search menu icon-carat-right cmu-wordmark

Subject: Mission Assurance

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

• SEI Blog
Nickolas Guertin

This post was co-authored by Douglas Schmidt and William Scherlis. To maintain a strategic advantage over its adversaries, the Department of Defense (DoD) must field new technologies rapidly. "It is not about speed of discovery, it is about speed of delivery to the field," Michael D. Griffin, undersecretary of defense for research and engineering, told a Senate Armed Services subcommittee in April 2018. The architecture of Department of Defenses (DoD) acquisition organizations is based on...

Read More
A 5-Step Process for Release Planning

A 5-Step Process for Release Planning

• SEI Blog
Robert Ferguson

Software products are often used for two decades or more. Several researchers have shown the cost of maintenance and sustainment ranges between 40- and 80 percent of the total lifecycle cost with a median estimate near 70 percent. Sometimes executives have asked, Why does software sustainment cost so much? This blog turns the question around to ask, Can we get better value from our continuing software investment? Of course, the answer is affirmative. We can...

Read More
Towards a New Model of Acquisition: Product-Line Architectures for the DoD - Second in a Series

Towards a New Model of Acquisition: Product-Line Architectures for the DoD - Second in a Series

• SEI Blog
Nickolas Guertin

This post was co-authored by Douglas Schmidt and William Scherlis. It is widely recognized that the Department of Defense (DoD) needs to have a nimble response to nimble adversaries. However, the inflexibility of many DoD development and acquisition practices begets inflexible architectures that often slow progress and increase risk to operational forces. This rejection of modern development methods actually increases program risk and extends development timelines, effectively reducing the value of the DoD's acquisition portfolio....

Read More
Deep Learning and Satellite Imagery: DIUx Xview Challenge

Deep Learning and Satellite Imagery: DIUx Xview Challenge

• SEI Blog
Ritwik Gupta

In 2017 and 2018, the United States witnessed a milestone year of climate and weather-related disasters from droughts and wildfires to cyclones and hurricanes. Increasingly, satellites are playing an important role in helping emergency responders assess the damage of a weather event and find victims in its aftermath. Most recently satellites have tracked the devastation wrought by the California wildfires from space. The United States military, which is often the first on the scene of...

Read More
Governance of a Software Product Line: Complexities and Goals

Governance of a Software Product Line: Complexities and Goals

• SEI Blog
Robert Ferguson

My prior blog post on product lines in DoD sustainment described the complexity of contractual relationships in a DoD software product line. Recall that a software product line is a collection of related products with shared software artifacts and engineering services that has been developed by a single organization in support of multiple programs serving multiple missions and different customers. A product line can reduce cost of development and support. In exchange, it can be...

Read More
Deep Learning, Agile-DevOps, and Cloud Security: The Top 10 Blog Posts of 2018

Deep Learning, Agile-DevOps, and Cloud Security: The Top 10 Blog Posts of 2018

• SEI Blog
Douglas C. Schmidt

Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's top 10, which features posts published between January 1, 2018, and December 31, 2018, brought an ever-increasing number of visitors to the blog. 10. Why You Should Apply Agile-DevOps Earlier in the Lifecycle9. Best Practices and Considerations in Egress Filtering8. Deep Learning: Going Deeper toward Meaningful Patterns in Complex Data7. Why Does Software Cost So Much?6. Revealing...

Read More
Emerging Opportunities in Modularity and Open Systems Architectures - First in a Series

Emerging Opportunities in Modularity and Open Systems Architectures - First in a Series

• SEI Blog
Nickolas Guertin

This post is also co-authored by Douglas C. Schmidt and William Scherlis. In its effort to increase the capability of the warfighter, the Department of Defense (DoD) has made incremental changes in its acquisition practices for building and deploying military capacity. This capacity can be viewed as "platforms" (tanks, ships, aircraft, etc.) and the mission system "payloads" (sensors, command and control, weapons, etc.) that are populated onto those platforms to deliver the desired capability. This...

Read More
Decisions for Sustaining a Software Product Line

Decisions for Sustaining a Software Product Line

• SEI Blog
Robert Ferguson

A software product line is a collection of related products with shared software artifacts and engineering services that has been developed by a single organization intended to serve different missions and different customers. In industry, product lines provide both customer benefits (such as functionality, quality, and cost) and development organization benefits (such as time to market and price-margin). Moreover, these benefits last through multiple generations of products. This blog is the first in a series...

Read More
Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

• SEI Blog
Bob Binder

As Soon as Possible In the first post in this series, I introduced the concept of the Minimum Viable Capability (MVC). While the intent of the Minimum Viable Product (MVP) strategy is to focus on rapidly developing and validating only essential product features, MVC adapts this strategy to systems that are too large, too complex, or too critical for MVP. MVC is a scalable approach to validating a system of capabilities, each at the earliest...

Read More
Three Approaches to Adding Flexibility in Software Sustainment Contracting

Three Approaches to Adding Flexibility in Software Sustainment Contracting

• SEI Blog
Julie Cohen

This post was co-authored by Cecilia Albert and Harry Levinson. At the SEI we have been involved in many programs where the intent is to increase the capability of software systems currently in sustainment. We have assisted government agencies who have implemented some innovative contracting and development strategies that provide benefits to those programs. The intent of the blog is to explain three approaches that could help others in the DoD or federal government agencies...

Read More
Introducing the Minimum Viable Capability Strategy

Introducing the Minimum Viable Capability Strategy

• SEI Blog
Bob Binder

It's common for large-scale cyber-physical systems (CPS) projects to burn huge amounts of time and money with little to show for it. As the minimum viable product (MVP) strategy of fast and focused stands in sharp contrast to the inflexible and ponderous product planning that has contributed to those fiascos, MVP has been touted as a useful corrective. The MVP strategy has become fixed in the constellation of Agile jargon and practices. However, trying to...

Read More
Deep Learning, Cyber Intelligence, Managing Privacy and Security, and Network Traffic Analysis: The Latest Work from the SEI

Deep Learning, Cyber Intelligence, Managing Privacy and Security, and Network Traffic Analysis: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in deep learning, cyber intelligence, interruption costs, digital footprints on social networks, managing privacy and security, and network traffic analysis. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links where they can...

Read More
Agile Strategy: Short-Cycle Strategy Development and Execution

Agile Strategy: Short-Cycle Strategy Development and Execution

• SEI Blog
Linda Parker Gates

When the rate of change inside an institution becomes slower than the rate of change outside, the end is in sight. - Jack Welch In a world of agile everything, agile concepts are being applied in areas well beyond software development. At the NDIA Agile in Government Summit held in Washington, D.C. in June, Dr. George Duchak, the Deputy Assistant Secretary of Defense for Cyber, Command & Control, Communications & Networks, and Business Systems, spoke...

Read More
Automated Code Generation for Future Compatible High-Performance Graph Libraries

Automated Code Generation for Future Compatible High-Performance Graph Libraries

• SEI Blog
Scott McMillan

For many DoD missions, our ability to collect information has outpaced our ability to analyze that information. Graph algorithms and large-scale machine learning algorithms are a key to analyzing the information agencies collect. They are also an increasingly important component of intelligence analysis, autonomous systems, cyber intelligence and security, logistics optimization, and more. In this blog post, we describe research to develop automated code generation for future-compatible graph libraries: building blocks of high-performance code that...

Read More
Efficient and Effective Software Sustainment of Product-Line-Based Systems

Efficient and Effective Software Sustainment of Product-Line-Based Systems

• SEI Blog
Mike Phillips

In the SEI's examination of the software sustainment phase of the Department of Defense (DoD) acquisition lifecycle, we have noted that the best descriptor for sustainment efforts for software is "continuous engineering." Typically, during this phase, the hardware elements are repaired or have some structural modifications to carry new weapons or sensors. Software, on the other hand, continues to evolve in response to new security threats, new safety approaches, or new functionality provided within the...

Read More
Agile Metrics: A New Approach to Oversight

Agile Metrics: A New Approach to Oversight

• SEI Blog
Will Hayes

There's been a widespread movement in recent years from traditional waterfall development to Agile approaches in government software acquisition programs. This transition has created the need for personnel who oversee government software acquisitions to become fluent in metrics used to monitor systems developed with Agile methods. This post, which is a follow-up to my earlier post on Agile metrics, presents updates on our Agile-metrics work based on recent interactions with government programs....

Read More
Five Models of Technology Transition to Bridge the Gap Between Digital Natives and Digital Immigrants

Five Models of Technology Transition to Bridge the Gap Between Digital Natives and Digital Immigrants

• SEI Blog
Suzanne Miller

As the defense workforce attracts younger staff members, this digital native generation is having an effect. "To accommodate millennial IT workers, so-called 'digital natives,'" wrote Phil Goldstein in a May 2016 FedTech article, "the service branches of the Department of Defense need to square cybersecurity with the attitudes and behaviors of younger employees, according to senior defense IT officials." Digital natives approach technology differently than digital immigrants, which includes those born before the widespread use...

Read More
Multicore and Virtualization Recommendations

Multicore and Virtualization Recommendations

• SEI Blog
Donald Firesmith

The first post in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing, whereas the third and fourth posts concentrated on virtualization via virtual machines (VMs) and containers (containerization), respectively. This fifth and final post in the series provides general recommendations for the use of these three technologies--multicore processing, virtualization via VMs, and virtualization via containers--including mitigating...

Read More
Virtualization via Containers

Virtualization via Containers

• SEI Blog
Donald Firesmith

The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing, whereas the third post concentrated on virtualization via virtual machines. In this fourth post in the series, I define virtualization via containers, list its current trends, and examine its pros and cons, including its safety and security ramifications....

Read More
Virtualization via Virtual Machines

Virtualization via Virtual Machines

• SEI Blog
Donald Firesmith

This posting is the third in a series that focuses on multicore processing and virtualization, which are becoming ubiquitous in software development. The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing. This third posting concentrates on virtualization via virtual machines (VMs). Below I define the relevant concepts underlying virtualization via VMs, list...

Read More
Coordinated Vulnerability Disclosure, Ransomware, Scaling Agile, and Android App Analysis: The Latest Work from the SEI

Coordinated Vulnerability Disclosure, Ransomware, Scaling Agile, and Android App Analysis: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts and webinars highlighting our work in coordinated vulnerability disclosure, scaling Agile methods, automated testing in Agile environments, ransomware, and Android app analysis. These publications highlight the latest work of SEI technologists in these areas. One SEI Special Report presents data related to DoD software projects and translated it into information that...

Read More
Multicore Processing

Multicore Processing

• SEI Blog
Donald Firesmith

The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. This second post will concentrate on multicore processing, where I will define its various types, list its current trends, examine its pros and cons, and briefly address its safety and security ramifications....

Read More
Multicore and Virtualization: An Introduction

Multicore and Virtualization: An Introduction

• SEI Blog
Donald Firesmith

Multicore processing and virtualization are rapidly becoming ubiquitous in software development. They are widely used in the commercial world, especially in large data centers supporting cloud-based computing, to (1) isolate application software from hardware and operating systems, (2) decrease hardware costs by enabling different applications to share underutilized computers or processors, (3) improve reliability and robustness by limiting fault and failure propagation and support failover and recovery, and (4) enhance scalability and responsiveness through the...

Read More
Top 10 SEI Blog Posts of 2017

Top 10 SEI Blog Posts of 2017

• SEI Blog
Douglas C. Schmidt

The crop of Top 10 SEI Blog posts in the first half of 2017 (judged by the number of visits by our readers) represents the best of what we do here at the SEI: transitioning our knowledge to those who need it. Several of our Top 10 posts this year are from a series of posts on best practices for network security that we launched in November 2016 in the wake of the Dyn attack....

Read More
Supply Chain Risk Management, Network Situational Awareness, Software Architecture, and Network Time Protocol: The Latest Work from the SEI

Supply Chain Risk Management, Network Situational Awareness, Software Architecture, and Network Time Protocol: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI technical reports, white papers, podcasts and webinars on supply chain risk management, process improvement, network situational awareness, software architecture, network time protocol as well as a podcast interview with SEI Fellow Peter Feiler. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication,...

Read More
Three Pilots of the CERT Software Assurance Framework

Three Pilots of the CERT Software Assurance Framework

• SEI Blog
Christopher Alberts

This post is coauthored by Carol Woody. Software is a growing component of business and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions also increase. We recently published a technical note that introduces the prototype Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. We envision program managers using this framework to assess an acquisition program's current...

Read More
Software Assurance, Data Governance, and Malware Analysis: The Latest Work from the SEI

Software Assurance, Data Governance, and Malware Analysis: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI technical reports, white papers, podcasts and webinars on software assurance, data governance, self-adaptive systems, engineering high-assurance software for distributed adaptive real-time (DART) systems, technical debt, and automating malware collection and analysis. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and...

Read More
Experiences Using IBM Watson in Software Assurance

Experiences Using IBM Watson in Software Assurance

• SEI Blog
Mark Sherman

Since its debut on Jeopardy in 2011, IBM's Watson has generated a lot of interest in potential applications across many industries. I recently led a research team investigating whether the Department of Defense (DoD) could use Watson to improve software assurance and help acquisition professionals assemble and review relevant evidence from documents. As this blog post describes, our work examined whether typical developers could build an IBM Watson application to support an assurance review....

Read More
Establishing Trust in Disconnected Environments

Establishing Trust in Disconnected Environments

• SEI Blog
Grace Lewis

First responders, search-and-rescue teams, and military personnel often work in "tactical edge" environments defined by limited computing resources, rapidly changing mission requirements, high levels of stress, and limited connectivity. In these tactical edge environments, software applications that enable tasks such as face recognition, language translation, decision support, and mission planning and execution are critical due to computing and battery limitations on mobile devices. Our work on tactical cloudlets addresses some of these challenges by providing...

Read More
Are We Creating Organizational Debt?

Are We Creating Organizational Debt?

• SEI Blog
Linda Parker Gates

Interest in Agile and lightweight development methods in the software development community has become widespread. Our experiences with the application of Agile principles have therefore become richer. In my blog post, Toward Agile Strategic Planning, I wrote about how we can apply Agile principles to strategic planning. In this blog post, I apply another Agile concept, technical debt, to another organizational excellence issue. Specifically I explore whether organizational debt is accrued when we implement quick...

Read More