1.3), defines the requirements for appraisal methods intended for use with Capability Maturity Model Integration (CMMI) and with the People CMM. The ARC may also be useful when defining appraisals with other reference models. The ARC defines three appraisal classes distinguished by the degree of rigor associated with the application of the method. These classes are intended primarily for people who develop appraisal methods to use with reference models such as those in the CMMI product suite.
Issues and Opportunities for Improving the Quality and Use of Data in the Department of Defense
By Mark Kasunic, David Zubrow, & Erin Harper
The Department of Defense (DoD) is becoming increasingly aware of the importance of data quality to its operations, leading to an interest in methods and techniques that can be used to determine and improve the quality of its data. The Office of the Secretary of Defense for Acquisition, Technology, and Logistics (OSD [AT&L]), Director, Defense Research & Engineering (DDR&E) sponsored a workshop to bring together leading researchers and practitioners to identify opportunities for research focused on data quality, data analysis, and data use. Seventeen papers were accepted for presentation during the workshop. During workshop discussion, participants were asked to identify challenging areas that would address technology gaps and to discuss research ideas that would support future DoD policies and practices. The Software Engineering Institute formed three primary recommendations for areas of further research from the information produced at the workshop. These areas were integrating data from disparate sources, employing provenance analytics, and developing models, methods, and tools that support data quality by design.
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi
By Nancy R. Mead, Julia H. Allen, Mark A. Ardis, Thomas B. Hilburn, Andrew J. Kornecki, & Richard C. Linger
This report, the third volume in the Software Assurance Curriculum Project sponsored by the U.S. Department of Homeland Security, provides sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
For the latest SEI technical reports and papers,