search menu icon-carat-right cmu-wordmark

Archive: April 2019

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

• SEI Blog
Nickolas Guertin

This post was co-authored by Douglas Schmidt and William Scherlis. To maintain a strategic advantage over its adversaries, the Department of Defense (DoD) must field new technologies rapidly. "It is not about speed of discovery, it is about speed of delivery to the field," Michael D. Griffin, undersecretary of defense for research and engineering, told a Senate Armed Services subcommittee in April 2018. The architecture of Department of Defenses (DoD) acquisition organizations is based on...

Read More
A 5-Step Process for Release Planning

A 5-Step Process for Release Planning

• SEI Blog
Robert Ferguson

Software products are often used for two decades or more. Several researchers have shown the cost of maintenance and sustainment ranges between 40- and 80 percent of the total lifecycle cost with a median estimate near 70 percent. Sometimes executives have asked, Why does software sustainment cost so much? This blog turns the question around to ask, Can we get better value from our continuing software investment? Of course, the answer is affirmative. We can...

Read More
Six Free Tools for Creating a Cyber Simulator

Six Free Tools for Creating a Cyber Simulator

• SEI Blog
Joseph Mayes

It can be hard for developers of cybersecurity training to create realistic simulations and training exercises when trainees are operating in closed (often classified) environments with no ability to connect to the Internet. To address this challenge, the CERT Workforce Development (CWD) Team recently released a suite of open-source and freely available tools for use in creating realistic Internet simulations for cybersecurity training and other purposes. The tools improve the realism, efficiency, and cost effectiveness...

Read More
Business Email Compromise: Operation Wire Wire and New Attack Vectors

Business Email Compromise: Operation Wire Wire and New Attack Vectors

• SEI Blog
Anne Connell

In June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States...

Read More
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications

How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications

• SEI Blog
David Svoboda

The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT). High-end automobiles today have more than 100 million lines of code, and connectivity between cars and the outside world through, for example, infotainment systems and the Global Positioning System (GPS) expose a number of interfaces that can be attacked to communicate with an automobile in unintended and...

Read More