search menu icon-carat-right cmu-wordmark

Archive: June 2019

Testing Concurrent Systems: Concurrency Defects, Testing Techniques, and Recommendations

Testing Concurrent Systems: Concurrency Defects, Testing Techniques, and Recommendations

• SEI Blog
Donald Firesmith

Concurrency, which exists whenever multiple entities execute simultaneously, is a ubiquitous and an unavoidable fact of life in systems and software engineering. It greatly increases system and software complexity, which directly impacts testing. Concurrency leads to nondeterministic behavior and numerous types of concurrency defects that require specialized approaches to uncover. At the SEI, we are often called upon to review development planning documents including Test and Evaluation Master Plans (TEMPs) and Software Test Plans (STPs)....

Read More
Model-Based Analysis of Agile Development Practices

Model-Based Analysis of Agile Development Practices

• SEI Blog
Andrew Moore

Bill Nichols, Bill Novak, and David Zubrow helped to write this blog post. Applications of Agile development practices in government are providing experience that decision makers can use to improve policy, procedure, and practice. Behavioral modeling and simulation (BModSim) techniques (such as agent-based modeling, computational game theory, and System Dynamics) provide a way to construct valid, coherent, and executable characterizations of Agile software development. These techniques can help answer key questions about Agile concepts and...

Read More
The Vectors of Code: On Machine Learning for Software

The Vectors of Code: On Machine Learning for Software

• SEI Blog
Zachary Kurtz

This blog post provides a light technical introduction on machine learning (ML) for problems of computer code, such as detecting malicious executables or vulnerabilities in source code. Code vectors enable ML practitioners to tackle code problems that were previously approachable only with highly-specialized software engineering knowledge. Conversely, code vectors can help software analysts to leverage general, off-the-shelf ML tools without needing to become ML experts. In this post, I introduce some use cases for ML...

Read More
After the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuity

After the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuity

• SEI Blog
Robert Vrtis

Jeff Pinckard co-wrote this blog post. In 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security. Since then, hundreds of CRRs have been conducted across all critical-infrastructure sectors, including financial services, healthcare and public health, energy, and water and wastewater systems. Each CRR provides an organization with a comprehensive report that can provide a seemingly overwhelming number of options for improving the resilience...

Read More