search menu icon-carat-right cmu-wordmark

Archive: February 2019

The Modern Software Factory and Independent V&V for Machine Learning: Two Key Recommendations for Improving Software in Defense Systems

The Modern Software Factory and Independent V&V for Machine Learning: Two Key Recommendations for Improving Software in Defense Systems

• SEI Blog
Paul Nielsen

Software-enabled capabilities are essential for our nation's defense systems. I recently served on a Defense Science Board (DSB) Task Force whose purpose was to determine whether iterative development practices such as Agile are applicable to the development and sustainment of software for the Department of Defense (DoD). The resulting report, Design and Acquisition of Software for Defense Systems, made seven recommendations on how to improve software acquisition in defense systems: A key evaluation criterion in...

Read More
An Appraisal of the Systems Engineering Journal's Treatment of Software Over the Last Two Decades

An Appraisal of the Systems Engineering Journal's Treatment of Software Over the Last Two Decades

• SEI Blog
Sarah Sheard

Systems engineers working today face many challenges, both in building the complex systems of systems of the future and in building the complex systems of which they are composed. Systems engineers need to be able to design around stable requirements when there are long-lead manufactured items required, and they also need to evolve the design along with changing requirements for larger systems. Software plays an integral role in helping systems engineers accomplish these goals. The...

Read More
Using the SEI CERT Coding Standards to Improve Security of the Internet of Things

Using the SEI CERT Coding Standards to Improve Security of the Internet of Things

• SEI Blog
David Svoboda

The Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity. Printers in secure facilities have been used to exfiltrate data from the systems to which they were connected, and even a thermometer in a casino's fish tank was used to gain access to the casino's infrastructure and extract data about customers, gamblers, etc. In this blog...

Read More
Evaluating Threat-Modeling Methods for Cyber-Physical Systems

Evaluating Threat-Modeling Methods for Cyber-Physical Systems

• SEI Blog
Nataliya Shevchenko

Addressing cybersecurity for а complex system, especially for а cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system. Examples of CPSoS include rail transport systems, power plants, and integrated air-defense capability. All these systems consist of large physical, cyber-physical, and cyber-only subsystems with complex dynamics. In the first blog post in this series, I summarized 12 available threat-modeling methods (TMMs). In this post, I will identify criteria for...

Read More