search menu icon-carat-right cmu-wordmark

Subject: Software Architecture

The AADL Error Library: 4 Families of System Errors

The AADL Error Library: 4 Families of System Errors

• SEI Blog
Sam Procter

Peter Feiler co-authored this blog post. Classifying the way that things can go wrong in a component-based system is a hard challenge since components--and the systems that rely on them--can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven systems are increasingly used for safety-critical applications. Unfortunately, many well-established classifications and taxonomies of system errors are not what we would term operationalized (i.e., directly usable in modern,...

Read More
Managing the Consequences of Technical Debt: 5 Stories from the Field

Managing the Consequences of Technical Debt: 5 Stories from the Field

• SEI Blog
Ipek Ozkaya

Rod Nord coauthored this post. If you participate in the development of software, the chances are good that you have experienced the consequences of technical debt, which communicates additional cost and rework over the software lifecycle when a short-term, easy solution is chosen instead of a better solution. Understanding and managing technical debt is an important goal for many organizations. Proactively managing technical debt promises to give organizations the ability to control the cost of...

Read More
Rapid Software Composition by Assessing Untrusted Components

Rapid Software Composition by Assessing Untrusted Components

• SEI Blog
Rick Kazman

Today, organizations build applications on top of existing platforms, frameworks, components, and tools; no one constructs software from scratch. Hence today's software development paradigm challenges developers to build trusted systems that include increasing numbers of largely untrusted components. Bad decisions are easy to make and have significant long-term consequences. For example, decisions based on outdated knowledge or documentation, or skewed to one criterion (such as performance) may lead to substantial quality problems, security risks, and...

Read More
Analysis: System Architecture Virtual Integration Nets Significant Savings

Analysis: System Architecture Virtual Integration Nets Significant Savings

• SEI Blog
Peter Feiler

The size of aerospace software, as measured in source lines of code (SLOC), has grown rapidly. Airbus and Boeing data show that SLOC have doubled every four years. The current generation of aircraft software exceeds 25 million SLOC (MSLOC). These systems must satisfy safety-critical, embedded, real-time, and security requirements. Consequently, they cost significantly more than general-purpose systems. Their design is more complex, due to quality attribute requirements, high connectivity among subsystems, and sensor dependencies--each of...

Read More
Automating Design Analysis

Automating Design Analysis

• SEI Blog
Neil Ernst

Software design problems, often the result of optimizing for delivery speed, are a critical part of long-term software costs. Automatically detecting such design problems is a high priority for software practitioners. Software quality tools aim to automatically detect violations of common software quality rules. However, since these tools bundle a number of rules, including rules for code quality, it is hard for users to understand which rules identify design issues in particular. This blog post...

Read More
Security Modeling Tools

Security Modeling Tools

• SEI Blog
Julien Delange

Over the past six months, we have developed new security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. Recent reports (such as the remote attack surface analysis of automotive systems) show that security is no longer only a matter of code and is tightly related to the software architecture. These new tools are our contribution toward improving system and software analysis. We hope they will move forward other work on security...

Read More
Data Science, Blacklists, and Mixed-Critical Software: The Latest Research from the SEI

Data Science, Blacklists, and Mixed-Critical Software: The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog posting summarizes some recently published SEI technical reports, white papers, and webinars in early lifecycle cost estimation, data science, host protection strategies, blacklists, the Architectural Analysis and Design Language (AADL), architecture fault modeling and analysis, and programming and verifying distributed mixed-synchrony and mixed-critical software. These publications highlight the latest work of SEI technologists in these areas. This post includes...

Read More
The Future of Managing Technical Debt

The Future of Managing Technical Debt

• SEI Blog
Robert Nord

Software engineers increasingly recognize technical debt as a problem they care about, but they lack methods and tools to help them strategically plan, track, and pay down debt. The concept provides a vocabulary to engage researchers from a practice point of view, but they often lack an empirical basis and data science on which to validate their work on technical debt. Our recent Dagstuhl Seminar on Managing Technical Debt in Software Engineering provided a venue...

Read More
Early Software Vulnerability Detection with Technical Debt

Early Software Vulnerability Detection with Technical Debt

• SEI Blog
Robert Nord

Edward J. Schwartz, a research scientist on the vulnerability analysis team, co-authored this post. Software engineers face a universal problem when developing software: weighing the benefit of an approach that is expedient in the short-term, but which can lead to complexity and cost over the long term. In software-intensive systems, these tradeoffs can create technical debt, which is a design or implementation construct that is expedient in the short term, but which sets up a...

Read More
EMFTA: an Open Source Tool for Fault Tree Analysis

EMFTA: an Open Source Tool for Fault Tree Analysis

• SEI Blog
Julien Delange

Safety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a quadcopter drone, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard. Standards such as ARP4761 mandate several analyses, such as Functional Hazard Assessment (FHA) and Failure Mode and Effect Analysis (FMEA). One popular...

Read More
Top 10 SEI Blog Posts of 2016

Top 10 SEI Blog Posts of 2016

• SEI Blog
Douglas C. Schmidt

The crop of Top 10 SEI blog posts published in the first half of 2016 (judged by the number of visits by our readers) represents a cross section of the type of cutting-edge work that we do at the SEI: at-risk emerging technologies, cyber intelligence, big data, vehicle cybersecurity, and what ant colonies can teach us about securing the internet. In all, readers visited the SEI blog more than 52,000 times for the first six...

Read More
Situational Analysis, Software Architecture, Insider Threat, Threat Modeling, and Honeynets: The Latest Research from the SEI

Situational Analysis, Software Architecture, Insider Threat, Threat Modeling, and Honeynets: The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports, white papers, webinars, and podcasts. These publications highlight the latest work of SEI technologists in military situational analysis, software architecture, insider threat, honeynets, and threat modeling. This post includes a listing of each publication, author(s), and links where they can be accessed on the SEI website....

Read More
A Case Study in Locating the Architectural Roots of Technical Debt

A Case Study in Locating the Architectural Roots of Technical Debt

• SEI Blog
Rick Kazman

Recent research has demonstrated that in large scale software systems, bugs seldom exist in isolation. As detailed in a previous post in this series, bugs are often architecturally connected. These architectural connections are design flaws. Static analysis tools cannot find many of these flaws, so they are typically not addressed early in the software development lifecycle. Such flaws, if they are detected at all, are found after the software has been in use; at this...

Read More
Three Roles and Three Failure Patterns of Software Architects

Three Roles and Three Failure Patterns of Software Architects

• SEI Blog
John Klein

Listen to an audio recording of this blog post. When I was a chief architect working in industry, I was repeatedly asked the same questions: What makes an architect successful? What skills does a developer need to become a successful architect? There are no easy answers to these questions. For example, in my experience, architects are most successful when their skills and capabilities match a project's specific needs. Too often, in answering the question of...

Read More
A Tool to Address Cybersecurity Vulnerabilities Through Design

A Tool to Address Cybersecurity Vulnerabilities Through Design

• SEI Blog
Rick Kazman

This post was also co-authored by Carol Woody. Increasingly, software development organizations are finding that a large number of their vulnerabilities stem from design weaknesses and not coding vulnerabilities. Recent statistics indicate that research should focus on identifying design weaknesses to alleviate software bug volume. In 2011, for example when MITRE released its list of the 25 most dangerous software errors, approximately 75 percent of those errors represented design weaknesses. Viewed through another lens, more...

Read More
Improving System and Software Security with AADL

Improving System and Software Security with AADL

• SEI Blog
Julien Delange

As our world becomes increasingly software-reliant, reports of security issues in the interconnected devices that we use throughout our day (i.e., the Internet of Things) are also increasing. This blog post discusses how to capture security requirements in architecture models, use them to build secure systems, and reduce potential security defects. This post also provides an overview of our ongoing research agenda on using architecture models for the design, analysis, and implementation of secure cyber-physical...

Read More
Managing Software Complexity in Models

Managing Software Complexity in Models

• SEI Blog
Julien Delange

By Julien Delange Member of the Technical Staff Software Solutions Division For decades, safety-critical systems have become more software intensive in every domain--in avionics, aerospace, automobiles, and medicine. Software acquisition is now one of the biggest production costs for safety-critical systems. These systems are made up of several software and hardware components, executed on different components, and interconnected using various buses and protocols. For instance, cars are now equipped with more than 70 electronic control...

Read More
Agile, Architecture Fault Analysis, the BIS Wassenaar Rule, and Computer Network Design: The Latest Research from the SEI

Agile, Architecture Fault Analysis, the BIS Wassenaar Rule, and Computer Network Design: The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

By Douglas C. Schmidt Principal Researcher As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports, technical notes, and white papers. These reports highlight the latest work of SEI technologists in Agile software development and Agile-at-scale, software architecture fault analysis, computer network design, confidence in system properties, and system-of-systems development as well as commentary from two CERT...

Read More
A Field Study of Technical Debt

A Field Study of Technical Debt

• SEI Blog
Neil Ernst

In their haste to deliver software capabilities, developers sometimes engage in less-than-optimal coding practices. If not addressed, these shortcuts can ultimately yield unexpected rework costs that offset the benefits of rapid delivery. Technical debt conceptualizes the tradeoff between the short-term benefits of rapid delivery and long-term value. Taking shortcuts to expedite the delivery of features in the short term incurs technical debt, analogous to financial debt, that must be paid off later to optimize long-term...

Read More
The SPRUCE Series: 8 Recommended Practices in the Software-Development of Safety-Critical Systems

The SPRUCE Series: 8 Recommended Practices in the Software-Development of Safety-Critical Systems

• SEI Blog
SPRUCE Project

This is the second installment of two blog posts highlighting recommended practices for developing safety-critical systems that was originally published on the Cyber Security & Information Systems Information Analysis Center (CSIAC) website. The first post in the series by Peter Feiler, Julien Delange, and Charles Weinstock explored challenges to developing safety critical systems and presented the first three practices: Use quality attribute scenarios and mission-tread analyses to identify safety-critical requirements. Specify safety-critical requirements, and prioritize...

Read More
The SPRUCE Series: Recommended Practices in the Software Development of Safety-Critical Systems

The SPRUCE Series: Recommended Practices in the Software Development of Safety-Critical Systems

• SEI Blog
SPRUCE Project

Software and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply agile methods in government acquisition frameworks, systematic verification and validation of safety-critical systems, and operational risk management. In the Department of Defense (DoD), these techniques are just a few of the options available to face the myriad challenges in producing large, secure software-reliant systems on schedule and within budget....

Read More
AADL Code Generation for Avionics Systems

AADL Code Generation for Avionics Systems

• SEI Blog
Julien Delange

Using the Architecture Analysis & Design Language (AADL) modeling notation early in the development process not only helps the development team detect design errors before implementation, but also supports implementation efforts and produces high-quality code. Our recent blog posts and webinar have shown how AADL can identify potential design errors and help avoid propagating them through the development process, where remediation can require massive re-engineering, delay the schedule, and increase costs....

Read More
Model Driven Engineering: Automatic Code Generation and Beyond

Model Driven Engineering: Automatic Code Generation and Beyond

• SEI Blog
John Klein

Acquisition executives in domains ranging from modernizing legacy business systems to developing real-time communications systems often face the following challenge:Vendors claim that model-driven engineering (MDE) tools enable developers to generate software code automatically and achieve extremely high developer productivity....

Read More
Information Technology Systems Modernization

Information Technology Systems Modernization

• SEI Blog
William Wood

Legacy systems represent a massive operations and maintenance (O&M) expense. According to a recent study, 75 percent of North American and European enterprise information technology (IT) budgets are expended on ongoing O&M, leaving a mere 25 percent for new investments. Another study found nearly three quarters of the U.S. federal IT budget is spent supporting legacy systems. For decades, the Department of Defense (DoD) has been attempting to modernize about 2,200 business systems, which are...

Read More
An Introduction to the Mission Thread Workshop

An Introduction to the Mission Thread Workshop

• SEI Blog
Michael Gagliardi

In Department of Defense (DoD) programs, cooperation among software and system components is critical. A system of systems (SoS) is used to accomplish a number of missions where cooperation among individual systems is critical to providing (new) capabilities that the systems could not provide. SoS capabilities are a major driver in the architecture of the SoS and selection of constituent systems for the SoS. There are additional critical drivers, however, that must be accounted for...

Read More
AADL: Four Real-World Perspectives

AADL: Four Real-World Perspectives

• SEI Blog
Julien Delange

Mismatched assumptions about hardware, software, and their interactions often result in system problems detected too late in the development lifecycle, which is an expensive and potentially dangerous situation for developers and users of mission- and safety-critical technologies. To address this problem, the Society of Automotive Engineers (SAE) released the aerospace standard AS5506, named the Architecture Analysis & Design Language (AADL). The AADL standard,defines a modeling notation based on a textual and graphic representation used by...

Read More
Managing Model Complexity

Managing Model Complexity

• SEI Blog
Julien Delange

Over the years, software architects and developers have designed many methods and metrics to evaluate software complexity and its impact on quality attributes, such as maintainability, quality, and performance. Existing studies and experiences have shown that highly complex systems are harder to understand, maintain, and upgrade. Managing software complexity is therefore useful, especially for software that must be maintained for many years....

Read More
Code Generation with AADL: A State-of-the-Art Report

Code Generation with AADL: A State-of-the-Art Report

• SEI Blog
Julien Delange

Given that up to 70 percent of system errors are introduced during the design phase, stakeholders need a modeling language that will ensure both requirements enforcement during the development process and the correct implementation of these requirements. Previous work demonstrates that using the Architecture Analysis & Design Language (AADL) early in the development process not only helps detect design errors before implementation, but also supports implementation efforts and produces high-quality code. Our latest blog posts...

Read More
Evolutionary Improvements of Quality Attributes: Performance in Practice

Evolutionary Improvements of Quality Attributes: Performance in Practice

• SEI Blog
Neil Ernst

Continuous delivery practices, popularized in Jez Humble's 2010 book Continuous Delivery, enable rapid and reliable software system deployment by emphasizing the need for automated testing and building, as well as closer cooperation between developers and delivery teams. As part of the Carnegie Mellon University Software Engineering Institute's (SEI) focus on Agile software development, we have been researching ways to incorporate quality attributes into the short iterations common to Agile development....

Read More
Principles of Big Data Systems: You Can't Manage What You Don't Monitor

Principles of Big Data Systems: You Can't Manage What You Don't Monitor

• SEI Blog
Ian Gorton

The term big data is a subject of much hype in both government and business today. Big data is variously the cause of all existing system problems and, simultaneously, the savior that will lead us to the innovative solutions and business insights of tomorrow. All this hype fuels predictions such as the one from IDC that the market for big data will reach $16.1 billion in 2014, growing six times faster than the overall information...

Read More
Four Principles of Engineering Scalable, Big Data Software Systems

Four Principles of Engineering Scalable, Big Data Software Systems

• SEI Blog
Ian Gorton

In earlier posts on big data, I have written about how long-held design approaches for software systems simply don't work as we build larger, scalable big data systems. Examples of design factors that must be addressed for success at scale include the need to handle the ever-present failures that occur at scale, assure the necessary levels of availability and responsiveness, and devise optimizations that drive down costs. Of course, the required application functionality and engineering...

Read More
Android, Heartbleed, Testing, and DevOps: An SEI Blog Mid-Year Review

Android, Heartbleed, Testing, and DevOps: An SEI Blog Mid-Year Review

• SEI Blog
Douglas C. Schmidt

In the first half of this year, the SEI blog has experienced unprecedented growth, with visitors in record numbers learning more about our work in big data, secure coding for Android, malware analysis, Heartbleed, and V Models for Testing. In the first six months of 2014 (through June 20), the SEI blog has logged 60,240 visits, which is nearly comparable with the entire 2013 yearly total of 66,757 visits. As we reach the mid-year point,...

Read More
Architecture Analysis Using AADL: A Beginner's Perspective

Architecture Analysis Using AADL: A Beginner's Perspective

• SEI Blog
Julien Delange

Introducing new software languages, tools, and methods in industrial and production environments incurs a number of challenges. Among other necessary changes, practices must be updated, and engineers must learn new methods and tools. These updates incur additional costs, so transitioning to a new technology must be carefully evaluated and discussed. Also, the impact and associated costs for introducing a new technology vary significantly by type of project, team size, engineers' backgrounds, and other factors, so...

Read More
Specifying Behavior with AADL

Specifying Behavior with AADL

• SEI Blog
Julien Delange

The Architecture Analysis and Design Language (AADL) is a modeling language that, at its core, allows designers to specify the structure of a system (components and connections) and analyze its architecture. From a security point of view, for example, we can use AADL to verify that a high-security component does not communicate with a low-security component and, thus, ensure that one type of security leak is prevented by the architecture. The ability to capture the...

Read More
The Importance of Automated Testing in Open Systems Architecture Initiatives

The Importance of Automated Testing in Open Systems Architecture Initiatives

• SEI Blog
Douglas C. Schmidt

To view a video of the introduction, please click here.The Better Buying Power 2.0 initiative is a concerted effort by the United States Department of Defense to achieve greater efficiencies in the development, sustainment, and recompetition of major defense acquisition programs through cost control, elimination of unproductive processes and bureaucracy, and promotion of open competition. This SEI blog posting describes how the Navy is operationalizing Better Buying Power in the context of their Open Systems...

Read More
Using Quality Attributes as a Means to Improve Acquisition Strategies

Using Quality Attributes as a Means to Improve Acquisition Strategies

• SEI Blog
Lisa Brownsword

Although software is increasingly important to the success of government programs, there is often little consideration given to its impact on early key program decisions. The Carnegie Mellon University Software Engineering Institute (SEI) is conducting a multi-phase research initiative aimed at answering the question: is the probability of a program's success improved through deliberately producing a program acquisition strategy and software architecture that are mutually constrained and aligned?...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in systems of systems integration from an architectural perspective, unintentional insider threat that derives from social engineering, identifying physical security gaps in international mail processing centers and similar facilities, countermeasures used by cloud service providers, the...

Read More
Security Pattern Assurance through Round-trip Engineering

Security Pattern Assurance through Round-trip Engineering

• SEI Blog
Rick Kazman

The process of designing and analyzing software architectures is complex. Architectural design is a minimally constrained search through a vast multi-dimensional space of possibilities. The end result is that architects are seldom confident that they have done the job optimally, or even satisfactorily. Over the past two decades, practitioners and researchers have used architectural patterns to expedite sound software design. Architectural patterns are prepackaged chunks of design that provide proven structural solutions for achieving particular...

Read More
The Importance of Software Architecture in Big Data Systems

The Importance of Software Architecture in Big Data Systems

• SEI Blog
Ian Gorton

Many types of software systems, including big data applications, lend them themselves to highly incremental and iterative development approaches. In essence, system requirements are addressed in small batches, enabling the delivery of functional releases of the system at the end of every increment, typically once a month. The advantages of this approach are many and varied. Perhaps foremost is the fact that it constantly forces the validation of requirements and designs before too much progress...

Read More
2013: The Research Year in Review

2013: The Research Year in Review

• SEI Blog
Douglas C. Schmidt

As part of our mission to advance the practice of software engineering and cybersecurity through research and technology transition, our work focuses on ensuring that software-reliant systems are developed and operated with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development activities involving the Department of Defense (DoD), federal agencies, industry, and academia. As we look back on 2013, this blog posting highlights our many R&D accomplishments...

Read More
Using Scenario-Based Architecture Analysis to Inform Code Quality Measures

Using Scenario-Based Architecture Analysis to Inform Code Quality Measures

• SEI Blog
Robert Nord

As the pace of software delivery increases, organizations need guidance on how to deliver high-quality software rapidly, while simultaneously meeting demands related to time-to-market, cost, productivity, and quality. In practice, demands for adding new features or fixing defects often take priority. However, when software developers are guided solely by project management measures, such as progress on requirements and defect counts, they ignore the impact of architectural dependencies, which can impede the progress of a project...

Read More
Detecting Architecture Traps and Pitfalls in Safety-Critical Software

Detecting Architecture Traps and Pitfalls in Safety-Critical Software

• SEI Blog
Julien Delange

Safety-critical avionics, aerospace, medical, and automotive systems are becoming increasingly reliant on software. Malfunctions in these systems can have significant consequences including mission failure and loss of life. So, they must be designed, verified, and validated carefully to ensure that they comply with system specifications and requirements and are error free. In the automotive domain, for example, cars contain many electronic control units (ECU)--today's standard vehicle can contain up to 30 ECUs--that communicate to control...

Read More
The Architectural Evolution of DoD Combat Systems

The Architectural Evolution of DoD Combat Systems

• SEI Blog
Douglas C. Schmidt

To deliver enhanced integrated warfighting capability at lower cost across the enterprise and over the lifecycle, the Department of Defense (DoD) must move away from stove-piped solutions and towards a limited number of technical reference frameworks based on reusable hardware and software components and services. There have been previous efforts in this direction, but in an era of sequestration and austerity, the DoD has reinvigorated its efforts to identify effective methods of creating more affordable...

Read More
AADL: SAVI and Beyond

AADL: SAVI and Beyond

• SEI Blog
Julien Delange

The size and complexity of aerospace software systems has increased significantly in recent years. When looking at source lines of code (SLOC), the size of systems has doubled every four years since the mid 1990s, according to a recent SEI technical report. The 27 million SLOC that will be produced from 2010 to 2020 is expected to exceed $10 billion. These increases in size and cost have also been accompanied by significant increases in errors...

Read More
Addressing the Software Engineering Challenges of Big Data

Addressing the Software Engineering Challenges of Big Data

• SEI Blog
Ian Gorton

New data sources, ranging from diverse business transactions to social media, high-resolution sensors, and the Internet of Things, are creating a digital tidal wave of big data that must be captured, processed, integrated, analyzed, and archived. Big data systems storing and analyzing petabytes of data are becoming increasingly common in many application areas. These systems represent major, long-term investments requiring considerable financial commitments and massive scale software and system deployments....

Read More
AADL: Initial Foundations

AADL: Initial Foundations

• SEI Blog
Julien Delange

When life- and safety-critical systems fail (and this happens in many domains), the results can be dire, including loss of property and life. These types of systems are increasingly prevalent, and can be found in the altitude and control systems of a satellite, the software-reliant systems of a car (such as its cruise control and anti-lock braking system), or medical devices that emit radiation. When developing such systems, software and systems architects must balance the...

Read More
Agile and Architecture Practices for Rapid Delivery

Agile and Architecture Practices for Rapid Delivery

• SEI Blog
Stephany Bellomo

Agile projects with incremental development lifecycles are showing greater promise in enabling organizations to rapidly field software compared to waterfall projects. There is a lack of clarity, however, regarding the factors that constitute and contribute to success of Agile projects. A team of researchers from Carnegie Mellon University's Software Engineering Institute, including Ipek Ozkaya, Robert Nord, and myself, interviewed project teams with incremental development lifecycles from five government and commercial organizations. This blog posting summarizes...

Read More
Towards Affordable DoD Combat Systems in the Age of Sequestration

Towards Affordable DoD Combat Systems in the Age of Sequestration

• SEI Blog
Douglas C. Schmidt

Department of Defense (DoD) program managers and associated acquisition professionals are increasingly called upon to steward the development of complex, software-reliant combat systems. In today's environment of expanded threats and constrained resources (e.g., sequestration), their focus is on minimizing the cost and schedule of combat-system acquisition, while simultaneously ensuring interoperability and innovation. A promising approach for meeting these challenging goals is Open Systems Architecture (OSA), which combines (1) technical practices designed to reduce the cycle...

Read More
AADL in the Medical Domain

AADL in the Medical Domain

• SEI Blog
Julien Delange

When life- and safety-critical systems fail, the results can be dire, including loss of property and life. These types of systems are increasingly prevalent, and can be found in the altitude and control systems of a satellite, the software-reliant systems of a car (such as its cruise control and GPS), or a medical device. When developing such systems, software and systems architects must balance the need for stability and safety with stakeholder demands and time-to-market...

Read More
Improving Safety-critical Systems with a Reliability Validation & Improvement Framework

Improving Safety-critical Systems with a Reliability Validation & Improvement Framework

• SEI Blog
Peter Feiler

Aircraft and other safety-critical systems increasingly rely on software to provide their functionality. The exponential growth of software in safety-critical systems has pushed the cost for building aircraft to the limit of affordability. Given this increase, the current practice of build-then-test is no longer feasible. This blog posting describes recent work at the SEI to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework that will lead...

Read More
AADL Tools: Leveraging the Ecosystem

AADL Tools: Leveraging the Ecosystem

• SEI Blog
Julien Delange

Software and systems architects face many challenges when designing life- and safety-critical systems, such as the altitude and control systems of a satellite, the auto pilot system of a car, or the injection system of a medical infusion pump. Architects in software and systems answer to an expanding group of stakeholders and often must balance the need to design a stable system with time-to-market constraints. Moreover, no matter what programming language architects choose, they cannot...

Read More
Architecting Service-Oriented Systems

Architecting Service-Oriented Systems

• SEI Blog
Grace Lewis

In 2009, a popular blogger published a post entitled "SOA is Dead," which generated extensive commentary among those who work in the field of service-oriented architecture (SOA). Many practitioners in this field completely misinterpreted the post; some read the title and just assumed that the content referenced the demise of SOA. Quite the opposite, the post was inviting people to stop thinking about SOA as a set of technologies and start embracing SOA as an...

Read More
The SEI Blog: A Two-Year Retrospective

The SEI Blog: A Two-Year Retrospective

• SEI Blog
Douglas C. Schmidt

In launching the SEI blog two years ago, one of our top priorities was to advance the scope and impact of SEI research and development projects, while increasing the visibility of the work by SEI technologists who staff these projects. After 114 posts, and 72,608 visits from readers of our blog, this post reflects on some highlights from the last two years and gives our readers a preview of posts to come....

Read More
Introduction to the Architecture Analysis & Design Language

Introduction to the Architecture Analysis & Design Language

• SEI Blog
Julien Delange

When a system fails, engineers too often focus on the physical components, but pay scant attention to the software. In software-reliant systems ignoring or deemphasizing the importance of software failures can be a recipe for disaster. This blog post is the first in a series on recent developments with the Architecture Analysis Design Language (AADL) standard. Future posts will explore recent tools and projects associated with AADL, which provides formal modeling concepts for the description...

Read More
Looking Ahead: The SEI Technical Strategic Plan, Part 2

Looking Ahead: The SEI Technical Strategic Plan, Part 2

• SEI Blog
Bill Scherlis

The Department of Defense (DoD) has become deeply reliant on software. As a federally funded research and development center (FFRDC), the SEI is chartered to work with the DoD to meet the challenges of designing, producing, assuring, and evolving software-reliant systems in an affordable and dependable manner. This blog post is the second in a multi-part series that describes key elements of our forthcoming Strategic Research Plan that address these challenges through research, acquisition support,...

Read More
Reflections in Software Architecture: Presentations by Jeromy Carriere & Ian Gorton

Reflections in Software Architecture: Presentations by Jeromy Carriere & Ian Gorton

• SEI Blog
Bill Pollak

It's undeniable that the field of software architecture has grown during the past 20 years. In 2010, CNN/Money magazine identified "software architect" as the most desirable job in the U.S. Since 2004, the SEI has trained people from more than 900 organizations in the principles and practices of software architecture, and more than 1,800 people have earned the SEI Software Architecture Professional certificate. It is widely recognized today that architecture serves as the blueprint for...

Read More
Looking Ahead: The SEI Technical Strategic Plan

Looking Ahead: The SEI Technical Strategic Plan

• SEI Blog
Bill Scherlis

The Department of Defense (DoD) has become deeply and fundamentally reliant on software. As a federally funded research and development center (FFRDC), the SEI is chartered to work with the DoD to meet the challenges of designing, producing, assuring, and evolving software-reliant systems in an affordable and dependable manner. This blog post--the first in a multi-part series--outlines key elements of the forthcoming SEI Strategic Research Plan that addresses these challenges through research and acquisition support...

Read More
Ultimate Architecture Enforcement: Prevent Code Violations at Code-Commit Time

Ultimate Architecture Enforcement: Prevent Code Violations at Code-Commit Time

• SEI Blog
Paulo Merson

Occasionally this blog will highlight different posts from the SEI blogosphere. Today's post by Paulo Merson, a senior member of the technical staff in the SEI's Research, Technology, and System Solutions Program, is from the SATURN Network blog. This post explores Merson's experience using Checkstyle and pre-commit hooks on Subversion to verify the conformance between code and architecture....

Read More
Reflection on 20 Years of Software Architecture: A Presentation by Robert Schwanke

Reflection on 20 Years of Software Architecture: A Presentation by Robert Schwanke

• SEI Blog
Bill Pollak

It is widely recognized today that software architecture serves as the blueprint for both the system and the project developing it, defining the work assignments that must be performed by design and implementation teams. Architecture is the primary purveyor of system quality attributes that are hard to achieve without a unifying architecture; it's also the conceptual glue that holds every phase of projects together for their many stakeholders. Last month, we presented two posting in...

Read More
Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

• SEI Blog
Bill Pollak

Last week, we presented the first posting in a series from a panel at SATURN 2012 titled "Reflections on 20 Years of Software Architecture." In her remarks on the panel summarizing the evolution of software architecture work at the SEI, Linda Northrop, director of the SEI's Research, Technology, and System Solutions (RTSS) Program, referred to the steady growth in system scale and complexity over the past two decades and the increased awareness of architecture as...

Read More
Reflections on 20 Years of Software Architecture: A Presentation by Linda Northrop

Reflections on 20 Years of Software Architecture: A Presentation by Linda Northrop

• SEI Blog
Bill Pollak

A search on the term "software architecture" on the web as it existed in 1992 yielded 88,700 results. In May, during a panel providing a 20-year retrospective on software architecture hosted at the SEI Architecture Technology User Network (SATURN) conference, moderator Rick Kazman noted that on the day of the panel discussion--May 9, 2012-- that same search yielded 2,380,000 results. This 30-fold increase stems from various factors, including the steady growth in system complexity, the...

Read More
SEI Contributes to a National Supercomputing Initiative

SEI Contributes to a National Supercomputing Initiative

• SEI Blog
Kurt Wallnau

For more than 10 years, scientists, researchers, and engineers used the TeraGrid supercomputer network funded by the National Science Foundation (NSF) to conduct advanced computational science. The SEI has joined a partnership of 17 organizations and helped develop the successor to the TeraGrid called the Extreme Science and Engineering Discovery Environment (XSEDE). This posting, which is the first in a multi-part series, describes our work on XSEDE that allows researchers open access--directly from their desktops--to...

Read More
Reducing Project Failures by Aligning Acquisition Strategy and Software Architecture with Stakeholder Needs - Second in a Series

Reducing Project Failures by Aligning Acquisition Strategy and Software Architecture with Stakeholder Needs - Second in a Series

• SEI Blog
Lisa Brownsword

Major acquisition programs increasingly rely on software to provide substantial portions of system capabilities. All too often, however, software is not considered when the early, most constraining program decisions are made. SEI researchers have identified misalignments between software architecture and system acquisition strategies that lead to program restarts, cancellations, and failures to meet important missions or business goals. This blog posting, the second installment in a two-part series, builds on the discussions in part one...

Read More
Reducing Project Failures by Aligning Acquisition Strategy and Software Architecture with Stakeholder Needs - First in a Series

Reducing Project Failures by Aligning Acquisition Strategy and Software Architecture with Stakeholder Needs - First in a Series

• SEI Blog
Lisa Brownsword

Major acquisition programs increasingly rely on software to provide substantial portions of system capabilities. Not surprisingly, therefore, software issues are driving system cost and schedule overruns. All too often, however, software is not even a consideration when the early, most constraining program decisions are made. Through analysis of troubled programs, SEI researchers have identified misalignments between software architecture and system acquisition strategies that lead to program restarts, cancellations, and failures to meet important missions or...

Read More
Strategic Management of Architectural Technical Debt

Strategic Management of Architectural Technical Debt

• SEI Blog
Douglas C. Schmidt

While agile methods have become popular in commercial software development organizations, the engineering disciplines needed to apply agility to mission-critical, software-reliant systems are not as well defined or practiced. To help bridge this gap, the SEI recently hosted the Agile Research Forum. The event brought together researchers and practitioners from around the world to discuss when and how to best apply agile methods in mission-critical environments found in government and many industries. This blog posting,...

Read More
Software Producibility for Defense

Software Producibility for Defense

• SEI Blog
Bill Scherlis

The extent of software in Department of Defense (DoD) systems has increased by more than an order of magnitude every decade. This is not just because there are more systems with more software; a similar growth pattern has been exhibited within individual, long-lived military systems. In recognition of this growing software role, the Director of Defense Research and Engineering (DDR&E, now ASD(R&E)) requested the National Research Council (NRC) to undertake a study of defense software...

Read More
The Latest Research Reports from the SEI

The Latest Research Reports from the SEI

• SEI Blog
Douglas C. Schmidt

Happy Memorial Day. As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in architecture analysis, patterns for insider threat monitoring, source code analysis and insider threat security reference architecture. This post includes a listing of each report, author(s), and links where the published reports can be...

Read More
Towards Common Operating Platform Environments, Second in a Series

Towards Common Operating Platform Environments, Second in a Series

• SEI Blog
Douglas C. Schmidt

Common operating platform environments (COPEs) are reusable software infrastructures that incorporate open standards; define portable interfaces, interoperable protocols, and data models; offer complete design disclosure; and have a modular, loosely coupled, and well-articulated software architecture that provides applications and end users with many shared capabilities. COPEs can help reduce recurring engineering costs, as well as enable developers to build better and more powerful applications atop a COPE, rather than wrestling repeatedly with tedious and error-prone...

Read More
Towards Common Operating Platform Environments

Towards Common Operating Platform Environments

• SEI Blog
Douglas C. Schmidt

Mission-critical operations in the Department of Defense (DoD) increasingly depend on complex software-reliant systems-of-systems (abbreviated as "systems" below). These systems are characterized by a rapidly growing number of connected platforms, sensors, decision nodes, and people. While facing constrained budget, expanded threat, and engineering workforce challenges, the DoD is trying to obtain greater efficiency and productivity in defense spending needed to acquire and sustain these systems. This blog posting--the first in a three-part series--motivates the need...

Read More
Rapid Lifecycle Development in an Agile Context

Rapid Lifecycle Development in an Agile Context

• SEI Blog
Robert Nord

New acquisition guidelines from the Department of Defense (DoD) aimed at reducing system lifecycle time and effort are encouraging the adoption of Agile methods. There is a general lack, however, of practical guidance on how to employ Agile methods effectively for DoD acquisition programs. This blog posting describes our research on providing software and systems architects with a decision making framework for reducing integration risk with Agile methods, thereby reducing the time and resources needed...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
Developing an Architecture-Focused Measurement Framework for Managing Technical Debt

Developing an Architecture-Focused Measurement Framework for Managing Technical Debt

• SEI Blog
Ipek Ozkaya

Managing technical debt, which refers to the rework and degraded quality resulting from overly hasty delivery of software capabilities to users, is an increasingly critical aspect of producing cost-effective, timely, and high-quality software products. A delicate balance is needed between the desire to release new software capabilities rapidly to satisfy users and the desire to practice sound software engineering that reduces rework....

Read More
A Summary of Key SEI R&D Accomplishments in 2011

A Summary of Key SEI R&D Accomplishments in 2011

• SEI Blog
Douglas C. Schmidt

A key mission of the SEI is to advance the practice of software engineering and cyber security through research and technology transition to ensure the development and operation of software-reliant Department of Defense (DoD) systems with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development (R&D) activities involving the DoD, federal agencies, industry, and academia. One of my initial blog postings summarized the new and upcoming R&D...

Read More
Using TSP to Architect a New Trading System

Using TSP to Architect a New Trading System

• SEI Blog
James McHale

This post is the second installment in a two-part series describing our recent engagement with Bursatec to create a reliable and fast new trading system for Groupo Bolsa Mexicana de Valores (BMV, the Mexican Stock Exchange). This project combined elements of the SEI's Architecture Centric Engineering (ACE) method, which requires effective use of software architecture to guide system development, with its Team Software Process (TSP), which is a team-centric approach to developing software that enables...

Read More
Developing Architecture-Centric Engineering Within TSP

Developing Architecture-Centric Engineering Within TSP

• SEI Blog
Felix Bachmann

Bursatec, the technology arm of Groupo Bolsa Mexicana de Valores (BMV, the Mexican Stock Exchange), recently embarked on a project to replace three existing trading engines with one system developed in house. Given the competitiveness of global financial markets and recent interest in Latin American economies, Bursatec needed a reliable and fast new system that could work ceaselessly throughout the day and handle sharp fluctuations in trading volume. To meet these demands, the SEI suggested...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

Happy Labor Day from all of us here at the SEI. I'd like to take advantage of this special occasion to keep you apprised of some recent technical reports and notes from the SEI. It's part of an ongoing effort to keep you informed about our latest work. These reports highlight the latest work of SEI technologists in architecting service-oriented systems, operational resilience, standards-based automated remediation, and acquisition. This post includes a listing of each...

Read More
Improving Testing Outcomes Through Software Architecture

Improving Testing Outcomes Through Software Architecture

• SEI Blog
Paul Clements

Testing plays a critical role in the development of software-reliant systems. Even with the most diligent efforts of requirements engineers, designers, and programmers, faults inevitably occur. These faults are most commonly discovered and removed by testing the system and comparing what it does to what it is supposed to do. This blog posting summarizes a method that improves testing outcomes (including efficacy and cost) in a software-reliant system by using an architectural design approach, which...

Read More
The Growing Importance of Sustaining Software for the DoD: Part 2

The Growing Importance of Sustaining Software for the DoD: Part 2

• SEI Blog
Douglas C. Schmidt

Software sustainment is growing in importance as the inventory of DoD systems continues to age and greater emphasis is placed on efficiency and productivity in defense spending. In part 1 of this series, I summarized key software sustainment challenges facing the DoD. In this blog posting, I describe some of the R&D activities conducted by the SEI to address these challenges....

Read More
The Growing Importance of Sustaining Software for the DoD: Part 1

The Growing Importance of Sustaining Software for the DoD: Part 1

• SEI Blog
Douglas C. Schmidt

Department of Defense (DoD) programs have traditionally focused on the software acquisition phase (initial procurement, development, production, and deployment) and largely discounted the software sustainment phase (operations and support) until late in the lifecycle. The costs of software sustainment are becoming too high to discount since they account for 60 to 90 percent of the total software lifecycle effort....

Read More
Lean Principles and Software Architecture: The Waste of Information Transformation

Lean Principles and Software Architecture: The Waste of Information Transformation

• SEI Blog
Nanette Brown

Occasionally this blog will highlight different posts from the SEI blogosphere. Today's post is from the SATURN Network blog by Nanette Brown, a senior member of the technical staff in the SEI's Research, Technology, and System Solutions program. This post, the third in a series on lean principles and architecture, continues the discussion on the eight types of waste identified in Lean manufacturing and how these types of waste manifst themselves in software development. The...

Read More
Lean Principles and Software Architecture: The Waste of Waiting

Lean Principles and Software Architecture: The Waste of Waiting

• SEI Blog
Nanette Brown

Occasionally this blog will highlight different posts from the SEI blogosphere. Today's post is from the SATURN Network blog by Nanette Brown, a visiting scientist in the SEI's Research, Technology, and System Solutions program. This post, the second in a series on lean principles and architecture, takes an in-depth look at the waste of waiting and how it is an important aspect of the economics of architecture decision making....

Read More
Lean Principles and Software Architecture: Categories of Waste

Lean Principles and Software Architecture: Categories of Waste

• SEI Blog
Nanette Brown

Occasionally this blog will highlight different posts from the SEI blogosphere. Today's post is from the SATURN Network blog by Nanette Brown, a visiting scientist in the SEI's Research, Technology, and System Solutions program. This post explores Categories of Waste in Lean Principles and Architecture, and takes an in-depth look at three of the eight categories of waste (defects, overproduction, and extra complexity) from the perspective of software development in general and software architecture in...

Read More
Measuring the Impact of Explicit Architecture Documentation

Measuring the Impact of Explicit Architecture Documentation

• SEI Blog
Rick Kazman

The SEI has long advocated software architecture documentation as a software engineering best practice. This type of documentation is not particularly revolutionary or different from standard practices in other engineering disciplines. For example, who would build a skyscraper without having an architect draw up plans first? The specific value of software architecture documentation, however, has never been established empirically. This blog describes a research project we are conducting to measure and understand the value of...

Read More
Enabling Agility by Strategically Managing Architectural Technical Debt

Enabling Agility by Strategically Managing Architectural Technical Debt

• SEI Blog
Ipek Ozkaya

As industry and government customers demand increasingly rapid innovation and the ability to adapt products and systems to emerging needs, the time frames for releasing new software capabilities continue to shorten. Likewise, Agile software development processes, with their emphasis on releasing new software capabilities rapidly, are increasing in popularity beyond their initial small team and project context. Practices intended to speed up the delivery of value to users, however, often result in high rework costs...

Read More
Building a Foundation for Agile (To Enable Rapid Change)

Building a Foundation for Agile (To Enable Rapid Change)

• SEI Blog
Stephany Bellomo

This is a second in a series of posts focusing on Agile software development. In the first post, "What is Agile?" we provided a short overview of the key elements of the Agile approach, and we introduced the Agile Manifesto. One of the guiding principles from the manifesto emphasizes valuing people over developing processes. While the manifesto clearly alludes to the fact that too much focus on process (and not results) can be a bad...

Read More