The Latest Research from the SEI
Happy Labor Day from all of us here at the SEI. I'd like to take advantage of this special occasion to keep you apprised of some recent technical reports and notes from the SEI. It's part of an ongoing effort to keep you informed about our latest work. These reports highlight the latest work of SEI technologists in architecting service-oriented systems, operational resilience, standards-based automated remediation, and acquisition. This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website.
Architecting Service-Oriented Systems
By Philip Bianco, Grace A. Lewis, Paulo Merson, & Soumya Simanta
Service orientation is an approach to software systems development that has become a popular way to implement distributed, loosely coupled systems, because it offers such features as standardization, platform independence, well-defined interfaces, and tool support that enables legacy system integration. From a quality attribute point of view, the primary drivers for service orientation adoption are interoperability and modifiability. However, a common misconception is that an architecture that uses a service-oriented approach can achieve these qualities by simply putting together a set of vendor products that provide an infrastructure and then using this infrastructure to expose a set of reusable services to build systems. In reality, there are many architectural decisions that need to be made. An architectural decision that promotes interoperability or modifiability can negatively impact other qualities, such as availability, reliability, security and performance. The goal of this report is to present general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect that these principles and their implementation have on system quality attributes.
Measures for Managing Operational Resilience
By Julia H. Allen & Pamela D. Curtis
In this report, Resilient Enterprise Management (REM) team members suggest a set of top 10 strategic measures for managing operational resilience. These measures derive from high-level objectives of the operational resilience management system defined in the CERT Resilience Management Model, Version 1.1 (CERT-RMM). The report also provides measures for each of the 26 process areas of CERT-RMM, as well as a set of global measures that apply to all process areas. This report thus serves as an addendum to CERT-RMM Version 1.1.
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation
By Sagar Chaki, Rita Creel, Jeff Davenport, Mike Kinney, Benjamin McCormick, & Mary Popeck
This report describes the SEI's 2010 work for the National Security Agency Computer Network Defense Research and Technology Program Management Office to develop standards for remediation of vulnerabilities and compliance issues on Department of Defense (DoD) networked systems. The overall goals are to assist in the development of remediation standards, demonstrate the functionality that the DoD would like in a remediation manager, and increase efficiency and effectiveness of remediation by automating the remediation process.
A Decision Framework for Selecting Licensing Rights for Noncommercial Computer Software in the DoD Environment
By Charlene Gross
A major acquisition challenge for a program where computer software is a critical element of the system is the upfront determination of an appropriate licensing rights strategy. This report describes standard noncommercial software licensing alternatives as defined by U.S. government and Department of Defense (DoD) regulations. It also suggests an approach for objectively identifying agency needs for license rights and the appropriate license type for systems with noncommercial computer software or as standalone software in the DoD environment. There are three standard license types for noncommercial computer software: Unlimited, Government Purpose, and Restricted. Each of these license types for noncommercial computer software conveys different rights to the agency. This report presents distinguishing characteristics of the three standard license types, a method to develop the supporting rationale or traceability for DoD agency needs, a high-level description of circumstances that fall outside of standard license types, and a discussion of the importance of deliverables as necessary components for implementing license rights.
For the latest SEI technical reports and papers, please visit