search menu icon-carat-right cmu-wordmark

Archive: May 2019

The Latest Research from the SEI in DevSecOps, Threat Modeling, and Insider Threat

The Latest Research from the SEI in DevSecOps, Threat Modeling, and Insider Threat

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in DevSecOps, insider threat, cyber risk and resilience, software assurance, infrastructure as code, software architecture, and threat modeling. These publications highlight the latest work of SEI technologists in these areas. This blog post also presents the latest episode in our podcast series highlighting the work of...

Read More
The AADL Error Library: 4 Families of System Errors

The AADL Error Library: 4 Families of System Errors

• SEI Blog
Sam Procter

Classifying the way that things can go wrong in a component-based system is a hard challenge since components--and the systems that rely on them--can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven systems are increasingly used for safety-critical applications. Unfortunately, many well-established classifications and taxonomies of system errors are not what we would term operationalized (i.e., directly usable in modern, model-based system engineering efforts). Instead, they...

Read More
Managing the Consequences of Technical Debt: 5 Stories from the Field

Managing the Consequences of Technical Debt: 5 Stories from the Field

• SEI Blog
Ipek Ozkaya

Rod Nord coauthored this post. If you participate in the development of software, the chances are good that you have experienced the consequences of technical debt, which communicates additional cost and rework over the software lifecycle when a short-term, easy solution is chosen instead of a better solution. Understanding and managing technical debt is an important goal for many organizations. Proactively managing technical debt promises to give organizations the ability to control the cost of...

Read More
The Technical Architecture for Product Line Acquisition in the DoD - Fourth in a Series

The Technical Architecture for Product Line Acquisition in the DoD - Fourth in a Series

• SEI Blog
Nickolas Guertin

This post is co-authored by Douglas C. Schmidt and William Scherlis. DoD technologies have traditionally relied on cyber-physical/software-intensive systems that are now widely available to all nations and non-state actors. The DoD's past practice of incorporating commercial-off-the-shelf (COTS) technologies on a system-by-system basis are insufficient to stay ahead of its adversaries and increase its pace of change for delivering innovation. The DoD thus needs new acquisition approaches that can achieve rapid delivery, flexibility, and capacity...

Read More