Technical Papers
The SEI Digital Library houses thousands of technical papers and other documents, ranging from SEI Technical Reports on groundbreaking research to conference proceedings, survey results, and source code.
Filter by
-
Security Engineering Framework (SEF): Managing Security and Resilience Risks Across the Systems Lifecycle
• Special Report
By Christopher J. Alberts, Carol Woody, Tom Merendino, Charles M. Wallen, Michael S. Bandor
The SEF is a collection of software-focused engineering practices for managing security and resilience risks across the systems lifecycle.
DOWNLOAD -
Dangers of AI for Insider Risk Evaluation (DARE)
• White Paper
By Austin Whisnant
This paper describes the challenges and pitfalls of using artificial intelligence for insider risk analysis and how to thoughtfully and efficiently use AI to find insider threats.
DOWNLOAD -
Assurance Evidence of Continuously Evolving Real-Time Systems (ASERT) Workshop 2024
• Special Report
By George Romanski (Federal Aviation Administration), John Lehoczky (Carnegie Mellon University), Hyoseung Kim (University of California, Riverside), Bjorn Andersson, Mark H. Klein, Floyd Fazi (Lockheed Martin Corporation), Dionisio de Niz, Daniel Shapiro (Institute of Defense Analysis), Jonathan Preston (Lockheed Martin Corporation), Ronald Koontz (Boeing Company)
This report summarizes the analysis of the Taiwanese flight CI202 incident from 2020 as well as ideas for future work for ASERT presented at its 2024 workshop.
DOWNLOAD -
Self-Assessment in Training and Exercise
• Technical Report
By Thomas G. Podnar, Dustin D. Updyke, John Yarger, Sean Huff
In this report, the authors introduce an approach to performance evaluation that focuses on self-assessment.
DOWNLOAD -
Counter AI: What Is It and What Can You Do About It?
• White Paper
By Matt Churilla, Nathan M. VanHoudnos, Shing-hon Lau, Lauren McIlvenny, Greg Touhill, Carol J. Smith
This paper describes counter artificial intelligence (AI) and provides recommendations on what can be done about it.
DOWNLOAD -
Terrain in Cyberspace Operations—Terminology
• White Paper
By Nathaniel Richmond, Vincent LaPiana
This paper defines several terms used to describe cyber operations and how they relate to other terms important to military operations and mission planning.
DOWNLOAD -
Lessons Learned in Coordinated Disclosure for Artificial Intelligence and Machine Learning Systems
• White Paper
By Allen D. Householder, Nathan M. VanHoudnos, Lauren McIlvenny, Shing-hon Lau, Lena Pons, Matt Churilla, Jeff Havrilla, Vijay S. Sarvepalli, Andrew Kompanek
In this paper, the authors describe lessons learned from coordinating AI and ML vulnerabilities at the SEI's CERT/CC.
DOWNLOAD -
Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection
• Technical Report
By Tom Scanlon, Clarence Worrell, Matthew Walsh
This report examines the feasibility and usefulness of implementing AI and ML in cyber defense with a particular focus on advanced persistent threats (APTs).
DOWNLOAD -
On the Design, Development, and Testing of Modern APIs
• White Paper
By Alex Vesey, Alejandro Gomez
This white paper discusses the design, desired qualities, development, testing, support, and security of modern application programming interfaces (APIs).
DOWNLOAD -
A Model Problem for Assurance Research: An Autonomous Humanitarian Mission Scenario
• Technical Note
By Anton Hristozov, Mark H. Klein, John E. Robert, Gabriel Moreno
This report describes a model problem to support research in large-scale assurance.
DOWNLOAD -
Application Programming Interface (API) Vulnerabilities and Risks
• Special Report
By McKinley Sconiers-Hasan
This report describes 11 common vulnerabilities and 3 risks related to application programming interfaces, providing suggestions about how to fix or reduce their impact.
DOWNLOAD -
Software Bill of Materials (SBOM) Considerations for Operational Test & Evaluation Activities
• White Paper
By Michael S. Bandor
This white paper looks at the background and history of SBOMs as well as the general questions and challenges for use with Operational Test & Evaluation activities.
DOWNLOAD -
Reachability of System Operation Modes in AADL
• Technical Report
By Lutz Wrage
This report presents an algorithm that constructs the set of reachable SOMs for a given AADL model and the transitions between them.
DOWNLOAD -
Explainable Verification: Survey, Situations, and New Ideas
• White Paper
By Bjorn Andersson, Mark H. Klein, Dionisio de Niz
This report focuses on potential changes in software development practice and research that would help tools used for formal methods explain their output, making software practitioners more likely to trust …
DOWNLOAD -
Zero Trust Industry Days 2024: Request for Information (RFI)
• White Paper
By The Software Engineering Institute
This request for information (RFI) was created for Zero Trust Industry Days 2024, where developers presented zero trust solutions, shared information, and discussed alternatives.
DOWNLOAD -
Zero Trust Industry Days 2024 Scenario: Secluded Semiconductors, Inc.
• White Paper
By Rhonda Brown
This scenario guides discussions of solutions submitted to address the challenges of implementing zero trust.
DOWNLOAD -
Considerations for Evaluating Large Language Models for Cybersecurity Tasks
• White Paper
By Girish Sastry (OpenAI), Joel Parish (OpenAI), Samuel J. Perl, Shing-hon Lau, Jeff Gennari
In this paper, researchers from the SEI and OpenAI explore the opportunities and risks associated with using large language models (LLMs) for cybersecurity tasks.
DOWNLOAD -
Navigating Capability-Based Planning: The Benefits, Challenges, and Implementation Essentials
• White Paper
By Anandi Hira, Bill Nichols
Based on industry and government sources, this paper summarizes the benefits and challenges of implementing Capability-Based Planning (CBP).
DOWNLOAD -
Encoding Verification Arguments to Analyze High-Level Design Certification Claims: Experiment Zero (E0)
• White Paper
By Daniel Shapiro (Institute of Defense Analysis), Ronald Koontz (Boeing Company), Gordon Putsche (The Boeing Company), David Tate (Institute of Defense Analysis), Douglas Schmidt (Vanderbilt University), Floyd Fazi (Lockheed Martin Corporation), Jonathan Preston (Lockheed Martin Corporation), George Romanski (Federal Aviation Administration), Hyoseung Kim (University of California, Riverside), John Lehoczky (Carnegie Mellon University), Mark H. Klein, Bjorn Andersson, Dionisio de Niz
This paper discusses whether automation of certification arguments can identify problems that occur in real systems.
DOWNLOAD -
The Measurement Challenges in Software Assurance and Supply Chain Risk Management
• White Paper
By Scott Hissam, Carol Woody, Nancy R. Mead
This paper recommends an approach for developing and evaluating cybersecurity metrics for open source and other software in the supply chain.
DOWNLOAD -
Report to the Congressional Defense Committees on National Defense Authorization Act (NDAA) for Fiscal Year 2022 Section 835 Independent Study on Technical Debt in Software-Intensive Systems
• Technical Report
By Brigid O'Hearn, Ipek Ozkaya, Julie B. Cohen, Forrest Shull
This independent study of technical debt in software-intensive systems was sent to Congress in December 2023 to satisfy the requirements of NDAA Section 835.
DOWNLOAD -
Assessing Opportunities for LLMs in Software Engineering and Acquisition
• White Paper
By Ipek Ozkaya, Stephany Bellomo, Shen Zhang, James Ivers, Julie B. Cohen
This white paper examines how decision makers, such as technical leads and program managers, can assess the fitness of large language models (LLMs) to address software engineering and acquisition needs.
DOWNLOAD -
Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk (Expanded Set of Practices)
• Technical Note
By Christopher J. Alberts, Charles M. Wallen, Carol Woody, Michael S. Bandor
This framework of practices helps programs coordinate their management of engineering and supply chain risks across the systems lifecycle.
DOWNLOAD -
Simulating Realistic Human Activity Using Large Language Model Directives
• Technical Report
By Sean Huff, Thomas G. Podnar, Dustin D. Updyke
The authors explore how activities generated from the GHOSTS Framework’s NPC client compare to activities produced by GHOSTS’ default behavior and LLMs.
DOWNLOAD -
Why Your Software Cost Estimates Change Over Time and How DevSecOps Data Can Help Reduce Cost Risk
• White Paper
By Julie B. Cohen
Early software cost estimates are often off by over 40%; this paper discusses how programs must continually update estimates as more information becomes available.
DOWNLOAD -
A Retrospective in Engineering Large Language Models for National Security
• White Paper
By William Nichols, Shannon Gallagher, Andrew O. Mellinger, Jasmine Ratchford, Nick Winski, Tyler Brooks, Eric Heim, Nathan M. VanHoudnos, Swati Rallapalli, Bryan Brown, Angelique McDowell, Hollen Barmer
This document discusses the findings, recommendations, and lessons learned from engineering a large language model for national security use cases.
DOWNLOAD -
U.S. Leadership in Software Engineering and AI Engineering
• White Paper
By Ipek Ozkaya, John E. Robert, Erin Harper, Anita Carleton, Forrest Shull, Douglas Schmidt (Vanderbilt University)
A joint SEI/NITRD workshop will advance U.S. national interests through software and AI engineering and accelerate progress across virtually all scientific domains.
DOWNLOAD -
A Holistic View of Architecture Definition, Evolution, and Analysis
• Technical Report
By James Ivers, Sebastián Echeverría, Rick Kazman
This report focuses on performing architectural decisions and architectural analysis, spanning multiple quality attributes, in a sustainable and ongoing way.
DOWNLOAD -
Emerging Technologies: Seven Themes Changing the Future of Software in the DoD
• White Paper
By Michael Abad-Santos, Shen Zhang, Scott Hissam
This report summarizes the SEI's Emerging Technologies Study (ETS) and identifies seven emerging technologies to watch in software engineering practices and technology.
DOWNLOAD -
Demonstrating the Practical Utility and Limitations of ChatGPT Through Case Studies
• White Paper
By Matthew Walsh, Dominic A. Ross, Clarence Worrell, Alejandro Gomez
In this study, SEI researchers conducted four case studies using GPT-3.5 to assess the practical utility of large language models such as ChatGPT.
DOWNLOAD -
Software Excellence Through the Agile High Velocity Development℠ Process
• Technical Report
By Barti K. Perini (Ishpi Information Technologies, Inc.), Stephen Shook (Ishpi Information Technologies, Inc.)
The High Velocity Development℠ process earned Ishpi Information Technologies, Inc. the 2023 Watts Humphrey Software Quality Award.
DOWNLOAD -
Coding the Future: Recommendations for Defense Software R&D
• White Paper
By None
This report outlines the key recommendations from the November 2022 workshop "Software as a Modernization Priority."
DOWNLOAD -
Engineering of Edge Software Systems: A Report from the November 2022 SEI Workshop on Software Systems at the Edge
• White Paper
By Grace Lewis, Ipek Ozkaya, Kevin A. Pitstick
Based on a workshop with thought leaders in the field, this report identifies recommended areas of focus for engineering software systems at the edge.
DOWNLOAD -
Software Bill of Materials Framework: Leveraging SBOMs for Risk Reduction
• White Paper
By Christopher J. Alberts, Charles M. Wallen, Michael S. Bandor, Carol Woody
This paper is a Software Bill of Materials (SBOM) Framework that is a starting point for expanding the use of SBOMs for managing software and systems risk.
DOWNLOAD -
Generative AI: Key Opportunities and Research Challenges
• White Paper
By None
This 2023 workshop report identifies DoD use cases for generative AI and discusses meeting challenges and needs such as investing in guardrails and responsible AI amid a race to capability.
DOWNLOAD -
Securing UEFI: An Underpinning Technology for Computing
• White Paper
By Vijay S. Sarvepalli
This paper highlights the technical efforts to secure the UEFI-based firmware that serves as a foundational piece of modern computing environments.
DOWNLOAD -
Using Model-Based Systems Engineering (MBSE) to Assure a DevSecOps Pipeline is Sufficiently Secure
• Technical Report
By Timothy A. Chick, Nataliya Shevchenko, Scott Pavetti
This report describes how analysts can use a model-based systems engineering (MBSE) approach to detect and mitigate cybersecurity risks to a DevSecOps pipeline.
DOWNLOAD -
A Strategy for Component Product Lines: Report 2: Specification Modeling for Components in a Component Product Line
• Special Report
By John McGregor, John J. Hudak, Sholom G. Cohen
This report introduces the “model chain” concept for specifying a component product line and realizing architecture requirements through the creation–evolution process.
DOWNLOAD -
A Strategy for Component Product Lines: Report 3: Component Product Line Governance
• Special Report
By Alfred Schenker, Sholom G. Cohen
This report provides guidance for the community involved with developing and sustaining product lines of components used by the U.S. government.
DOWNLOAD -
Program Managers—The DevSecOps Pipeline Can Provide Actionable Data
• White Paper
By Julie B. Cohen, Bill Nichols
This paper describes the Automated Continuous Estimation for a Pipeline of Pipelines research project, which automates data collection to track program progress.
DOWNLOAD -
Zero Trust Industry Day 2022: Areas of Future Research
• White Paper
By Matthew Nicolai, Timothy Morrow, Trista Polaski
This paper describes the future research discussed at the 2022 Zero Trust Industry Day event.
DOWNLOAD -
Industry Best Practices for Zero Trust Architecture
• White Paper
By Timothy Morrow, Matthew Nicolai, Nathaniel Richmond
This paper describes best practices identified during the SEI’s Zero Trust Industry Day 2022, and provides ways to help organizations shift to zero trust.
DOWNLOAD -
A Strategy for Component Product Lines: Report 1: Scoping, Objectives, and Rationale
• Special Report
By Sholom G. Cohen, John J. Hudak, John McGregor, Gabriel Moreno, Alfred Schenker
This report establishes a Component Product Line Strategy to address problems in systematically reusing and integrating components built to conform to component specification models.
DOWNLOAD -
Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk
• Technical Note
By Michael S. Bandor, Carol Woody, Charles M. Wallen, Christopher J. Alberts
This report provides an overview of the Acquisition Security Framework (ASF), a description of the practices developed thus far, and a plan for completing the ASF body of work.
DOWNLOAD -
Zero Trust Industry Day Experience Paper
• White Paper
By Mary Popeck, Rhonda Brown, Timothy Morrow
This paper describes the results of the 2022 Zero Trust Industry Day event.
DOWNLOAD -
Challenge Development Guidelines for Cybersecurity Competitions
• Technical Report
By Jarrett Booz, Josh Hammerstein, Leena Arora, Matt Kaar, Joseph Vessella, Dennis M. Allen
This paper draws on the SEI’s experience to provide general-purpose guidelines and best practices for developing effective cybersecurity challenges.
DOWNLOAD -
Acquisition Security Framework (ASF): An Acquisition and Supplier Perspective on Managing Software-Intensive Systems’ Cybersecurity Risk
• White Paper
By Carol Woody, Charles M. Wallen, Michael S. Bandor, Christopher J. Alberts
The Acquisition Security Framework (ASF) contains practices that support programs acquiring/building a secure, resilient software-reliant system to manage risks.
DOWNLOAD -
Designing Vultron: A Protocol for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)
• Special Report
By Allen D. Householder
This report proposes a formal protocol specification for MPCVD to improve the interoperability of both CVD and MPCVD processes.
DOWNLOAD -
Common Sense Guide to Mitigating Insider Threats, Seventh Edition
• Technical Report
By None
The guide describes 22 best practices for mitigating insider threat based on the CERT Division's continued research and analysis of more than 3,000 insider threat cases.
DOWNLOAD -
Coordinated Vulnerability Disclosure User Stories
• White Paper
By Jonathan Spring, Laurie Tyzenhaus, Timur D. Snoke, Vijay S. Sarvepalli, Charles G. Yarbrough, Brad Runyon, Eric Hatleback, Allen D. Householder, Art Manion
This paper provides user stories to guide the development of a technical protocol and application programming interface for Coordinated Vulnerability Disclosure.
DOWNLOAD -
LLVM Intermediate Representation for Code Weakness Identification
• White Paper
By David Svoboda, William Klieber, Shannon Gallagher
This paper examines whether intermediate representation used in Large Language Models can be useful to indicate the presence of software vulnerabilities.
DOWNLOAD -
Digital Engineering Effectiveness
• White Paper
By Alfred Schenker, Bill Nichols, Tyler Smith (Adventium Labs, Inc.)
This paper explores the reluctance of developers of cyber-physical systems to embrace digital engineering (DE), how DE methods should be tailored to achieve their stakeholders' goals, and how to measure …
DOWNLOAD -
A Brief Introduction to the Evaluation of Learned Models for Aerial Object Detection
• White Paper
By Eric Heim
The SEI AI Division assembled guidance on the design, production, and evaluation of machine-learning models for aerial object detection.
DOWNLOAD -
Guidance for Tailoring DoD Request for Proposals (RFPs) to Include Modeling
• Special Report
By Robert Wojcik, Tom Merendino, Julie B. Cohen
This report provides guidance for government program offices that are including digital engineering/modeling requirements into a request for proposal.
DOWNLOAD -
Modeling to Support DoD Acquisition Lifecycle Events (Version 1.4)
• White Paper
By Robert Wojcik, Tom Merendino, Julie B. Cohen
This document provides suggestions for producing requirement, system, and software models that will be used to support various DoD system acquisition lifecycle events.
DOWNLOAD -
Extensibility
• Technical Report
By Rick Kazman, James Ivers, Sebastián Echeverría
This report summarizes how to systematically analyze a software architecture with respect to a quality attribute requirement for extensibility.
DOWNLOAD -
TwinOps: Digital Twins Meets DevOps
• Technical Report
By John J. Hudak, Anton Hristozov, Joe Yankel, Jerome Hugues
This report describes ModDevOps, an approach that bridges model-based engineering and software engineering using DevOps concepts and code generation from models, and TwinOps, a specific ModDevOps pipeline.
DOWNLOAD -
Robustness
• Technical Report
By Rick Kazman, Sebastián Echeverría, Philip Bianco, James Ivers
This report summarizes how to systematically analyze a software architecture with respect to a quality attribute requirement for robustness.
DOWNLOAD -
An Analysis of How Many Undiscovered Vulnerabilities Remain in Information Systems
• White Paper
By Jonathan Spring
This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing.
DOWNLOAD -
Using XML to Exchange Floating Point Data
• White Paper
By John Klein
This paper explains issues of using XML to exchange floating point values, how to address them, and the limits of technology to enforce a correct implementation.
DOWNLOAD -
Using Machine Learning to Increase NPC Fidelity
• Technical Report
By Dustin D. Updyke, John Yarger, Geoffrey B. Dobson, Thomas G. Podnar
The authors describe how they used machine learning (ML) modeling to create decision-making preferences for non-player characters (NPCs).
DOWNLOAD -
A Prototype Set of Cloud Adoption Risk Factors
• White Paper
By Christopher J. Alberts
Alberts discusses the results of a study to identify a prototype set of risk factors for adopting cloud technologies.
DOWNLOAD -
Cloud Security Best Practices Derived from Mission Thread Analysis
• Technical Report
By Nathaniel Richmond, Angel Luis Hueca, Donald Faatz, Vincent LaPiana, Timothy Morrow
This report presents practices for secure, effective use of cloud computing and risk reduction in transitioning applications and data to the cloud, and considers the needs of limited-resource businesses.
DOWNLOAD -
Accenture: An Automation Maturity Journey
• Technical Report
By Rajendra T. Prasad (Accenture)
This paper describes work in the area of automation that netted Accenture the 2020 Watts Humphrey Software Process Achievement Award.
DOWNLOAD -
Experiences with Deploying Mothra in Amazon Web Services (AWS)
• Technical Report
By Daniel Ruef, John Stogoski, Brad Powell
The authors describe development of an at-scale prototype of an on-premises system to test the performance of Mothra in the cloud and provide recommendations for similar deployments.
DOWNLOAD -
Planning and Design Considerations for Data Centers
• Technical Note
By Lyndsi A. Hughes, Mark Kasunic, David Sweeney
This report shares important lessons learned from establishing small- to mid-size data centers.
DOWNLOAD -
Integrating Zero Trust and DevSecOps
• White Paper
By Carol Woody, Geoff Sanders, Timothy Morrow, Nathaniel Richmond
This paper discusses the interdependent strategies of zero trust and DevSecOps in the context of application development.
DOWNLOAD -
A State-Based Model for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)
• Special Report
By Jonathan Spring, Allen D. Householder
This report discusses performance indicators that stakeholders in Coordinated Vulnerability Disclosure (CVD) can use to measure its effectiveness.
DOWNLOAD -
Human-Centered AI
• White Paper
By Carol J. Smith, Hollen Barmer, Rachel Dzombak, Matt Gaston, Jay Palat, Frank Redner, Tanisha Smith
This white paper discusses Human-Centered AI: systems that are designed to work with, and for, people.
DOWNLOAD -
Robust and Secure AI
• White Paper
By Hollen Barmer, Rachel Dzombak, Matt Gaston, Eric Heim, Jay Palat, Nathan M. VanHoudnos, Tanisha Smith, Frank Redner
This white paper discusses Robust and Secure AI systems: AI systems that reliably operate at expected levels of performance, even when faced with uncertainty and in the presence of danger …
DOWNLOAD -
Scalable AI
• White Paper
By Tanisha Smith, John Wohlbier, Hollen Barmer, Rachel Dzombak, Matt Gaston, Jay Palat, Frank Redner
This white paper discusses Scalable AI: the ability of AI algorithms, data, models, and infrastructure to operate at the size, speed, and complexity required for the mission.
DOWNLOAD -
The Sector CSIRT Framework: Developing Sector-Based Incident Response Capabilities
• Technical Report
By David McIntire, Justin Novak, Brittany Manley, Tracy Bills, Angel Luis Hueca, Sharon Mudd
This framework guides the development and implementation of a sector CSIRT.
DOWNLOAD -
Foundation of Cyber Ranges
• Technical Report
By Thomas G. Podnar, Bill Reed, Dustin D. Updyke, Geoffrey B. Dobson
This report details the design considerations and execution plan for building high-fidelity, realistic virtual cyber ranges that deliver maximum training and exercise value for cyberwarfare participants.
DOWNLOAD -
Software Assurance Guidance and Evaluation (SAGE) Tool
• White Paper
By Luiz Antunes, Hasan Yasar, Ebonie McNeil, Robert Schiela
The Software Assurance Guidance and Evaluation (SAGE) tool helps an organization assess the security of its systems development and operations practices.
DOWNLOAD -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)
• White Paper
By Laurie Tyzenhaus, Vijay S. Sarvepalli, Madison Oliver, Art Manion, Eric Hatleback, Allen D. Householder, Jonathan Spring, Charles G. Yarbrough
This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System …
DOWNLOAD -
Modeling and Validating Security and Confidentiality in System Architectures
• Technical Report
By Aaron Greenhouse, Jörgen Hansson (University of Skovde), Lutz Wrage
This report presents an approach for modeling and validating confidentiality using the Bell–LaPadula security model and the Architecture Analysis & Design Language.
DOWNLOAD -
The Processes of Insider Threat Analysis
• White Paper
By Robert M. Ditmore, Angela Horneman, Derrick Spooner
In this paper, the authors explore insider threat analytical techniques, applications, and use cases to select the most effective methods for analysis and reduction of insider risk.
DOWNLOAD -
Overview of Practices and Processes of the CMMC 1.0 Assessment Guides (CMMC 1.0)
• White Paper
By Douglas Gardner
This document is intended to help anyone unfamiliar with cybersecurity standards get started with the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC).
DOWNLOAD -
Zero Trust: Risks and Research Opportunities
• White Paper
By Timothy Morrow, Geoff Sanders
This paper describes a zero trust vignette and three mission threads that highlight risks and research areas to consider for zero trust environments.
DOWNLOAD -
Artificial Intelligence (AI) and Machine Learning (ML) Acquisition and Policy Implications
• White Paper
By William E. Novak
This paper reports on a high-level survey of a set of both actual and potential acquisition and policy implications of the use of Artificial Intelligence (AI) and Machine Learning (ML) …
DOWNLOAD -
Developing Insider Risk Metrics from Host-Based Monitoring
• White Paper
By Daniel L. Costa, Carrie Gardner, Michael J. Albrethsen
In this paper, the authors define standard host-based monitoring capabilities, identify related insider threat indicators, and discuss host-based monitoring for insider risk measurement and associated challenges.
DOWNLOAD -
Insider Threat Indicator Cost Matrix
• White Paper
By Derrick Spooner, Robert M. Ditmore, Carrie Gardner
In this paper, the authors explain how data transformation mappings are used to refine which analytics apply to which transform.
DOWNLOAD -
Security Engineering Risk Analysis (SERA) Threat Archetypes
• White Paper
By Carol Woody, Christopher J. Alberts
This report examines the concept of threat archetypes and how analysts can use them during scenario development.
DOWNLOAD -
Loss Magnitude Estimation in Support of Business Impact Analysis
• Technical Report
By Daniel J. Kambic, Brett Tucker, Andrew P. Moore, David Tobar
The authors describe a project to develop an estimation method that yields greater confidence in and improved ranges for estimates of potential cyber loss magnitude.
DOWNLOAD -
Emerging Technologies 2020: Six Areas of Opportunity
• White Paper
By None
This study seeks to understand what the software engineering community perceives to be key emerging technologies. The six technologies described hold great promise and, in some cases, have already attracted …
DOWNLOAD -
Maintainability
• Technical Report
By John Klein, Philip Bianco, Rick Kazman, James Ivers
This report summarizes how to systematically analyze a software architecture with respect to a quality attribute requirement for maintainability.
DOWNLOAD -
Advancing Risk Management Capability Using the OCTAVE FORTE Process
• Technical Note
By Brett Tucker
OCTAVE FORTE is a process model that helps organizations evaluate their security risks and use ERM principles to bridge the gap between executives and practitioners.
DOWNLOAD -
Analytic Capabilities for Improved Software Program Management
• White Paper
By David Zubrow, Christopher Miller
This white paper describes an update to the SEI Quantifying Uncertainty in Early Lifecycle Cost Estimation approach.
DOWNLOAD -
AI Engineering for Defense and National Security: A Report from the October 2019 Community of Interest Workshop
• Special Report
By None
Based on a workshop with thought leaders in the field, this report identifies recommended areas of focus for AI Engineering for Defense and National Security.
DOWNLOAD -
Aggregate Indicator Measurement Method Characterization
• White Paper
By CERT Insider Threat Center
In this paper, the authors characterize the primary methods for measuring the probability of insider attack by aggregating insider threat indicators.
DOWNLOAD -
NICE Framework Cybersecurity Evaluator
• White Paper
By Christopher Herr
This cybersecurity evaluator is designed to assess members of the cyber workforce within the scope of the NICE Cybersecurity Workforce Framework.
DOWNLOAD -
Current Ransomware Threats
• White Paper
By Kyle O'Meara, Marisa Midler
This report by Marisa Midler, Kyle O'Meara, and Alexandra Parisi discusses ransomware, including an explanation of its design, distribution, execution, and business model.
DOWNLOAD -
An Updated Framework of Defenses Against Ransomware
• White Paper
By Timur D. Snoke, Timothy J. Shimeall
This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.
DOWNLOAD -
Historical Analysis of Exploit Availability Timelines
• White Paper
By David Warren, Jeff Chrabaszcz (Govini), Allen D. Householder, Trent Novelly, Jonathan Spring
This paper analyzes when and how known exploits become associated with the vulnerabilities that made them possible.
DOWNLOAD -
Architecture Evaluation for Universal Command and Control
• White Paper
By Jason Popowski, Reed Little, Patrick Donohoe, Philip Bianco, Harry L. Levinson, John Klein
The SEI developed an analysis method to assess function allocations in existing C2 systems and reason about design choices and tradeoffs during the design of new C2 systems.
DOWNLOAD -
A Risk Management Perspective for AI Engineering
• White Paper
By Brett Tucker
This paper describes several steps of OCTAVE FORTE in the context of adopting AI technology.
DOWNLOAD -
Attack Surface Analysis - Reduce System and Organizational Risk
• White Paper
By Carol Woody, Robert J. Ellison
This paper offers system defenders an overview of how threat modeling can provide a systematic way to identify potential threats and prioritize mitigations.
DOWNLOAD -
Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments
• Technical Report
By Patrick R. Place, Peter Capell, David James Shepard, Suzanne Miller, Jose A. Morales, Richard Turner
This Technical Report provides guidance to projects interested in implementing DevSecOps (DSO) in defense or other highly regulated environments, including those involving systems of systems.
DOWNLOAD -
Integrability
• Technical Report
By Rick Kazman, John Klein, James Ivers, Philip Bianco
This report summarizes how to systematically analyze a software architecture with respect to a quality attribute requirement for integrability.
DOWNLOAD -
Comments on NISTIR 8269 (A Taxonomy and Terminology of Adversarial Machine Learning)
• White Paper
By April Galyardt, Jonathan Spring, Nathan M. VanHoudnos
Feedback to the U.S. National Institute of Standards and Technology (NIST) about NIST IR 8269, a draft report detailing the proposed taxonomy and terminology of Adversarial Machine Learning (AML).
DOWNLOAD -
Penetration Tests Are The Check Engine Light On Your Security Operations
• White Paper
By Allen D. Householder, Dan J. Klinedinst
A penetration test serves as a lagging indicator of a network security operations problem. Organizations should implement and document several security controls before a penetration test can be useful.
DOWNLOAD -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization
• White Paper
By Jonathan Spring, Deana Shick, Art Manion, Allen D. Householder, Eric Hatleback
This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
DOWNLOAD -
Architecture Centric Virtual Integration Process (ACVIP): A Key Component of the DoD Digital Engineering Strategy
• White Paper
By Bruce Lewis (U.S. Army AMCOM), Alex Boydston (U.S. Army ADD/JMR), Peter H. Feiler, Steve Vestal (Honeywell Technology Center)
ACVIP is a compositional, architecture-centric, model-based approach enabling virtual integration analysis in the early phases and throughout the lifecycle to detect and remove defects that currently are not found until …
DOWNLOAD -
AI Engineering: 11 Foundational Practices
• White Paper
By None
These recommendations help organizations that are beginning to build, acquire, and integrate artificial intelligence capabilities into business and mission systems.
DOWNLOAD -
Machine Learning in Cybersecurity: A Guide
• Technical Report
By Ed Stoner, Jonathan Spring, Joshua Fallon, April Galyardt, Angela Horneman, Leigh B. Metcalf
This report suggests seven key questions that managers and decision makers should ask about machine learning tools to effectively use those tools to solve cybersecurity problems.
DOWNLOAD -
Operational Test & Evaluation (OT&E) Roadmap for Cloud-Based Systems
• White Paper
By John Klein, Christopher J. Alberts, Carol Woody, Charles M. Wallen
This paper provides an overview of the preparation and work that the AEC needs to perform to successfully transition the Army to cloud computing.
DOWNLOAD -
IEEE Computer Society/Software Engineering Institute Watts S. Humphrey Software Process Achievement Award 2018: U.S. Army Combat Capabilities Development Command Armaments Center, Fire Control Systems and Technology Directorate
• Technical Report
By Victor A. Elias (U.S. Army CCDC Armaments Center, Fire Control Systems and Technology Directorate)
This report presents a systemic approach to software development process improvement and its impact for the U.S. Army Combat Capabilities Development Command Armaments Center, Fire Control Systems and Technology Directorate …
DOWNLOAD -
Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud
• Technical Report
By Donald Faatz, Kelwyn Pender, Timothy Morrow, Carrie Lee (U.S. Department of Veteran Affairs)
This report, updated in October 2020, examines the changes to risks, threats, and vulnerabilities when applications are deployed to cloud services.
DOWNLOAD -
Automatically Detecting Technical Debt Discussions
• White Paper
By Ipek Ozkaya, Raghvinder Sangwan, Robert Nord, Zachary Kurtz
This study introduces (1) a dataset of expert labels of technical debt in developer comments and (2) a classifier trained on those labels.
DOWNLOAD -
Multi-Method Modeling and Analysis of the Cybersecurity Vulnerability Management Ecosystem
• White Paper
By Andrew P. Moore, Allen D. Householder
This paper presents modeling and analysis of two critical foundational processes of the cybersecurity vulnerability management ecosystem using a combination of system dynamics and agent-based modeling techniques.
DOWNLOAD -
SCAIFE API Definition Beta Version 0.0.2 for Developers
• White Paper
By Lori Flynn, Ebonie McNeil
This paper provides the SCAIFE API definition for beta version 0.0.2. SCAIFE is an architecture that supports static analysis alert classification and prioritization.
DOWNLOAD -
Creating xBD: A Dataset for Assessing Building Damage from Satellite Imagery
• White Paper
By None
We present a preliminary report for xBD, a new large-scale dataset for the advancement of change detection and building damage assessment for humanitarian assistance and disaster recovery research.
DOWNLOAD -
Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe
• Technical Report
By David Svoboda, Zachary Kurtz, Jiyeon Lee (Carnegie Mellon University), Ebonie McNeil, Lori Flynn, Derek Leung
This report summarizes progress and plans for developing a system to perform automated classification and advanced prioritization of static analysis alerts.
DOWNLOAD -
Cybersecurity Career Paths and Progression
• White Paper
By Dennis M. Allen, Nicholas Giruzzi, Melissa Burns, Marie Baker
This paper explores the current state of cybersecurity careers, from the importance of early exposure, to methods of entry into the field, to career progression.
DOWNLOAD -
Cybersecurity Talent Identification and Assessment
• White Paper
By Christopher Herr, Dennis M. Allen, Marie Baker
To help fill cybersecurity roles, this paper explores how organizations identify talent, discusses assessment capabilities, and provides recommendations on recruitment and talent evaluations.
DOWNLOAD -
Cybersecurity Careers of the Future
• White Paper
By Dennis M. Allen
Using workforce data analysis, this paper identifies key cybersecurity skills the workforce needs to close the cybersecurity workforce gap.
DOWNLOAD -
A Targeted Improvement Plan for Service Continuity
• Technical Note
By Andrew F. Hoover, Gavin Jurecko, Jeffrey Pinckard, Robert A. Vrtis, Philip A. Scolieri
Describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its service continuity management.
DOWNLOAD -
Exploring the Use of Metrics for Software Assurance
• Technical Note
By Carol Woody, Charlie Ryan, Robert J. Ellison
This report proposes measurements for each Software Assurance Framework (SAF) practice that a program can select to monitor and manage the progress it's making toward software assurance.
DOWNLOAD -
Common Sense Guide to Mitigating Insider Threats, Sixth Edition
• Technical Report
By Daniel L. Costa, Michael C. Theis, Randall F. Trzeciak, Andrew P. Moore, Sarah Miller, Tracy Cassidy, William R. Claycomb
The guide presents recommendations for mitigating insider threat based on the CERT Division's continued research and analysis of more than 1,500 insider threat cases.
DOWNLOAD -
An Approach for Integrating the Security Engineering Risk Analysis (SERA) Method with Threat Modeling
• White Paper
By Carol Woody, Christopher J. Alberts
This report examines how cybersecurity data generated by a threat modeling method can be integrated into a mission assurance context using the SERA Method.
DOWNLOAD -
Infrastructure as Code: Final Report
• White Paper
By John Klein, Doug Reynolds
This project explored the feasibility of infrastructure as code, developed prototype tools, populated a model of the deployment architecture, and automatically generated IaC scripts from the model.
DOWNLOAD -
Incident Management Capability Assessment
• Technical Report
By Robin Ruefle, Audrey J. Dorofee, Pennie Walters, Carly L. Huth, Christopher J. Alberts, David McIntire, Mark Zajicek, Samuel J. Perl
The capabilities presented in this report provide a benchmark of incident management practices.
DOWNLOAD -
Program Manager's Guidebook for Software Assurance
• Special Report
By Carol Woody, Timothy A. Chick, Kenneth Nidiffer
This guidebook helps program managers address the software assurance responsibilities critical in defending software-intensive systems, including mission threads and cybersecurity.
DOWNLOAD -
DoD Developer’s Guidebook for Software Assurance
• Special Report
By Tom Scanlon, Bill Nichols
This guidebook helps software developers for DoD programs understand expectations for software assurance and standards and requirements that affect assurance.
DOWNLOAD -
Towards Improving CVSS
• White Paper
By Deana Shick, Jonathan Spring, Eric Hatleback, Allen D. Householder, Art Manion
This paper outlines challenges with the Common Vulnerability Scoring System (CVSS).
DOWNLOAD -
GHOSTS in the Machine: A Framework for Cyber-Warfare Exercise NPC Simulation
• Technical Report
By Luke J. Osterritter, Adam D. Cerini, Benjamin L. Earl, Thomas G. Podnar, Geoffrey B. Dobson, Dustin D. Updyke
This report outlines how the GHOSTS (General HOSTS) framework helps create realism in cyber-warfare simulations and discusses how it was used in a case study.
DOWNLOAD -
Composing Effective Software Security Assurance Workflows
• Technical Report
By David Sweeney, Aaron Volkmann, Bill Nichols, Jim McHale, William Snavely
In an effort to determine how to make secure software development more cost effective, the SEI conducted a research study to empirically measure the effects that security tools—primarily automated static …
DOWNLOAD -
FedCLASS: A Case Study of Agile and Lean Practices in the Federal Government
• Special Report
By Tamara Marshall-Keim, Linda Parker Gates, Nanette Brown, Jeff Davenport
This study reports the successes and challenges of using Agile and Lean methods and cloud-based technologies in a government software development environment.
DOWNLOAD -
Threat Modeling for Cyber-Physical System-of-Systems: Methods Evaluation
• White Paper
By Nataliya Shevchenko, Carol Woody, Brent Frye
This paper compares threat modeling methods for cyber-physical systems and recommends which methods (and combinations of methods) to use.
DOWNLOAD -
Software Architecture Publications
• White Paper
By None
The SEI compiled this bibliography of publications about software architecture as a resource for information about system architecture throughout its lifecycle.
DOWNLOAD -
Practical Precise Taint-flow Static Analysis for Android App Sets
• White Paper
By William Snavely, Lori Flynn, William Klieber, Michael Zheng
This paper describes how to detect taint flow in Android app sets with a static analysis method that is fast and uses little disk and memory space.
DOWNLOAD -
Threat Modeling: A Summary of Available Methods
• White Paper
By Tom Scanlon, Timothy A. Chick, Nataliya Shevchenko, Paige O'Riordan, Carol Woody
This paper discusses twelve threat modeling methods from a variety of sources that target different parts of the development process.
DOWNLOAD -
Navigating the Insider Threat Tool Landscape: Low-Cost Technical Solutions to Jump-Start an Insider Threat Program
• White Paper
By George Silowash, Michael J. Albrethsen, Daniel L. Costa, Derrick Spooner
This paper explores low cost technical solutions that can help organizations prevent, detect, and respond to insider incidents.
DOWNLOAD -
Blacklist Ecosystem Analysis: July - December 2017
• White Paper
By Leigh B. Metcalf, Eric Hatleback
This short report provides a summary of the various analyses of the blacklist ecosystem performed from July 1, 2017, through December 31, 2017.
DOWNLOAD -
ROI Analysis of the System Architecture Virtual Integration Initiative
• Technical Report
By Jörgen Hansson (University of Skovde), Steve Helton (The Boeing Company), Peter H. Feiler
This report presents an analysis of the economic effects of the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft compared to existing development paradigms.
DOWNLOAD -
Implementing DevOps Practices in Highly Regulated Environments
• White Paper
By Aaron Volkmann, Jose A. Morales, Hasan Yasar
In this paper, the authors layout the process with insights on performing a DevOps assessment in a highly regulated environment.
DOWNLOAD -
A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)
• Technical Note
By Greg Porter (Heinz College at Carnegie Mellon University), Robert A. Vrtis, Matthew Trevors
This technical note describes mapping of HIPAA Security Rule requirements to practice questions found in the CERT Cyber Resilience Review for organizations' use in HIPAA compliance.
DOWNLOAD -
A Hybrid Threat Modeling Method
• Technical Note
By Ole Villadsen (Carnegie Mellon University), Nancy R. Mead, Forrest Shull, Krishnamurthy Vemuru (University of Virginia)
Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.
DOWNLOAD -
Cyber Mutual Assistance Workshop Report
• Special Report
By Dan Bennett, PhD (Army Cyber Institute), Dan Huynh (Army Cyber Institute), Blake Rhoades (Army Cyber Institute), Matt Hutchison (Army Cyber Institute), Judy Esquibel (Army Cyber Institute), Bill Lawrence (North American Electric Reliability Corporation), Jonathon Monken (PJM Interconnection), Fernando Maymi, PhD (Army Cyber Institute), Katie C. Stewart
The Army Cyber Institute hosted a Cyber Mutual Assistance Workshop to identify challenges in defining cyber requirements for Regional Mutual Assistance Groups.
DOWNLOAD -
Embedded Device Vulnerability Analysis Case Study Using Trommel
• White Paper
By Madison Oliver, Kyle O'Meara
This document provides security researchers with a repeatable methodology to produce more thorough and actionable results when analyzing embedded devices for vulnerabilities.
DOWNLOAD -
2017 Emerging Technology Domains Risk Survey
• Technical Report
By Kyle O'Meara, Joel Land, Dan J. Klinedinst
This report describes our understanding of future technologies and helps US-CERT identify vulnerabilities, promote security practices, and understand vulnerability risk.
DOWNLOAD -
R-EACTR: A Framework for Designing Realistic Cyber Warfare Exercises
• Technical Report
By Geoffrey B. Dobson, Adam D. Cerini, Thomas G. Podnar, Luke J. Osterritter
R-EACTR is a design framework for cyber warfare exercises. It ensures that designs of team-based exercises factor realism into all aspects of the participant experience.
DOWNLOAD -
Architecture Practices for Complex Contexts
• White Paper
By John Klein
This doctoral thesis, completed at Vrije Universiteit Amsterdam, focuses on software architecture practices for systems of systems, including data-intensive systems.
DOWNLOAD -
Defining a Progress Metric for CERT-RMM Improvement
• Technical Note
By Nader Mehravari, Gregory Crabb (United States Postal Service), David Tobar
Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.
DOWNLOAD -
Blacklist Ecosystem Analysis: January - June, 2017
• White Paper
By Eric Hatleback, Leigh B. Metcalf
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data …
DOWNLOAD -
The CERT Guide to Coordinated Vulnerability Disclosure
• Special Report
By Allen D. Householder, Christopher King, Art Manion, Garret Wassermann
This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go …
DOWNLOAD -
Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers
• Special Report
By Joel Land
This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers.
DOWNLOAD -
Department of Defense Software Factbook
• Technical Report
By David Zubrow, Rhonda Brown, James McCurley, Christopher Miller, Brad Clark, Mike Zuccher (No Affiliation)
In this report, the Software Engineering Institute has analyzed data related to DoD software projects and translated it into information that is frequently sought-after across the DoD.
DOWNLOAD -
DidFail: Coverage and Precision Enhancement
• Technical Report
By Pranav Bagree (No Affiliation), Karan Dwivedi (No Affiliation), Hongli Yin (No Affiliation), Xiaoxiao Tang (No Affiliation), Lori Flynn, William Klieber, William Snavely
This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.
DOWNLOAD -
The Hard Choices Game Explained
• White Paper
By Ipek Ozkaya, Erin Lim, Philippe Kruchten, Nanette Brown, Robert Nord
The Hard Choices game is a simulation of the software development cycle meant to communicate the concepts of uncertainty, risk, and technical debt.
DOWNLOAD -
Federal Virtual Training Environment (FedVTE)
• White Paper
By April Galyardt, Marie Baker, Dominic A. Ross
The Federal Virtual Training Environment (FedVTE) is an online, on‐demand training system containing cybersecurity and certification prep courses, at no cost to federal, state, and local government employees.
DOWNLOAD -
Blacklist Ecosystem Analysis: July – December 2016
• White Paper
By Leigh B. Metcalf, Eric Hatleback
This report provides a summary of various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this …
DOWNLOAD -
Guide to Software Architecture Tools
• White Paper
By None
This document discusses tools and methods for analyzing the architecture, establishing requirements, evaluating the architecture, and defining the architecture.
DOWNLOAD -
System-of-Systems Software Architecture Evaluation
• White Paper
By None
The SoS Architecture Evaluation Method provides an initial identification of SoS architectural risks and quality attribute inconsistencies across the constituent systems.
DOWNLOAD -
IEEE Computer Society/Software Engineering Institute Watts S. Humphrey Software Process Achievement Award
• White Paper
By None
IEEE Computer Society/Software Engineering Institute Watts S. Humphrey Software Process Achievement Award
DOWNLOAD -
SEI-Certified PSP Developer Examination: Sample Questions
• White Paper
By None
This page contains sample questions similar to those found on the PSP Developer examination.
DOWNLOAD -
IEEE Computer Society/Software Engineering Institute Watts S. Humphrey Software Process Achievement Award 2016: Raytheon Integrated Defense Systems
• Technical Report
By Neal Mackertich (Raytheon), Kurt Mittelstaedt (Raytheon), Peter Kraus (Raytheon), Kelli Grimes (Raytheon), Dan Bardsley (Raytheon), Brian Foley (Raytheon), Mike Nolan (Raytheon)
The Raytheon Integrated Defense Systems DFSS team has been recognized with the 2016 Watts Humphrey Software Process Achievement Award.
DOWNLOAD -
IEEE Computer Society/Software Engineering Institute Watts S. Humphrey Software Process Achievement (SPA) Award 2016: Nationwide
• Technical Report
By Will J.M. Pohlman (Nationwide IT)
This report describes the 10-year history of Nationwide's software process improvement journey. Nationwide received the 2016 Watts Humphrey Software Process Achievement Award from the SEI and IEEE.
DOWNLOAD -
Prototype Software Assurance Framework (SAF): Introduction and Overview
• Technical Note
By Carol Woody, Christopher J. Alberts
In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.
DOWNLOAD -
15 Tips for Preparing and Delivering a Great Presentation at SATURN
• White Paper
By None
You submitted a proposal to SATURN, and it got accepted. Congratulations! Here are 15 tips for creating and giving a great presentation at SATURN.
DOWNLOAD -
The CISO Academy
• White Paper
By David Ulicne, Summer C. Fowler, Pamela D. Curtis, David Tobar
In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.
DOWNLOAD -
Agile Acquisition and Milestone Reviews
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 4
DOWNLOAD -
Management and Contracting Practices for Agile Programs
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 3
DOWNLOAD -
Estimating in Agile Acquisition
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 5
DOWNLOAD -
Agile Development and DoD Acquisitions
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 1
DOWNLOAD -
Agile Culture in the DoD
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 2
DOWNLOAD -
Adopting Agile in DoD IT Acquisitions
• White Paper
By None
Acquisition & Management Concerns for Agile Use in Government Series - 6
DOWNLOAD -
Supply Chain and Commercial-off-the-Shelf (COTS) Assurance
• White Paper
By None
The Software Engineering Institute can help your organization apply techniques to reduce software supply chain risk.
DOWNLOAD -
COTS-Based Systems
• White Paper
By None
This paper presents a summary of SEI commercial off-the-shelf (COTS) software documents and COTS tools.
DOWNLOAD -
Create a CSIRT
• White Paper
By None
This white paper discusses the issues and decisions organizations should address when planning, implementing, and building a CSIRT.
DOWNLOAD -
Skills Needed When Staffing Your CSIRT
• White Paper
By None
This white paper describes a set of skills that CSIRT staff members should have to provide basic incident-handling services.
DOWNLOAD -
CSIRT Frequently Asked Questions (FAQ)
• White Paper
By None
This FAQ addresses CSIRTS, organizations responsible for receiving, reviewing, and responding to computer security incident reports and activity.
DOWNLOAD -
CERT-RMM Capability Appraisals
• White Paper
By None
The white paper describe CERT-RMM appraisals and the benefits they offer organizations.
DOWNLOAD -
A Technical History of the SEI
• Special Report
By Larry Druffel
This report chronicles the technical accomplishments of the Software Engineering Institute and its impact on the Department of Defense software community, as well as on the broader software engineering community.
DOWNLOAD -
SQUARE Frequently Asked Questions (FAQ)
• White Paper
By None
This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.
DOWNLOAD -
Common Sense Guide to Mitigating Insider Threats, Fifth Edition
• Technical Report
By Matthew L. Collins, Andrew P. Moore, Michael J. Albrethsen, Tracy Cassidy, Daniel L. Costa, Jason W. Clark, Jeremy R. Strozer, Randall F. Trzeciak, Michael C. Theis
Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases.
DOWNLOAD -
Architecture-Led Safety Process
• Technical Report
By David P. Gluch, Peter H. Feiler, Julien Delange, John McGregor
Architecture-Led Safety Analysis (ALSA) is a safety analysis method that uses early architecture knowledge to supplement traditional safety analysis techniques to identify faults as early as possible.
DOWNLOAD -
The Critical Role of Positive Incentives for Reducing Insider Threats
• Technical Report
By Nathan M. VanHoudnos, Andrew P. Moore, Matthew L. Collins, Jennifer Cowley, Denise M. Rousseau (Carnegie Mellon University), Jeff Savinda, Elizabeth A. Monaco, Jamie L. Moyes, Tracy Cassidy, Allison Parshall, Samuel J. Perl, Daniel Bauer, Palma Buttles-Valdez
This report describes how positive incentives complement traditional practices to provide a better balance for organizations' insider threat programs.
DOWNLOAD -
Update 2016: Considerations for Using Agile in DoD Acquisition
• Technical Note
By Dan Ward (Dan Ward Consulting), Suzanne Miller, Daniel Burton, Alfred Schenker, Charles (Bud) Hammons, Ray C. Williams, Mary Ann Lapham
This report updates a 2010 technical note, addressing developments in commercial Agile practices as well as the Department of Defense (DoD) acquisition environment.
DOWNLOAD -
Scaling Agile Methods for Department of Defense Programs
• Technical Note
By Suzanne Miller, Peter Capell, Will Hayes, Mary Ann Lapham, Eileen Wrubel
This report discusses methods for scaling Agile processes to larger software development programs in the Department of Defense.
DOWNLOAD -
Low Cost Technical Solutions to Jump Start an Insider Threat Program
• Technical Note
By Michael J. Albrethsen, Derrick Spooner, Daniel L. Costa, George Silowash
This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders.
DOWNLOAD -
RFP Patterns and Techniques for Successful Agile Contracting
• Special Report
By Greg Howard (MITRE), John H. Norton III (Raytheon Integrated Defense Systems), Michael Ryan (BTAS), Keith Korzec, Peter Capell, Thomas E. Friend (Agile On Target), Steven Martin (Space and Missile Systems Center), Larri Ann Rosser (Raytheon Intelligence Information and Services), Mary Ann Lapham
This report discusses request-for-proposal patterns and techniques for successfully contracting a federal Agile project.
DOWNLOAD -
Ultra-Large-Scale Systems: Socio-adaptive Systems
• White Paper
By Gabriel Moreno, Mark H. Klein, Lutz Wrage, Scott Hissam, Linda M. Northrop
Ultra-large-scale systems are interdependent webs of software, people, policies, and economics. In socio-adaptive systems, humans and software interact as peers.
DOWNLOAD -
Cyber-Physical Systems
• White Paper
By David Kyle, Mark H. Klein, John J. Hudak, Scott Hissam, Jeffrey Hansen, Dionisio de Niz, Sagar Chaki, Bjorn Andersson, Gabriel Moreno
Cyber-physical systems (CPS) integrate computational algorithms and physical components. SEI promotes the efficient development of high-confidence, distributed CPS.
DOWNLOAD -
Pervasive Mobile Computing
• White Paper
By William Anderson, James Root, Marc Novakouski, Edwin J. Morris, Grace Lewis, James Edmondson, Ben W. Bradshaw, Jeff Boleng
Pervasive mobile computing focuses on how soldiers and first responders can use smartphones, tablets, and other mobile/wearable devices at the tactical edge.
DOWNLOAD -
Predictability by Construction
• White Paper
By Linda M. Northrop, Gabriel Moreno, Sagar Chaki, Scott Hissam, Kurt C. Wallnau
Predictability by construction (PBC) makes the behavior of a component-based system predictable before implementation, based on known properties of components.
DOWNLOAD -
Blacklist Ecosystem Analysis: January – June, 2016
• White Paper
By Leigh B. Metcalf, Eric Hatleback
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data …
DOWNLOAD -
FAA Research Project on System Complexity Effects on Aircraft Safety: Testing the Identified Metrics
• White Paper
By Charles Weinstock, Bill Nichols, Sarah Sheard, Michael D. Konrad
This report describes a test of an algorithm for estimating the complexity of a safety argument.
DOWNLOAD -
FAA Research Project on System Complexity Effects on Aircraft Safety: Estimating Complexity of a Safety Argument
• White Paper
By Michael D. Konrad, Sarah Sheard, Charles Weinstock, Bill Nichols
This report presents a formula for estimating the complexity of an avionics system and directly connects that complexity to the size of its safety argument.
DOWNLOAD -
FAA Research Project on System Complexity Effects on Aircraft Safety: Identifying the Impact of Complexity on Safety
• White Paper
By Donald Firesmith, Sarah Sheard, Charles Weinstock, Michael D. Konrad
This report organizes our work on the impact of software complexity on aircraft safety by asking, “How can complexity complicate safety and, thus, certification?”
DOWNLOAD -
FAA Research Project on System Complexity Effects on Aircraft Safety: Candidate Complexity Metrics
• White Paper
By Bill Nichols, Sarah Sheard
This special report identifies candidate measures of complexity for systems with embedded software that relate to safety, assurance, or both.
DOWNLOAD -
FAA Research Project on System Complexity Effects on Aircraft Safety: Literature Search to Define Complexity for Avionics Systems
• White Paper
By Michael D. Konrad, Sarah Sheard
This special report describes the results of a literature review sampling what is known about complexity for application in the context of safety and assurance.
DOWNLOAD -
Seven Proposal-Writing Tips That Make Conference Program Committees Smile
• White Paper
By Bill Pollak, Mike Petock
Writing a great session proposal for a conference is difficult. Here are seven tips for writing a session proposal that will make reviewers go from frown to smile.
DOWNLOAD -
Definition and Measurement of Complexity in the Context of Safety Assurance
• Technical Report
By Bill Nichols, Charles Weinstock, Sarah Sheard, Michael D. Konrad
This report describes research to define complexity measures for avionics systems to help the FAA identify when systems are too complex to assure their safety.
DOWNLOAD -
Establishing Trusted Identities in Disconnected Edge Environments
• White Paper
By Dan J. Klinedinst, Sebastián Echeverría, Keegan M. Williams
he goal of this paper is to present a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field.
DOWNLOAD -
A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)
• Technical Note
By Jeffrey Pinckard, Robert A. Vrtis, Michael Rattigan
To help financial organizations assess cyber resilience, we map FFIEC Cybersecurity Assessment Tool (CAT) statements to Cyber Resilience Review (CRR) questions.
DOWNLOAD -
Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach
• White Paper
By Charles M. Wallen, John Haller
A resilience-based approach can help financial services organizations to manage cybersecurity risks from outsourcing and comply with federal regulations.
DOWNLOAD -
Agile Development in Government: Myths, Monsters, and Fables
• White Paper
By Mary Ann Lapham, Suzanne Miller, David J. Carney
This volume is a reflection on attitudes toward Agile software development now current in the government workplace.
DOWNLOAD -
Striving for Effective Cyber Workforce Development
• White Paper
By Marie Baker
This paper reviews the issue of cyber awareness and identify efforts to combat this deficiency and concludes with strategies moving forward.
DOWNLOAD -
Segment-Fixed Priority Scheduling for Self-Suspending Real-Time Tasks
• Technical Report
By Junsung Kim, Geoffrey Nelissen, Jian-Jia Chen, Ragunathan (Raj) Rajkumar, Dionisio de Niz, Bjorn Andersson, Wen-Hung Huang
This report describes schedulability analyses and proposes segment-fixed priority scheduling for self-suspending tasks.
DOWNLOAD -
Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)
• Technical Note
By Craig Lewis, Joseph Tammariello
This report describes how to set up a centralized reporting console for the Windows Enhanced Mitigation Experience Toolkit.
DOWNLOAD -
The QUELCE Method: Using Change Drivers to Estimate Program Costs
• Technical Note
By Sarah Sheard
This technical note introduces Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), a method for estimating program costs early in development.
DOWNLOAD -
Blacklist Ecosystem Analysis: 2016 Update
• White Paper
By Eric Hatleback, Leigh B. Metcalf, Jonathan Spring
This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.
DOWNLOAD -
Architecture Fault Modeling and Analysis with the Error Model Annex, Version 2
• Technical Report
By John J. Hudak, David P. Gluch, Julien Delange, Peter H. Feiler
This report describes the Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling, which supports safety, reliability, and security analyses.
DOWNLOAD -
A Requirement Specification Language for AADL
• Technical Report
By Lutz Wrage, Peter H. Feiler, Julien Delange
This report describes a textual requirement specification language, called ReqSpec, for the Architecture Analysis & Design Language (AADL) and demonstrates its use.
DOWNLOAD -
DMPL: Programming and Verifying Distributed Mixed-Synchrony and Mixed-Critical Software
• Technical Report
By Sagar Chaki, David Kyle
DMPL is a language for programming distributed real-time, mixed-criticality software. It supports distributed systems in which each node executes a set of periodic real-time threads that are scheduled by priority …
DOWNLOAD -
Wireless Emergency Alerts Commercial Mobile Service Provider (CMSP) Cybersecurity Guidelines
• Special Report
By Carol Woody, Christopher J. Alberts, Audrey J. Dorofee
This report provides members of the Commercial Mobile Service Provider (CMSP) community with practical guidance for better managing cybersecurity risk exposure, based on an SEI study of the CMSP element …
DOWNLOAD -
Report Writer and Security Requirements Finder: User and Admin Manuals
• Special Report
By Anand Sankalp (Carnegie Mellon University), Gupta Anurag (Carnegie Mellon), Priyam Swati (Carnegie Mellon University), Yaobin Wen (Carnegie Mellon University), Walid El Baroni (Carnegie Mellon University), Nancy R. Mead
This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
DOWNLOAD -
Applying the Goal-Question-Indicator-Metric (GQIM) Method to Perform Military Situational Analysis
• Technical Note
By Douglas Gray
This report describes how to use the goal-question-indicator-metric method in tandem with the military METT-TC method (mission, enemy, time, terrain, troops available, and civil-military considerations).
DOWNLOAD -
An Insider Threat Indicator Ontology
• Technical Report
By Daniel L. Costa, Michael J. Albrethsen, Matthew L. Collins, Samuel J. Perl, George Silowash, Derrick Spooner
This report presents an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.
DOWNLOAD -
Using Honeynets and the Diamond Model for ICS Threat Analysis
• Technical Report
By John Kotheimer, Deana Shick, Kyle O'Meara
This report presents an approach to analyzing approximately 16 gigabytes of full packet capture data collected from an industrial control system honeynet—a network of seemingly vulnerable machines designed to lure …
DOWNLOAD -
2016 State of Cybercrime Survey
• White Paper
By None
This paper examines the current state of cybercrime and explores how organizations and individuals respond to cybercrime threats.
DOWNLOAD -
The QUELCE Method: Using Change Drivers to Estimate Program Costs
• White Paper
By Sarah Sheard
This report introduces the Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE) method for estimating program costs early in a development lifecycle.
DOWNLOAD -
A Unique Approach to Threat Analysis Mapping: A Malware-Centric Methodology
• Technical Report
By Deana Shick, Kyle O'Meara
As they constantly change network infrastructure, adversaries consistently use and update their tools. This report presents a way for researchers to begin threat analysis with those tools rather than with …
DOWNLOAD -
On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle
• White Paper
By Christopher King, Dan J. Klinedinst
This report describes cybersecurity risks and vulnerabilities in modern connected vehicles.
DOWNLOAD -
2016 Emerging Technology Domains Risk Survey
• Technical Report
By Todd Lewellen, Christopher King, Garret Wassermann, Dan J. Klinedinst
This 2016 report provides a snapshot of our current understanding of future technologies.
DOWNLOAD -
Malware Capability Development Patterns Respond to Defenses: Two Case Studies
• White Paper
By Ed Stoner, Kyle O'Meara, Deana Shick, Jonathan Spring
In this paper, the authors describe their analysis of two case studies to outline the relationship between adversaries and network defenders.
DOWNLOAD -
Cyber-Foraging for Improving Survivability of Mobile Systems
• Technical Report
By James Root, Ben W. Bradshaw, Grace Lewis, Sebastián Echeverría
This report presents an architecture and experimental results that demonstrate that cyber-foraging using tactical cloudlets increases the survivability of mobile systems.
DOWNLOAD -
CERT-RMM Version 1.2 Release Notes
• White Paper
By None
This document contains the release notes for CERT-RMM Version 1.2, released February 2014.
DOWNLOAD -
DoD Software Factbook
• White Paper
By Brad Clark, James McCurley, David Zubrow
This DoD Factbook is an initial analysis of software engineering data from the perspective of policy and management questions about software projects.
DOWNLOAD -
Architecture-Led Safety Analysis of the Joint Multi-Role (JMR) Joint Common Architecture (JCA) Demonstration System
• Special Report
By Peter H. Feiler
This report summarizes an architecture-led safety analysis of the aircraft-survivability situation-awareness system for the Joint Multi-Role vertical lift program.
DOWNLOAD -
Requirements and Architecture Specification of the Joint Multi-Role (JMR) Joint Common Architecture (JCA) Demonstration System
• Special Report
By Peter H. Feiler
This report describes a method for capturing information from requirements documents in AADL and the draft Requirement Definition & Analysis Language Annex.
DOWNLOAD -
Potential System Integration Issues in the Joint Multi-Role (JMR) Joint Common Architecture (JCA) Demonstration System
• Special Report
By Peter H. Feiler, John J. Hudak
This report describes a method for capturing information from requirements documents in AADL to identify potential integration problems early in system development.
DOWNLOAD -
Extending AADL for Security Design Assurance of Cyber-Physical Systems
• Technical Report
By Allen D. Householder, Robert J. Ellison, Rick Kazman, John J. Hudak, Carol Woody
This report demonstrates the viability and limitations of using the Architecture Analysis and Design Language (AADL) through an extended example that allows for specifying and analyzing the security properties of …
DOWNLOAD -
Cybersecurity Considerations for Vehicles
• White Paper
By Jens Palluch (Method Park), Mark Sherman
In this paper the authors discuss the number of ECUs and software in modern vehicles and the need for cybersecurity to include vehicles.
DOWNLOAD -
Analytic Approaches to Detect Insider Threats
• White Paper
By None
This paper identifies steps that organizations can use to enhance their security posture to detect potential insider threats.
DOWNLOAD -
Intelligence Preparation for Operational Resilience (IPOR)
• Special Report
By Douglas Gray
The author describes Intelligence Preparation for Operational Resilience (IPOR), a framework for preparing intelligence that complements commonly used intelligence frameworks such as Intelligence Preparation of the Battlefield (IPB).
DOWNLOAD -
Evaluating and Mitigating the Impact of Complexity in Software Models
• Technical Report
By Min-Young Nam, Bill Nichols, John J. Hudak, Jim McHale, Julien Delange
This report defines software complexity, metrics for complexity, and the effects of complexity on cost and presents an analysis tool to measure complexity in models.
DOWNLOAD -
Cyber + Culture Early Warning Study
• Special Report
By Char Sample
This study was designed to profile cyber actors, and to examine the time interval between cyber and kinetic events in order to gain greater insights into nation-state cyber responses to …
DOWNLOAD -
Effective Insider Threat Programs: Understanding and Avoiding Potential Pitfalls
• White Paper
By William E. Novak, Andrew P. Moore, Michael C. Theis, Randall F. Trzeciak, Matthew L. Collins
In this paper, the authors describe the potential ways an insider threat program (InTP) could go wrong and engage the community to discuss its concerns.
DOWNLOAD -
Structuring the Chief Information Security Officer Organization
• Technical Note
By Nader Mehravari, Julia H. Allen, Pamela D. Curtis, David Tobar, Gregory Crabb (United States Postal Service), Brendan Fitzpatrick
The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.
DOWNLOAD -
Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution
• Technical Report
By Michael Riley (Veris Group), Marie Vaughn (Veris Group), Robert W. Stoddard, William Gulley (Veris Group), Erik Ebel (Veris Group), Anne Connell, C. Aaron Cois, Julia H. Allen, Brian D. Wisniewski, Douglas Gray
This technical report focuses on cybersecurity at the indirect, strategic level. It discusses how cybersecurity decision makers at the tactical or implementation level can establish a supportive contextual environment to …
DOWNLOAD -
Secure Coding Analysis of an AADL Code Generator's Runtime System
• White Paper
By David Keaton
This paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.
DOWNLOAD -
Contracting for Agile Software Development in the Department of Defense: An Introduction
• Technical Note
By Eileen Wrubel, Jon Gross
This technical note addresses effective contracting for Agile software development and offers a primer on Agile based on a contracting officer's goals.
DOWNLOAD -
CND Equities Strategy
• White Paper
By Jonathan Spring, Ed Stoner
In this paper, the authors discuss strategies for successful computer network defense (CND) based on considering the adversaries' responses.
DOWNLOAD -
Comments on Bureau of Industry and Security (BIS) Proposed Rule Regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation for Intrusion and Surveillance Items
• White Paper
By Allen D. Householder, Art Manion
In this paper, CERT researchers comment on the proposed rule, Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items.
DOWNLOAD -
Enabling Incremental Iterative Development at Scale: Quality Attribute Refinement and Allocation in Practice
• Technical Report
By Robert Nord, Ipek Ozkaya, Stephany Bellomo, Neil Ernst
This report describes industry practices used to develop business capabilities and suggests approaches to enable large-scale iterative development, or agile at scale.
DOWNLOAD -
State of Practice Report: Essential Technical and Nontechnical Issues Related to Designing SoS Platform Architectures
• Technical Report
By John Klein, Sholom G. Cohen
This report analyzes the state of the practice in system-of-systems (SoS) development, based on 12 interviews of leading SoS developers in the DoD and industry.
DOWNLOAD -
Emerging Technology Domains Risk Survey
• Technical Note
By Andrew O. Mellinger, Christopher King, Jonathan Chu
This report provides a snapshot in time of our current understanding of future technologies.
DOWNLOAD -
SCALe Analysis of JasPer Codebase
• White Paper
By David Svoboda
In this paper, David Svoboda provides the findings of a SCALe audit on a codebase.
DOWNLOAD -
Model-Driven Engineering: Automatic Code Generation and Beyond
• Technical Note
By Jay Marchetti, John Klein, Harry L. Levinson
This report offers guidance on selecting, analyzing, and evaluating model-driven engineering tools for automatic code generation in acquired systems.
DOWNLOAD -
Defining a Maturity Scale for Governing Operational Resilience
• Technical Note
By Audrey J. Dorofee, Katie C. Stewart, Michelle A. Valdez, Lisa R. Young, Julia H. Allen
Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.
DOWNLOAD -
SEI SPRUCE Project: Curating Recommended Practices for Software Producibility
• White Paper
By Tamara Marshall-Keim, B. Craig Meyers, Michael D. Konrad, Mike Petock, Bill Pollak, Gerald W. Miller
This paper describes the Systems and Software Producibility Collaboration Environment (SPRUCE) project and the resulting recommended practices on five software topics.
DOWNLOAD -
Improving Quality Using Architecture Fault Analysis with Confidence Arguments
• Technical Report
By Charles Weinstock, Neil Ernst, Julien Delange, John B. Goodenough, Ari Z. Klein, Peter H. Feiler
The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design …
DOWNLOAD -
Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets
• Technical Report
By William Snavely, Wei Shen, Jonathan Lim, William Klieber, Lori Flynn, Jonathan Burket
In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.
DOWNLOAD -
Eliminative Argumentation: A Basis for Arguing Confidence in System Properties
• Technical Report
By Charles Weinstock, Ari Z. Klein, John B. Goodenough
This report defines the concept of eliminative argumentation and provides a basis for assessing how much confidence one should have in an assurance case argument.
DOWNLOAD -
A Proven Method for Meeting Export Control Objectives in Postal and Shipping Sectors
• Technical Note
By Julia H. Allen, Pamela D. Curtis, Nader Mehravari, Gregory Crabb (United States Postal Service)
This report describes how the CERT-RMM enabled the USPIS to implement an innovative approach for achieving complex international mail export control objectives.
DOWNLOAD -
Measuring What Matters Workshop Report
• Technical Note
By Julia H. Allen, Katie C. Stewart, Lisa R. Young, Michelle A. Valdez
This report describes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop and identifying improvements for future offerings.
DOWNLOAD -
A Dynamic Model of Sustainment Investment
• Technical Report
By Robert Ferguson, Andrew P. Moore, Mike Phillips, Sarah Sheard
This paper describes a dynamic sustainment model that shows how budgeting, allocation of resources, mission performance, and strategic planning are interrelated and how they affect each other over time.
DOWNLOAD -
Cybersecurity Assurance
• White Paper
By None
This paper describes the SEI research and solutions that help organizations gain justified confidence in their cybersecurity posture.
DOWNLOAD -
Blacklist Ecosystem Analysis Update: 2014
• White Paper
By Jonathan Spring, Leigh B. Metcalf
This white paper compares the contents of 85 different Internet blacklists to discover patterns in shared entries.
DOWNLOAD -
Predicting Software Assurance Using Quality and Reliability Measures
• Technical Note
By Robert J. Ellison, Bill Nichols, Carol Woody
In this report, the authors discuss how a combination of software development and quality techniques can improve software security.
DOWNLOAD -
Regional Use of Social Networking Tools
• Technical Report
By Kate Meeuf
This paper explores the regional use of social networking services (SNSs) to determine if participation with a subset of SNSs can be applied to identify a user's country of origin.
DOWNLOAD -
Domain Parking: Not as Malicious as Expected
• White Paper
By Jonathan Spring, Leigh B. Metcalf
In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set, evaluate whether this behavior appears to be …
DOWNLOAD -
Pattern-Based Design of Insider Threat Programs
• Technical Note
By Dave Mundie, David McIntire, Andrew P. Moore, Matthew L. Collins, Robin Ruefle
In this report, the authors describe a pattern-based approach to designing insider threat programs that could provide a better defense against insider threats.
DOWNLOAD -
Introduction to the Security Engineering Risk Analysis (SERA) Framework
• Technical Note
By Carol Woody, Audrey J. Dorofee, Christopher J. Alberts
This report introduces the SERA Framework, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
DOWNLOAD -
Using Malware Analysis to Tailor SQUARE for Mobile Platforms
• Technical Note
By Gregory Paul Alice, Nancy R. Mead
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
DOWNLOAD -
A Method for Aligning Acquisition Strategies and Software Architectures
• Technical Note
By David J. Carney, Lisa Brownsword, Patrick R. Place, Cecilia Albert
This report describes the third year of the SEI's research into aligning acquisition strategies and software architecture.
DOWNLOAD -
Agile Methods in Air Force Sustainment: Status and Outlook
• Technical Note
By Colleen Regan, Michael S. Bandor, Stephen Beck, Eileen Wrubel, Mary Ann Lapham
This paper examines using Agile techniques in the software sustainment arena—specifically Air Force programs. The intended audience is the staff of DoD programs and related personnel who intend to use …
DOWNLOAD -
Development of an Intellectual Property Strategy: Research Notes to Support Department of Defense Programs
• Special Report
By Charlene Gross
This report is intended to help program managers understand categories of intellectual property, various intellectual property challenges, and approaches to assessing the license rights that the program needs for long-term …
DOWNLOAD -
AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment
• Technical Report
By Julien Delange, Peter H. Feiler, David P. Gluch, John J. Hudak
This report describes how the Architecture Analysis and Design Language (AADL) Error Model Annex supports the safety-assessment methods in SAE Standard ARP4761.
DOWNLOAD -
CERT Resilience Management Model—Mail-Specific Process Areas: International Mail Transportation (Version 1.0)
• Technical Note
By Gregory Crabb (United States Postal Service), Dawn Wilkes, Nader Mehravari, Sam Lin, Pamela D. Curtis, Julia H. Allen
This report describes a new process area that ensures that international mail is transported according to Universal Postal Union standards.
DOWNLOAD -
CERT Resilience Management Model—Mail-Specific Process Areas: Mail Revenue Assurance (Version 1.0)
• Technical Note
By Nader Mehravari, Pamela D. Curtis, Julia H. Allen, Gregory Crabb (United States Postal Service), David W. White
This report describes a new process area that ensures that the USPS is compensated for mail that is accepted, transported, and delivered.
DOWNLOAD -
CERT Resilience Management Model—Mail-Specific Process Areas: Mail Induction (Version 1.0)
• Technical Note
By David W. White, Pamela D. Curtis, Nader Mehravari, Gregory Crabb (United States Postal Service), Julia H. Allen
This report describes a new process area that ensures that mail is inducted into the U.S. domestic mail stream according to USPS standards and requirements.
DOWNLOAD -
Smart Collection and Storage Method for Network Traffic Data
• Technical Report
By Nathan Dell, Angela Horneman
This report discusses considerations and decisions to be made when designing a tiered network data storage solution.
DOWNLOAD -
A Systematic Approach for Assessing Workforce Readiness
• Technical Report
By Christopher J. Alberts, David McIntire
In this report, the authors present the Competency Lifecycle Roadmap and the readiness test development method, both used to maintain workforce readiness.
DOWNLOAD -
Assuring Software Reliability
• Special Report
By Robert J. Ellison
This report describes ways to incorporate the analysis of the potential impact of software failures--regardless of their cause--into development and acquisition practices through the use of software assurance.
DOWNLOAD -
Patterns and Practices for Future Architectures
• Technical Note
By Scott McMillan, Eric Werner, Jonathan Chu
This report discusses best practices and patterns that will make high-performance graph analytics on new and emerging architectures more accessible to users.
DOWNLOAD -
Abuse of Customer Premise Equipment and Recommended Actions
• White Paper
By Chris Hallenbeck, Jonathan Spring, Paul Vixie
In this paper, the authors provide recommendations for addressing problems related to poor management of Consumer Premise Equipment (CPE).
DOWNLOAD -
Performance of Compiler-Assisted Memory Safety Checking
• Technical Note
By David Keaton, Robert C. Seacord
This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely …
DOWNLOAD -
Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector
• Technical Note
By CERT Insider Threat Team
This report analyzes unintentional insider threat cases of phishing and other social engineering attacks involving malware.
DOWNLOAD -
Evaluation of the Applicability of HTML5 for Mobile Applications in Resource-Constrained Edge Environments
• Technical Note
By Grace Lewis, Bryan Yan (Carnegie Mellon University – Institute for Software Research)
This technical note presents an analysis of the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in battlefield or …
DOWNLOAD -
Agile Software Teams: How They Engage with Systems Engineering on DoD Acquisition Programs
• Technical Note
By Eileen Wrubel, Suzanne Miller, Mary Ann Lapham, Timothy A. Chick
This technical note addresses issues with Agile software teams engaging systems engineering functions in developing and acquiring software-reliant systems.
DOWNLOAD -
Improving the Automated Detection and Analysis of Secure Coding Violations
• Technical Note
By Daniel Plakosh, David Zubrow, David Svoboda, Robert W. Stoddard, Robert C. Seacord
This technical note describes the accuracy analysis of the Source Code Analysis Laboratory (SCALe) tools and the characteristics of flagged coding violations.
DOWNLOAD -
CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 2
• Technical Note
By Mary Popeck, Lisa R. Young, Kevin G. Partridge
This update to Version 1 of this same title (CMU/SEI-2011-TN-028) maps CERT-RMM process areas to certain NIST 800-series special publications.
DOWNLOAD -
The Business Case for Systems Engineering: Comparison of Defense Domain and Non-defense Projects
• Special Report
By Joseph P. Elm, Dennis Goldenson
This report analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness.
DOWNLOAD -
Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study
• Technical Report
By Jennifer Cowley
This report describes individual and team factors that enable, encumber, or halt the development of malicious-code reverse engineering expertise.
DOWNLOAD -
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
• Technical Note
By Audrey J. Dorofee, Mark Zajicek, Robin Ruefle, Christopher J. Alberts
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
DOWNLOAD -
A Taxonomy of Operational Cyber Security Risks Version 2
• Technical Note
By Mary Popeck, James J. Cebula, Lisa R. Young
This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
DOWNLOAD -
An Evaluation of A-SQUARE for COTS Acquisition
• Technical Note
By Nancy R. Mead, Sidhartha Mani
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
DOWNLOAD -
Investigating Advanced Persistent Threat 1 (APT1)
• Technical Report
By Angela Horneman, Deana Shick
This report analyzes unclassified data sets in an attempt to understand APT1's middle infrastructure.
DOWNLOAD -
Precise Static Analysis of Taint Flow for Android Application Sets
• White Paper
By Amar S. Bhosale (No Affiliation)
This thesis describes a static taint analysis for Android that combines the FlowDroid and Epicc analyses to track inter- and intra-component data flow.
DOWNLOAD -
Data-Driven Software Assurance: A Research Study
• Technical Report
By Art Manion, Julia L. Mullaney, Bill Nichols, Andrew P. Moore, Michael D. Konrad, Erin Harper, Michael F. Orlando
In 2012, Software Engineering Institute (SEI) researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.
DOWNLOAD -
ALTernatives to Signatures (ALTS)
• White Paper
By John Stogoski, George Jones
This paper presents the results of a study of non-signature-based approaches to detecting malicious activity in computer network traffic.
DOWNLOAD -
Potential Use of Agile Methods in Selected DoD Acquisitions: Requirements Development and Management
• Technical Note
By David J. Carney, Suzanne Miller, Kenneth Nidiffer
This report explores issues that practitioners in the field who are actively adopting Agile methods have identified in our interviews about their experience in defining and managing requirements.
DOWNLOAD -
The Readiness & Fit Analysis: Is Your Organization Ready for Agile?
• White Paper
By Suzanne Miller
This paper summarizes the Readiness & Fit Analysis and describes its extension to support risk identification for organizations that are adopting agile methods.
DOWNLOAD -
International Implementation of Best Practices for Mitigating Insider Threat: Analyses for India and Germany
• Technical Report
By Tracy Cassidy, Travis Wright (Carnegie Mellon University, Master of Science in Information Security Policy and Management Program), Randall F. Trzeciak, Lori Flynn, Carly L. Huth, Palma Buttles-Valdez, Michael C. Theis, George Silowash
This report analyzes insider threat mitigation in India and Germany, using the new framework for international cybersecurity analysis described in the paper titled “Best Practices Against Insider Threats in All …
DOWNLOAD -
Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators
• Special Report
By The WEA Project Team
In this report, the authors describe a cybersecurity risk management (CSRM) strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance …
DOWNLOAD -
Maximizing Trust in the Wireless Emergency Alerts (WEA) Service
• Special Report
By Carol Woody, Robert J. Ellison
This 2014 report presents recommendations for stakeholders of the Wireless Emergency Alerts (WEA) service that resulted from the development of two trust models, focusing on how to increase both alert …
DOWNLOAD -
Wireless Emergency Alerts: Trust Model Simulations
• Special Report
By Robert W. Stoddard, Joseph P. Elm, Timothy Morrow
This report presents four types of simulations run on the public trust model and the alert originator trust model developed for the Wireless Emergency Alerts (WEA) service, focusing on how …
DOWNLOAD -
Commercial Mobile Alert Service (CMAS) Alerting Pipeline Taxonomy
• Technical Report
By The WEA Project Team
This report presents the Commercial Mobile Alert Service (CMAS) Alerting Pipeline Taxonomy, a hierarchical classification that encompasses four elements of the alerting pipeline, to help stakeholders understand and reason about …
DOWNLOAD -
Best Practices in Wireless Emergency Alerts
• Special Report
By Elizabeth Trocki Stark (SRA International, Inc.), John McGregor, Tamara Marshall-Keim, Joseph P. Elm, Robert J. Ellison, Carol Woody, Christopher J. Alberts, Rita C. Creel, Jennifer Lavan (SRA International, Inc.)
This report presents four best practices for the Wireless Emergency Alerts (WEA) service, including implementing WEA in a local jurisdiction, training emergency staff in using WEA, cross-jurisdictional governance of WEA, …
DOWNLOAD -
Study of Integration Strategy Considerations for Wireless Emergency Alerts
• Special Report
By The WEA Project Team
This report identifies key challenges and offers recommendations for alert originators navigating the process of adopting and integrating the Wireless Emergency Alerts (WEA) service into their emergency management systems.
DOWNLOAD -
Results in Relating Quality Attributes to Acquisition Strategies
• Technical Note
By Lisa Brownsword, Patrick R. Place, Cecilia Albert, David J. Carney
This technical note describes the second phase of a study that focuses on the relationships between software architecture and acquisition strategy -- more specifically, their alignment or misalignment.
DOWNLOAD -
Agile Metrics: Progress Monitoring of Agile Contractors
• Technical Note
By Mary Ann Lapham, Will Hayes, Timothy A. Chick, Eileen Wrubel, Suzanne Miller
This technical note offers a reference for those working to oversee software development on the acquisition of major systems from developers using Agile methods.
DOWNLOAD -
Agile Methods and Request for Change (RFC): Observations from DoD Acquisition Programs
• Technical Note
By Michael S. Bandor, Mary Ann Lapham, Eileen Wrubel
This technical note looks at the evaluation and negotiation of technical proposals that reflect iterative development approaches that in turn leverage Agile methods.
DOWNLOAD -
Unintentional Insider Threats: Social Engineering
• Technical Note
By CERT Insider Threat Center
In this report, the authors explore the unintentional insider threat (UIT) that derives from social engineering.
DOWNLOAD -
Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using the CERT® Resilience Management Model
• Technical Note
By Nader Mehravari, Gregory Crabb (United States Postal Service), Julia H. Allen, Pamela D. Curtis
In this report, the authors describe how to improve the resilience of U.S. Postal Service products and services
DOWNLOAD -
A Proven Method for Identifying Security Gaps in International Postal and Transportation Critical Infrastructure
• Technical Note
By Julia H. Allen, Gregory Crabb (United States Postal Service), Pamela D. Curtis, Nader Mehravari
In this report, the authors describe a method of identifying physical security gaps in international mail processing centers and similar facilities.
DOWNLOAD -
Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations
• Technical Note
By Lori Flynn, Chas DiFatta (No Affiliation), Greg Porter (Heinz College at Carnegie Mellon University)
In this report, the authors discuss the countermeasures that cloud service providers use and how they understand the risks posed by insiders.
DOWNLOAD -
TSP Symposium 2013 Proceedings
• Special Report
By Bill Nichols, Leticia Pérez (Universidad de la República), Fernanda Grazioli (Universidad de la República), Rafael Rincón (Universidad EAFIT), Diego Vallespir (Universidad de la República), João Pascoal Faria (University of Porto), Mushtaq Raza (University of Porto), Silvana Moreno (Universidad de la República), Jim McHale, Sergio Cardona (Universidad del Quindío), Pedro C. Henriques (Strongstep – Innovation in Software Quality)
This special report contains proceedings of the 2013 TSP Symposium. The conference theme was “When Software Really Matters,” which explored the idea that when product quality is critical, high-quality practices …
DOWNLOAD -
Understanding Patterns for System-of-Systems Integration
• Technical Report
By Claus Nielsen (No Affiliation), Rick Kazman, Klaus Schmid
This report discusses how a software architect can address the system-of-systems integration challenge from an architectural perspective.
DOWNLOAD -
Foundations for Software Assurance
• White Paper
By Carol Woody, Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.
DOWNLOAD -
The Topological Properties of the Local Clustering Coefficient
• White Paper
By Leigh B. Metcalf
In this paper, Leigh Metcalf examines the local clustering coefficient for and provides a new formula to generate the local clustering coefficient.
DOWNLOAD -
Using Software Development Tools and Practices in Acquisition
• Technical Note
By Richard Librizzi, Harry L. Levinson
This technical note provides an introduction to key automation and analysis techniques.
DOWNLOAD -
Spotlight On: Programmers as Malicious Insiders–Updated and Revised
• White Paper
By Matthew L. Collins, Dawn Cappelli, Andrew P. Moore, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak
In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.
DOWNLOAD -
Software Assurance Measurement – State of the Practice
• Technical Note
By Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.
DOWNLOAD -
A Defect Prioritization Method Based on the Risk Priority Number
• White Paper
By Robert Ferguson, Julie B. Cohen, Will Hayes
This paper describes a technique that helps organizations address and resolve conflicting views and create a better value system for defining releases.
DOWNLOAD -
Agile Security - Review of Current Research and Pilot Usage
• White Paper
By Carol Woody
This white paper was produced to focus attention on the opportunities and challenges for embedding information assurance considerations into Agile development and acquisition.
DOWNLOAD -
Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I
• Technical Note
By Greg Porter (Heinz College at Carnegie Mellon University)
In this report, Greg Porter documents preliminary findings from interviews with cloud service providers on their insider threat controls.
DOWNLOAD -
Mobile SCALe: Rules and Analysis for Secure Java and Android Coding
• Technical Report
By Limin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering), William Klieber, Fred Long, Dean Sutherland, David Svoboda, Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering), Lori Flynn
In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.
DOWNLOAD -
Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale
• Technical Note
By Richard A. Caralli, Matthew J. Butkovic
In this report, the authors review the specific and generic goals and practices in CERT-RMM to determine if a better scale could be developed.
DOWNLOAD -
CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication 800-66 Crosswalk
• Technical Note
By Lisa R. Young, Ma-Nyahn Kromah (SunGard Availability Services)
In this report, the authors map CERT-RMM process areas to key activities in NIST Special Publication 800-66 Revision 1.
DOWNLOAD -
Passive Detection of Misbehaving Name Servers
• Technical Report
By Leigh B. Metcalf, Jonathan Spring
In this report, the authors explore name-server flux and two types of data that can reveal it.
DOWNLOAD -
Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time
• Technical Note
By George Silowash, Todd Lewellen, Daniel L. Costa
In this report, the authors describe how an insider threat control can monitor an organization's web request traffic for text-based data exfiltration.
DOWNLOAD -
Introduction to the Mission Thread Workshop
• Technical Report
By Timothy Morrow, Michael J. Gagliardi, William Wood
This report introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. It describes the three phases of the workshop …
DOWNLOAD -
Parallel Worlds: Agile and Waterfall Differences and Similarities
• Technical Note
By Timothy A. Chick, Suzanne Miller, Mary Ann Lapham, Steve Palmquist, Ipek Ozkaya
This report helps readers understand Agile. The report assembles terms and concepts from both the traditional world of waterfall-based development and the Agile environment to show the many similarities and …
DOWNLOAD -
Everything You Wanted to Know About Blacklists But Were Afraid to Ask
• White Paper
By Leigh B. Metcalf, Jonathan Spring
This document compares the contents of 25 different common public-internet blacklists in order to discover any patterns in the shared entries.
DOWNLOAD -
Roadmap to Software Assurance Competency
• White Paper
By None
This white paper describes the Software Assurance (SwA) Core Body of Knowledge and SwA competency levels.
DOWNLOAD -
TSP Performance and Capability Evaluation (PACE): Customer Guide
• Special Report
By Timothy A. Chick, Bill Nichols, Mark Kasunic
This guide describes the evaluation process and lists the steps organizations and programs must complete to earn a TSP-PACE certification.
DOWNLOAD -
TSP Performance and Capability Evaluation (PACE): Team Preparedness Guide
• Special Report
By Bill Nichols, Timothy A. Chick, Mark Kasunic
This document describes the TSP team data that teams normally produce and that are required as input to the TSP-PACE process.
DOWNLOAD -
Best Practices Against Insider Threats in All Nations
• Technical Note
By Palma Buttles-Valdez, Randall F. Trzeciak, Carly L. Huth, Lori Flynn
In this report, the authors summarize best practices for mitigating insider threats in international contexts.
DOWNLOAD -
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle
• White Paper
By Robin Ruefle
In this paper, Robin Ruefle describes how an incident management can provide input to the software development process.
DOWNLOAD -
State of Cyber Workforce Development
• White Paper
By Marie Baker
This paper summarizes the current posture of the cyber workforce and several initiatives designed to strengthen, grow, and retain cybersecurity professionals.
DOWNLOAD -
Training and Awareness
• White Paper
By Ken Van Wyk (No Affiliation), Carol Sledge
In this paper, the authors provide guidance on training and awareness opportunities in the field of software security.
DOWNLOAD -
Evidence of Assurance: Laying the Foundation for a Credible Security Case
• White Paper
By Howard F. Lipson, Charles Weinstock
In this paper, the authors provide examples of several of the kinds of evidence that can contribute to a security case.
DOWNLOAD -
Security and Project Management
• White Paper
By Robert J. Ellison
In this paper, Robert Ellison explains what project managers should consider because they relate to security needs.
DOWNLOAD -
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods
• White Paper
By Nancy R. Mead, Travis Christian
In this paper, the authors provide background information on penetration testing processes and practices.
DOWNLOAD -
Unintentional Insider Threats: A Foundational Study
• Technical Note
By CERT Insider Threat Team
In this report, the CERT Insider Threat team examines unintentional insider threat (UIT), a largely unrecognized problem.
DOWNLOAD -
Teaching Security Requirements Engineering Using SQUARE
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
DOWNLOAD -
Trustworthy Composition: The System Is Not Always the Sum of Its Parts
• White Paper
By Robert J. Ellison
In this paper, Robert Ellison surveys several profound technical problems faced by practitioners assembling and integrating secure and survivable systems.
DOWNLOAD -
Development of a Master of Software Assurance Reference Curriculum - 2013 IJSSE
• White Paper
By Julia H. Allen, Nancy R. Mead, Richard C. Linger (Oak Ridge National Laboratory), Thomas B. Hilburn (Embry-Riddle Aeronautical University), James McDonald (Monmouth University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Mark A. Ardis (Stevens Institute of Technology)
In this paper, the authors present an overview of the Master of Software Assurance curriculum, including its history, student prerequisites, and outcomes
DOWNLOAD -
Strengthening Ties Between Process and Security
• White Paper
By Carol Woody
In this paper, Carol Woody summarizes recent key accomplishments, including harmonizing security practices with CMMI and using assurance cases.
DOWNLOAD -
Estimating Benefits from Investing in Secure Software Development
• White Paper
By Ashish Arora, Rahul Telang, Steven Frank
In this paper, the authors discuss the costs and benefits of incorporating security in software development and presents formulas for calculating security costs and security benefits.
DOWNLOAD -
What Measures Do Vendors Use for Software Assurance?
• White Paper
By Jeremy Epstein
In this paper, Jeremy Epstein examines what real vendors do to ensure that their products are reasonably secure.
DOWNLOAD -
The Development of a Graduate Curriculum for Software Assurance
• White Paper
By Nancy R. Mead, Mark A. Ardis (Stevens Institute of Technology)
In this paper, the authors describe the work of the Master of Software Assurance curriculum project, including sources, process, products, and more.
DOWNLOAD -
Secure Software Development Life Cycle Processes
• White Paper
By Noopur Davis
In this paper, Noopur Davis presents information about processes, standards, and more that support or could support secure software development.
DOWNLOAD -
Applicability of Cultural Markers in Computer Network Attack Attribution
• White Paper
By Char Sample
In this 2013 white paper, Char Sample discusses whether cultural influences leave traces in computer network attack (CAN) choices and behaviors.
DOWNLOAD -
Improving Software Assurance
• White Paper
By Robert J. Ellison, Carol Woody
In this paper, the authors discuss what practitioners should know about software assurance, where to look, what to look for, and how to demonstrate improvement.
DOWNLOAD -
Scale: System Development Challenges
• White Paper
By Robert J. Ellison, Carol Woody
In this paper, the authors describe software assurance challenges inherent in networked systems development and propose a solution.
DOWNLOAD -
Requirements Prioritization Case Study Using AHP
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can select a suitable requirements prioritization method and the results of trying one method.
DOWNLOAD -
Arguing Security - Creating Security Assurance Cases
• White Paper
By John B. Goodenough, Howard F. Lipson, Charles Weinstock
In this paper, the authors explain an approach to documenting an assurance case for system security.
DOWNLOAD -
SQUARE Process
• White Paper
By None
In this paper, Nancy Mead describes the SQUARE process as a means for eliciting, categorizing, and prioritizing security requirements for IT systems.
DOWNLOAD -
Requirements Elicitation Case Studies Using IBIS, JAD, and ARM
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can be used to select a suitable requirements elicitation method.
DOWNLOAD -
The Common Criteria
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead discusses how Common Criteria is evaluated, it also presents a standard that is related to developing security requirements.
DOWNLOAD -
Measures and Measurement for Secure Software Development
• White Paper
By James McCurley, Carol Dekkers, David Zubrow
In this paper, the authors discuss how measurement can be applied improve the security characteristics of the software being developed.
DOWNLOAD -
Predictive Models for Identifying Software Components Prone to Failure During Security Attacks
• White Paper
By Michael Gegick, Mladan Vouk, Laurie Williams
In this paper, the authors describes how the presence of security faults correlates strongly with the presence of a more general category of reliability faults.
DOWNLOAD -
Measuring the Software Security Requirements Engineering Process
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
DOWNLOAD -
System-of-Systems Influences on Acquisition Strategy Development
• White Paper
By Rita C. Creel, Robert J. Ellison
In this paper, the authors discuss significant new sources of risk and recommend ways to address them.
DOWNLOAD -
Risk-Centered Practices
• White Paper
By Julia H. Allen
In this paper, Julia Allen discusses the role that risk management and risk assessment play in choosing which security practices to implement.
DOWNLOAD -
Supply-Chain Risk Management: Incorporating Security into Software Development
• White Paper
By Carol Woody, Robert J. Ellison
In this paper, the authors describe practices that address defects and mechanisms for introducing these practices into the acquisition lifecycle.
DOWNLOAD -
Prioritizing IT Controls for Effective, Measurable Security
• White Paper
By Daniel Phelps, Gene Kim (IP Services and ITPI), Kurt Milne
In this paper, the authors summarize results from the IT Controls Performance Study conducted by the IT Process Institute.
DOWNLOAD -
Building Security into the Business Acquisition Process
• White Paper
By Dan Shoemaker (University of Detroit Mercy)
In this paper, Dan Shoemaker presents the standard process for acquiring software products and services in business.
DOWNLOAD -
Navigating the Security Practice Landscape
• White Paper
By Julia H. Allen
In this paper, Julia Allen presents a summary of ten leading sources of security practice definition and implementation guidance.
DOWNLOAD -
Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions
• White Paper
By Rita C. Creel
In this paper, Rita Creel identifies acquirer activities and resources necessary to support contractor efforts to build secure software-intensive systems.
DOWNLOAD -
Plan, Do, Check, Act
• White Paper
By Julia H. Allen
In this paper, Ken van Wyk provides a primer on the most commonly used tools for traditional penetration testing.
DOWNLOAD -
Finding a Vendor You Can Trust in the Global Marketplace
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Art Conklin
In this paper, the authors introduce the concept of standardized third-party certification of supplier process capability.
DOWNLOAD -
Results of SEI Line-Funded Exploratory New Starts Projects: FY 2012
• Technical Report
By Lori Flynn, Arie Gurfinkel, Jeff Havrilla, Chuck Hines, John J. Hudak, Carly L. Huth, Wesley Jin, Rick Kazman, Stephany Bellomo, Mary Ann Lapham, James McCurley, John McGregor, David McIntire, Robert Nord, Ipek Ozkaya, Brittany Phillips, Robert W. Stoddard, David Zubrow, Lisa Brownsword, Yuanfang Cai (Drexel University), Sagar Chaki, Dennis Goldenson, William R. Claycomb, Julie B. Cohen, Peter H. Feiler, Robert Ferguson, Bjorn Andersson, David P. Gluch
This report describes line-funded exploratory new starts (LENS) projects that were conducted during fiscal year 2012 (October 2011 through September 2012).
DOWNLOAD -
Insider Threat Attributes and Mitigation Strategies
• Technical Note
By George Silowash
In this report, George Silowash maps common attributes of insider threat cases to characteristics important for detecting, preventing, or mitigating the threat.
DOWNLOAD -
Pointer Ownership Model
• White Paper
By David Svoboda
In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.
DOWNLOAD -
Common Software Platforms in System-of-Systems Architectures: The State of the Practice
• White Paper
By Rick Kazman, Sholom G. Cohen, John Klein
System-of-systems (SoS) architectures based on common software platforms have been commercially successful, but progress on creating and adopting them has been slow. This study aimed to understand technical issues for …
DOWNLOAD -
Software Assurance for Executives: Mapping of Common Topics to Specific Materials
• White Paper
By None
In this paper, the authors present common topics, course materials, and resources related to the Software Assurance for Executives course held in June 2013.
DOWNLOAD -
Software Assurance for Executives
• White Paper
By None
This legal form was used in the Software Assurance for Executives course that was held in June 2013.
DOWNLOAD -
Isolating Patterns of Failure in Department of Defense Acquisition
• Technical Note
By Cecilia Albert, Lisa Brownsword, John J. Hudak, Charles (Bud) Hammons, Patrick R. Place, David J. Carney
This report documents an investigation into issues related to aligning acquisition strategies with business and mission goals.
DOWNLOAD -
Socio-Adaptive Systems Challenge Problems Workshop Report
• Special Report
By Scott Hissam, Mark H. Klein, Timothy Morrow
This report presents a summary of the findings of the Socio-Adaptive Systems Challenge Problem Workshop, held in Pittsburgh, PA, on April 12-13, 2012.
DOWNLOAD -
Strengths in Security Solutions
• White Paper
By Arjuna Shunn (Microsoft), Carol Woody, Robert C. Seacord, Allen D. Householder
In this white paper, the authors map eight CERT tools, services, and processes to Microsoft's Simplified Security Development Lifecycle.
DOWNLOAD -
Integrating Software Assurance Knowledge into Conventional Curricula
• White Paper
By Nancy R. Mead, Jeff Ingalsbe (University of Detroit Mercy), Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.
DOWNLOAD -
Maturity of Practice
• White Paper
By Julia H. Allen
In this paper, Julia Allen identifies indicators that organizations are addressing security as a governance and management concern, at the enterprise level.
DOWNLOAD -
Integrating Security and IT
• White Paper
By Julia H. Allen
In this paper, Julia Allen describes the key relationship between IT processes and security controls.
DOWNLOAD -
Individual Certification of Security Proficiency for Software Professionals: Where Are We? Where Are We Going?
• White Paper
By Dan Shoemaker (University of Detroit Mercy)
In this paper, Dan Shoemaker describes existing professional certifications in information assurance and emerging certifications for secure software assurance.
DOWNLOAD -
How Much Security Is Enough?
• White Paper
By Julia H. Allen
In this paper, Julia Allen provides guidelines for answering this question, including means for determining adequate security based on risk.
DOWNLOAD -
Models for Assessing the Cost and Value of Software Assurance
• White Paper
By Antonio Drommi, John Bailey, Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy)
In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
DOWNLOAD -
Adapting Penetration Testing for Software Development Purposes
• White Paper
By Ken Van Wyk (No Affiliation)
In this paper, Ken van Wyk provides background information on penetration testing processes and practices.
DOWNLOAD -
Requirements Engineering Annotated Bibliography
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead provides a bibliography of sources related to requirements engineering.
DOWNLOAD -
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead, Rita Barrios
In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.
DOWNLOAD -
Making the Business Case for Software Assurance
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead provides an overview of the Business Case content area.
DOWNLOAD -
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2013)
• Technical Note
By Andrew P. Moore, Randall F. Trzeciak, Dawn Cappelli, Derrick Spooner, Matthew L. Collins
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.
DOWNLOAD -
The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability
• White Paper
By Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.
DOWNLOAD -
Building a Body of Knowledge for ICT Supply Chain Risk Management
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).
DOWNLOAD -
Modeling Tools References
• White Paper
By Samuel T. Redwine
In this paper, Samuel Redwine provides references related to modeling tools.
DOWNLOAD -
Software Assurance Education Overview
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead discusses the growing demand for skilled professionals who can build security and correct functionality into software.
DOWNLOAD -
Governance and Management References
• White Paper
By Julia H. Allen
In this paper, Julia Allen provides references related to governance and management.
DOWNLOAD -
Getting Secure Software Assurance Knowledge into Conventional Practice
• White Paper
By Nancy R. Mead, Linda Laird, Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors describe three educational initiatives in support of software assurance education.
DOWNLOAD -
General Modeling Concepts
• White Paper
By Samuel T. Redwine
In this paper, Samuel Redwine introduces several concepts related to the Introduction to Modeling Tools for Software Security article and modeling in general.
DOWNLOAD -
A Systemic Approach for Assessing Software Supply-Chain Risk
• White Paper
By Audrey J. Dorofee, Robert J. Ellison, Rita C. Creel, Christopher J. Alberts, Carol Woody
In this paper, the authors highlight the approach being implemented by SEI researchers for assessing and managing software supply-chain risks and provides a summary of the status of this work.
DOWNLOAD -
Framing Security as a Governance and Management Concern: Risks and Opportunities
• White Paper
By Julia H. Allen
In this paper, Julia Allen describes six "assets" or requirements of being in business that can be compromised by insufficient security investment.
DOWNLOAD -
Assembly, Integration, and Evolution Overview
• White Paper
By Howard F. Lipson
In this paper, Howard Lipson describes the objective of the Assembly, Integration & Evolution content area.
DOWNLOAD -
A Common Sense Way to Make the Business Case for Software Assurance
• White Paper
By Nancy R. Mead, John Bailey, Jeff Ingalsbe (University of Detroit Mercy), Dan Shoemaker (University of Detroit Mercy), Antonio Drommi
In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
DOWNLOAD -
Deployment and Operations References
• White Paper
By Julia H. Allen
In this paper, Julia Allen provides a list of references related to deployment and operations.
DOWNLOAD -
Deploying and Operating Secure Systems
• White Paper
By Julia H. Allen
In this paper, Julia Allen provides a brief overview of deployment and operations security issues and advice for using related practices.
DOWNLOAD -
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors describe two efforts that support national cybersecurity education goals.
DOWNLOAD -
Foundations for Software Assurance
• White Paper
By Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Carol Woody
In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.
DOWNLOAD -
Assurance Cases Overview
• White Paper
By Howard F. Lipson
In this paper, Howard Lipson introduces the concepts and benefits of developing and maintaining assurance cases for security.
DOWNLOAD -
It’s a Nice Idea but How Do We Get Anyone to Practice It? A Staged Model for Increasing Organizational Capability in Software Assurance
• White Paper
By Dan Shoemaker (University of Detroit Mercy)
In this paper, Dan Shoemaker presents a standard approach to increasing the security capability of a typical IT function.
DOWNLOAD -
Software Security Engineering: A Guide for Project Managers (white paper)
• White Paper
By Gary McGraw, Sean Barnum, Robert J. Ellison, Nancy R. Mead, Julia H. Allen
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
DOWNLOAD -
Requirements Elicitation Introduction
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead discusses elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one.
DOWNLOAD -
Requirements Prioritization Introduction
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead discusses using a systematic prioritization approach to prioritize security requirements.
DOWNLOAD -
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets
• White Paper
By Hassan Osman, Eric Hough, Nancy R. Mead, Jonathan Caulkins
In this paper, the authors introduce a novel method of optimizing using integer programming (IP).
DOWNLOAD -
Security Is Not Just a Technical Issue
• White Paper
By Julia H. Allen
In this paper, Julia Allen defines the scope of governance concern as they apply to security.
DOWNLOAD -
PSP-VDC: An Adaptation of the PSP that Incorporates Verified Design by Contract
• Technical Report
By Diego Vallespir (Universidad de la República), Silvana Moreno (Universidad de la República), Álvaro Tasistro (Universidad ORT Uruguay), Bill Nichols
This paper describes a proposal for integrating Verified Design by Contract into PSP in order to reduce the amount of defects present at the Unit Testing phase, while preserving or …
DOWNLOAD -
How You Can Help Your Utility Clients with a Critical Aspect of Smart Grid Transformation They Might be Overlooking
• White Paper
By The SGMM Communications Team
This paper discusses how you can use the Smart Grid Maturity Model (SGMM) to benefit your utility clients.
DOWNLOAD -
Five Smart Grid Questions Every Utility Executive Should Ask
• White Paper
By The SGMM Communications Team
This paper recommends the Smart Grid Maturity Model (SGMM), a tool utilities can use to plan and measure smart grid progress.
DOWNLOAD -
Application Virtualization as a Strategy for Cyber Foraging in Resource-Constrained Environments
• Technical Note
By Dominik Messinger, Grace Lewis
This technical note explores application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning.
DOWNLOAD -
The Perils of Treating Software as a Specialty Engineering Discipline
• White Paper
By Keith Korzec, Tom Merendino
This paper reviews the perils of insufficiently engaging key software domain experts during program development.
DOWNLOAD -
Four Pillars for Improving the Quality of Safety-Critical Software-Reliant Systems
• White Paper
By Lutz Wrage, Peter H. Feiler, Charles Weinstock, John B. Goodenough, Arie Gurfinkel
This white paper presents an improvement strategy comprising four pillars of an integrate-then-build practice that lead to improved quality through early defect discovery and incremental end-to-end validation and verification.
DOWNLOAD -
MERIT Interactive Insider Threat Training Simulator
• White Paper
By None
In this paper, the authors describe how state-of-the-art multi-media technologies were used to develop the MERIT InterActive training simulator.
DOWNLOAD -
Software Assurance Competency Model
• Technical Note
By Nancy R. Mead, Thomas B. Hilburn (Embry-Riddle Aeronautical University), Mark A. Ardis (Stevens Institute of Technology), Glenn Johnson ((ISC)2), Andrew J. Kornecki (Embry-Riddle Aeronautical University)
In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
DOWNLOAD -
Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection
• Technical Note
By Joshua W. Burns, George Silowash, Todd Lewellen, Daniel L. Costa
In this report, the authors present methods for detecting and preventing data exfiltration using a Linux-based proxy server in a Microsoft Windows environment.
DOWNLOAD -
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders
• Technical Note
By David Zubrow, Andrew P. Moore, David McIntire, Dave Mundie
In this report, the authors justify applying the pattern “Increased Review for Intellectual Property (IP) Theft by Departing Insiders.”
DOWNLOAD -
Quantifying Uncertainty in Expert Judgment: Initial Results
• Technical Report
By Dennis Goldenson, Robert W. Stoddard
The work described in this report, part of a larger SEI research effort on Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), aims to develop and validate methods for calibrating …
DOWNLOAD -
History of CERT-RMM
• White Paper
By None
This paper explains the history of how the CERT-RMM came to be.
DOWNLOAD -
The MAL: A Malware Analysis Lexicon
• Technical Note
By David McIntire, Dave Mundie
In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
DOWNLOAD -
Tunisia Case Study
• White Paper
By None
This case study describes the experiences of the Tunisia CSIRT in getting its organization up and running.
DOWNLOAD -
Columbia CSIRT Case Study
• White Paper
By None
This case study describes the experiences of the Columbia CSIRT in getting its organization up and running.
DOWNLOAD -
Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders
• Technical Note
By Todd Lewellen, George Silowash
In this report, the authors present methods for auditing USB device use in a Microsoft Windows environment.
DOWNLOAD -
Cyber Intelligence Tradecraft Project: Summary of Key Findings
• White Paper
By Andrew O. Mellinger, Troy Townsend, Jay McAllister, Melissa Ludwick, Kate Ambrose
This study, known as the Cyber Intelligence Tradecraft Project (CITP), seeks to advance the capabilities of organizations performing cyber intelligence by elaborating on best practices and prototyping solutions to shared …
DOWNLOAD -
Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources
• Technical Note
By George Silowash, Christopher King
In this report, the authors present methods for controlling removable media devices in a MS Windows environment.
DOWNLOAD -
SEI Product Line Bibliography
• White Paper
By None
This bibliography lists SEI and non-SEI resources that have informed the SEI Product Lines efforts. Examples cover diverse domains and show the kind of improvements you can achieve using a …
DOWNLOAD -
A Framework for Software Product Line Practice, Version 5.0
• White Paper
By John K. Bergey, Gary Chastek, Sholom G. Cohen, Patrick Donohoe, Lawrence G. Jones, Robert W. Krut, Jr., Paul C. Clements, Liam O'Brien, John McGregor, Felix Bachmann, Reed Little, Linda M. Northrop
This document describes the activities and practices in which an organization must be competent before it can benefit from fielding a product line of software systems.
DOWNLOAD -
Chronological Examination of Insider Threat Sabotage: Preliminary Observations
• White Paper
By David McIntire, Todd Lewellen, Lori Flynn, Carly L. Huth, William R. Claycomb
In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.
DOWNLOAD -
The Business Case for Systems Engineering Study: Assessing Project Performance from Sparse Data
• Special Report
By Joseph P. Elm
This report describes the data collection and analysis process used to support the assessment of project performance for the systems engineering (SE) effectiveness study.
DOWNLOAD -
Analyzing Cases of Resilience Success and Failure - A Research Study
• Technical Note
By Julia H. Allen, Nader Mehravari, Kevin G. Partridge, Robert W. Stoddard, Randall F. Trzeciak, Andrew P. Moore, Pamela D. Curtis
In this report, the authors describe research aimed at helping organizations to know the business value of implementing resilience processes and practices.
DOWNLOAD -
Common Sense Guide to Mitigating Insider Threats, Fourth Edition
• Technical Report
By Lori Flynn, George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall
In this report, the authors define insider threats and outline current insider threat patterns and trends.
DOWNLOAD -
Arabic Language Translation of CMMI for Services V1.3
• White Paper
By The CMMI Product Team
Arabic translation of CMMI-SVC V1.3
DOWNLOAD -
TSP Symposium 2012 Proceedings
• Special Report
By Pedro C. Henriques (Strongstep – Innovation in Software Quality), Bill Nichols, Shigeru Kusakabe (Kyushu University), Yoichi Omori (Kyushu University), Keijiro Araki (Kyushu University), Fernanda Grazioli (Universidad de la República), Silvana Moreno (Universidad de la República), Álvaro Tasistro (Universidad ORT Uruguay), Diego Vallespir (Universidad de la República), João Pascoal Faria (University of Porto), Mushtaq Raza (University of Porto), César Duarte (Strongstep – Innovation in Software Quality), Elias Fallon (Cadence Design Systems, Inc.), Lee Gazlay (Cadence Design Systems, Inc.)
The 2012 TSP Symposium was organized by the Software Engineering Institute (SEI) and took place September 18-20 in St. Petersburg, FL. The goal of the TSP Symposium is to bring …
DOWNLOAD -
DoD Information Assurance and Agile: Challenges and Recommendations Gathered Through Interviews with Agile Program Managers and DoD Accreditation Reviewers
• Technical Note
By Stephany Bellomo, Carol Woody
This paper discusses the natural tension between rapid fielding and response to change (characterized as agility) and DoD information assurance policy. Data for the paper was gathered through interviews with …
DOWNLOAD -
Reliability Improvement and Validation Framework
• Special Report
By Charles Weinstock, John B. Goodenough, Arie Gurfinkel, Lutz Wrage, Peter H. Feiler
This report discusses the reliability validation and improvement framework developed by the SEI. The purpose of this framework is to provide a foundation for addressing the challenges of qualifying increasingly …
DOWNLOAD -
The Business Case for Systems Engineering Study: Results of the Systems Engineering Effectiveness Survey
• Special Report
By Dennis Goldenson, Joseph P. Elm
This report summarizes the results of a survey that had the goal of quantifying the connection between the application of systems engineering (SE) best practices to projects and programs and …
DOWNLOAD -
Maturity Models 101: A Primer for Applying Maturity Models to Smart Grid Security, Resilience, and Interoperability
• White Paper
By Mark Knight (CGI Group), Austin Montgomery, Richard A. Caralli
In this paper, the authors explain the history and evolution of and applications for maturity models.
DOWNLOAD -
Technical Debt: From Metaphor to Theory and Practice
• White Paper
By Ipek Ozkaya, Philippe Kruchten, Robert Nord
This article discusses the technical debt metaphor and considers it beyond a "rhetorical concept." The article explores the role of decision making about developmental activities and future changes and the …
DOWNLOAD -
Architecture-Driven Semantic Analysis of Embedded Systems (Dagstuhl Seminar 12272)
• Special Report
By Peter H. Feiler, Jerome Hugues
This report documents the program and outcomes of presentations and working groups from Dagstuhl Seminar 12272, "Architecture-Driven Semantic Analysis of Embedded Systems."
DOWNLOAD -
Spotlight On: Insider Threat from Trusted Business Partners Version 2: Updated and Revised
• White Paper
By Randall F. Trzeciak, Dawn Cappelli, Andrew P. Moore, Todd Lewellen, Robert Weiland (Carnegie Mellon University), Derrick Spooner
In this article, the authors focus on cases in which the malicious insider was employed by a trusted business partner of the victim organization.
DOWNLOAD -
The Role of Standards in Cloud-Computing Interoperability
• Technical Note
By Grace Lewis
This report explores the role of standards in cloud-computing interoperability. It covers cloud-computing basics and standard-related efforts, discusses several use cases, and provides recommendations for cloud-computing adoption.
DOWNLOAD -
Cloud Computing at the Tactical Edge
• Technical Note
By Edwin J. Morris, Grace Lewis, Kiryong Ha (Carnegie Mellon School of Computer Science), Mahadev Satyanarayanan (Carnegie Mellon University), Soumya Simanta
This technical note presents a strategy to overcome the challenges of obtaining sufficient computation power to run applications needed for warfighting and disaster relief missions. It discusses the use of …
DOWNLOAD -
Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File
• Technical Note
By Allen D. Householder
In this 2012 report, Allen Householder describes an algorithm for reverting bits from a fuzzed file to those found in the original seed file to recreate the crash.
DOWNLOAD -
Resource Allocation in Dynamic Environments
• Technical Report
By Joe Seibel, Lutz Wrage, Daniel Plakosh, Scott Hissam, Gabriel Moreno, Jeffrey Hansen, B. Craig Meyers
When warfighting missions are conducted in a dynamic environment, the allocation of resources needed for mission operation can change from moment to moment. This report addresses two challenges of resource …
DOWNLOAD -
Building an Incident Management Body of Knowledge
• White Paper
By Dave Mundie, Robin Ruefle
In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.
DOWNLOAD -
SEPG Europe 2012 Conference Proceedings
• Special Report
By Aman Kumar Singhal (Infosys), Jose Maria Garcia (Software Quality Assurance), Ana M. Moreno (Universidad Politecnica de Madrid), Radouane Oudrhiri (Systonomy), Fabrizio Pellizzetti (Systonomy), Alejandro Ruiz-Robles (University of Piura), Maria-Isabel Sanchez-Segura (Carlos III University of Madrid), Prasad M. Shrasti (Tata Consultancy Services), Javier Garcia-Guzman (Carlos III University of Madrid), Javier Garzas (Kybele Research and Kybele Consulting), Amit Arun Javadekar (Infosys), Patrick Kirwan, Joaquin Lasheras (CENTIC), Fuensanta Medina-Dominguez (Carlos III University of Madrid), Erich Meier (Method Park), Arturo Mora-Soto (Carlos III University of Madrid)
This report compiles seven papers based on presentations given at SEPG Europe 2012.
DOWNLOAD -
Competency Lifecycle Roadmap: Toward Performance Readiness
• Technical Note
By Christopher J. Alberts, Sandra Behrens, Robin Ruefle
In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.
DOWNLOAD -
Communication Among Incident Responders – A Study
• Technical Note
By Brett Tjaden, Robert Floodeen
In this report, the authors describe three factors for helping or hindering the cooperation of incident responders.
DOWNLOAD -
Toward a Theory of Assurance Case Confidence
• Technical Report
By Charles Weinstock, John B. Goodenough, Ari Z. Klein
In this report, the authors present a framework for thinking about confidence in assurance case arguments.
DOWNLOAD -
Insider Fraud in Financial Services
• White Paper
By None
In this brochure, the authors present the findings of a study that analyzed computer criminal activity in the financial services sector.
DOWNLOAD -
Probability-Based Parameter Selection for Black-Box Fuzz Testing
• Technical Note
By Jonathan Foote, Allen D. Householder
In this report, the authors describe an algorithm for automating the selection of seed files and other parameters used in black-box fuzz testing.
DOWNLOAD -
Results of SEI Line-Funded Exploratory New Starts Projects
• Technical Report
By Sagar Chaki, Bill Nichols, Robert Nord, Ipek Ozkaya, Raghvinder Sangwan, Soumya Simanta, Ofer Strichman, Peppo Valetto, Nanette Brown, Gene Cahill, William Casey, Cory Cohen, Dionisio de Niz, David French, Arie Gurfinkel, Len Bass, Rick Kazman, Edwin J. Morris, Brad Myers
This report describes the line-funded exploratory new starts (LENS) projects that were undertaken during fiscal year 2011. For each project, the report presents a brief description and a recounting of …
DOWNLOAD -
Network Profiling Using Flow
• Technical Report
By Sid Faber, Austin Whisnant
In this report, the authors provide a step-by-step guide for profiling and discovering public-facing assets on a network using netflow data.
DOWNLOAD -
Insider Threats to Cloud Computing: Directions for New Research Challenges
• White Paper
By Alex Nicoll, William R. Claycomb
In this paper, the authors explain how cloud computing related insider threats are a serious concern, but that this threat has not been thoroughly explored.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector
• Special Report
By Todd Lewellen, David McIntire, Randall F. Trzeciak, Adam Cummings, Andrew P. Moore
In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.
DOWNLOAD -
Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions
• Technical Note
By Philip Miller, Robert C. Seacord, John K. Bergey, Timothy Morrow
In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.
DOWNLOAD -
The Evolution of a Science Project: A Preliminary System Dynamics Model of a Recurring Software-Reliant Acquisition Behavior
• Technical Report
By William E. Novak, Andrew P. Moore, Christopher J. Alberts
This report uses a preliminary system dynamics model to analyze a specific adverse acquisition dynamic concerning the poorly controlled evolution of small prototype efforts into full-scale systems.
DOWNLOAD -
Introduction to System Strategies
• White Paper
By Robert J. Ellison, Carol Woody
In this paper, the authors discuss the effects of the changing operational environment on the development of secure systems.
DOWNLOAD -
Introduction to Modeling Tools for Software Security
• White Paper
By Samuel T. Redwine
In this paper, Samuel Redwine introduces security concepts and tools useful for modeling security properties.
DOWNLOAD -
Security-Specific Bibliography
• White Paper
By James McCurley, David Zubrow, Carol Dekkers
In this paper, the authors provide a bibliography of sources related to security.
DOWNLOAD -
A Virtual Upgrade Validation Method for Software-Reliant Systems
• Technical Report
By Lutz Wrage, Dionisio de Niz, David P. Gluch, Peter H. Feiler
This report presents the Virtual Upgrade Validation (VUV) method, an approach that uses architecture-centric, model-based analysis to identify system-level problems early in the upgrade process to complement established test qualification …
DOWNLOAD -
Report from the First CERT-RMM Users Group Workshop Series
• Technical Note
By Lisa R. Young, Julia H. Allen
In this report, the authors describe the first CERT RMM Users Group (RUG) Workshop Series and the experiences of participating members and CERT staff.
DOWNLOAD -
Source Code Analysis Laboratory (SCALe)
• Technical Note
By Robert W. Stoddard, Jefferson Welch, David Svoboda, Philip Miller, Robert C. Seacord, Will Dormann, James McCurley
In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.
DOWNLOAD -
Insider Threat Security Reference Architecture
• Technical Report
By Andrew P. Moore, Joji Montelibano
In this report, the authors describe the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the insider threat.
DOWNLOAD -
A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
• Technical Report
By Dave Mundie, Michael Hanley, Andrew P. Moore
In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.
DOWNLOAD -
The Impact of Passive DNS Collection on End-User Privacy
• White Paper
By Jonathan Spring, Carly L. Huth
In this paper, the authors discuss whether pDNS allows reconstruction of an end user's DNS behavior and if DNS behavior is personally identifiable information.
DOWNLOAD -
Approaches for Edge-Enabled Tactical Systems
• White Paper
By None
This booklet contains short articles about using mobile devices in edge-enabled systems, cloud computing, and a report on cloud offload in hostile environments.
DOWNLOAD -
Digital Investigation Workforce Development
• White Paper
By Dennis M. Allen
In this paper, the authors describe an approach for deriving measures of software security from well-established and commonly used standard practices.
DOWNLOAD -
What’s New in V2 of the Architecture Analysis & Design Language Standard?
• Special Report
By Peter H. Feiler, Lutz Wrage, Joe Seibel
This report provides an overview of changes and improvements to the Architecture Analysis & Design Language (AADL) standard for describing both the software architecture and the execution platform architectures of …
DOWNLOAD -
Principles of Trust for Embedded Systems
• Technical Note
By David Fisher
In this report, David Fisher provides substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems.
DOWNLOAD -
Deriving Software Security Measures from Information Security Standards of Practice
• White Paper
By Christopher J. Alberts, Robert W. Stoddard, Julia H. Allen
In this paper, the authors describe an approach for deriving measures of software security from common standard practices for information security.
DOWNLOAD -
Risk-Based Measurement and Analysis: Application to Software Security
• Technical Note
By Christopher J. Alberts, Robert W. Stoddard, Julia H. Allen
In this report, the authors present the concepts of a risk-based approach to software security measurement and analysis and describe the IMAF and MRD.
DOWNLOAD -
Mission Risk Diagnostic (MRD) Method Description
• Technical Note
By Christopher J. Alberts, Audrey J. Dorofee
In this report, the authors describe the Mission Risk Diagnostic (MRD) method, which is used to assess risk in systems across the lifecycle and supply chain.
DOWNLOAD -
Proceedings of the Smart Grid Maturity Model Leadership Workshop
• Special Report
By None
In January 2012, leaders in the electric power industry collaborated with the SEI to build the future of the Smart Grid Maturity Model at the SGMM Leadership Workshop.
DOWNLOAD -
Modifying Lanchester's Equations for Modeling and Evaluating Malicious Domain Name Take-Down
• White Paper
By Jonathan Spring
In this paper, Jonathan Spring models internet competition on large, decentralized networks using a modification of Lanchester's equations for combat.
DOWNLOAD -
Passive Detection of Misbehaving Name Servers
• White Paper
By Leigh B. Metcalf, Jonathan Spring
In this paper, the authors demonstrate that there are name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
DOWNLOAD -
Discerning the Intent of Maturity Models from Characterizations of Security Posture
• White Paper
By None
In this paper, Rich Caralli discusses how using maturity models and characterizing security posture are activities with different intents, outcomes, and uses.
DOWNLOAD -
Communication Among Incident Responders - A Study
• White Paper
By Robert Floodeen, Brett Tjaden
In this paper, the authors describe preliminary results of a study of how effective nine autonomous incident response organizations are.
DOWNLOAD -
Best Practices for Artifact Versioning in Service-Oriented Systems
• Technical Note
By William Anderson, Marc Novakouski, Grace Lewis, Jeff Davenport
This report describes some of the challenges of software versioning in an SOA environment and provides guidance on how to meet these challenges by following industry guidelines and recommended practices.
DOWNLOAD -
Interoperability in the e-Government Context
• Technical Note
By Grace Lewis, Marc Novakouski
This report describes a proposed model through which to understand interoperability in the e-government context.
DOWNLOAD -
Spotlight On: Malicious Insiders and Organized Crime Activity
• Technical Note
By Christopher King
In this report, Christopher King provides a snapshot of who malicious insiders are, what and how they strike, and why.
DOWNLOAD -
A Closer Look at 804: A Summary of Considerations for DoD Program Managers
• Special Report
By Stephany Bellomo
The information in this report is intended to help program managers reason about actions they may need to take to adapt and comply with the Section 804 NDAA for 2010 …
DOWNLOAD -
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, 2011 Update
• Special Report
By Rita C. Creel, Sagar Chaki, Benjamin McCormick, Mike Kinney (National Security Agency), Jeff Davenport, Mary Popeck
In this report, the authors describe work to develop standards for automated remediation of vulnerabilities and compliance issues on DoD networked systems.
DOWNLOAD -
Using Defined Processes as a Context for Resilience Measures
• Technical Note
By Pamela D. Curtis, Linda Parker Gates, Julia H. Allen
In this report, the authors describe how implementation-level processes can provide context for identifying and defining measures of operational resilience.
DOWNLOAD -
Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE)
• Technical Report
By James McCurley, Dennis Goldenson, Robert Ferguson, Debra Anderson, David Zubrow, Robert W. Stoddard
The method of quantifying uncertainty described in this report synthesizes scenario building, Bayesian Belief Network (BBN) modeling and Monte Carlo simulation into an estimation method that quantifies uncertainties, allows subjective …
DOWNLOAD -
An Investigation of Techniques for Detecting Data Anomalies in Earned Value Management Data
• Technical Report
By James McCurley, Mark Kasunic, David Zubrow, Dennis Goldenson
This research demonstrated the effectiveness of various statistical techniques for discovering quantitative data anomalies.
DOWNLOAD -
German language translation of CMMI for Development, V1.3
• White Paper
By None
This PDF contains a German language translation of CMMI for Development, V1.3.
DOWNLOAD -
Japanese Language Translation of CMMI for Development, V1.3
• White Paper
By None
Japanese Language Translation of CMMI for Development, V1.3
DOWNLOAD -
CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1
• Technical Note
By Lisa R. Young, Kevin G. Partridge
In this report, the authors map CERT-RMM process areas to selected NIST special publications in the 800 series.
DOWNLOAD -
Agile Methods: Selected DoD Management and Acquisition Concerns
• Technical Note
By Bart Hackemack, Linda Levine, Nanette Brown, Alfred Schenker, Lorraine Adams, Suzanne Miller, Mary Ann Lapham, Charles (Bud) Hammons
This technical note addresses some of the key issues that either must be understood to ease the adoption of Agile or are seen as potential barriers to adoption of Agile …
DOWNLOAD -
An Acquisition Perspective on Product Evaluation
• Technical Note
By Richard Librizzi, Harry L. Levinson, Grady Campbell
This technical note focuses on software acquisition and development practices related to the evaluation of products before, during, and after implementation.
DOWNLOAD -
CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1
• Technical Note
By Lisa R. Young, Kevin G. Partridge
In this report, the authors explain how CERT-RMM process areas, industry standards, and codes of practice are used by organizations in an operational setting.
DOWNLOAD -
Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination
• Technical Note
By Joji Montelibano, Michael Hanley
In this report, the authors present an insider threat pattern on how organizations can combat insider theft of intellectual property.
DOWNLOAD -
CERT® Resilience Management Model Capability Appraisal Method (CAM) Version 1.1
• Technical Report
By Resilient Enterprise Management Team
In this report, the authors demonstrate that the SCAMPI method can be adapted and applied to CERT-RMM V1.1 as the reference model for a process appraisal.
DOWNLOAD -
Smart Grid Maturity Model: Matrix, Version 1.2
• White Paper
By None
This document shows a matrix related to Smart Grid Maturity Model levels.
DOWNLOAD -
Proceedings of the Fourth International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems (MESOA 2010)
• Special Report
By Kostas Kontogiannis, Dennis B. Smith, Grace Lewis
This report summarizes the proceedings from the 2010 MESOA workshop and includes the accepted papers that were the basis for the presentations given during the workshop.
DOWNLOAD -
Software Assurance Curriculum Project Volume IV: Community College Education
• Technical Report
By Mark A. Ardis (Stevens Institute of Technology), Nancy R. Mead, Elizabeth K. Hawthorne (Union County College)
In this report, the authors focus on community college courses for software assurance.
DOWNLOAD -
Understanding and Leveraging a Supplier’s CMMI Efforts: A Guidebook for Acquirers (Revised for V1.3)
• Technical Report
By John Scibilia, Mike Phillips, Lawrence T. Osiecki
This guidebook helps acquisition organizations formulate questions for their suppliers related to CMMI. It also helps organizations interpret responses to identify and evaluate risks for a given supplier.
DOWNLOAD -
Smart Grid Maturity Model, Version 1.2: Model Definition
• Technical Report
By The SGMM Team
The Smart Grid Maturity Model (SGMM) is business tool that provides a framework for electric power utilities to help modernize their operations and practices for delivering electricity.
DOWNLOAD -
Keeping Your Family Safe in a Highly Connected World
• White Paper
By Jonathan Frederick, Marie Baker
In this paper, the authors describe the risks of being victims of theft, including becoming involved unknowingly in illegal activities over a networked device.
DOWNLOAD -
Which CMMI Model Is for You?
• White Paper
By Sandra Shrum, Mike Phillips
A short white paper that provides guidance on selecting the best CMMI model for process improvement.
DOWNLOAD -
Architecting Service-Oriented Systems
• Technical Note
By Grace Lewis, Paulo Merson, Soumya Simanta, Philip Bianco
This report presents guidelines for architecting service-oriented systems and the effect of architectural principles on system quality attributes.
DOWNLOAD -
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation
• Special Report
By Benjamin McCormick, Rita C. Creel, Jeff Davenport, Mary Popeck, Mike Kinney (National Security Agency), Sagar Chaki
In this report, the authors describe work to develop standards for vulnerability and compliance remediation on DoD networked systems.
DOWNLOAD -
A Decision Framework for Selecting Licensing Rights for Noncommercial Computer Software in the DoD Environment
• Technical Report
By Charlene Gross
This report describes standard noncommercial software licensing alternatives as defined by U.S. Government and DoD regulations. It suggests an approach for identifying agency needs for license rights and the license …
DOWNLOAD -
Measures for Managing Operational Resilience
• Technical Report
By Pamela D. Curtis, Julia H. Allen
In this report, the Resilient Enterprise Management (REM) team suggests a set of top ten strategic measures for managing operational resilience.
DOWNLOAD -
An Online Learning Approach to Information Systems Security Education
• White Paper
By Marsha Lovett (Carnegie Mellon University), Norman Bier (Carnegie Mellon University), Robert C. Seacord
In this paper, the authors describe the development of a secure coding module that shows how to capture content, ensure learning, and scale to meet demand.
DOWNLOAD -
Monitoring Cloud Computing by Layer, Part 2
• White Paper
By Jonathan Spring
In this paper, Jonathan Spring presents a set of recommended restrictions and audits to facilitate cloud security.
DOWNLOAD -
A Preliminary Model of Insider Theft of Intellectual Property
• Technical Note
By Andrew P. Moore, Randall F. Trzeciak, Derrick Spooner, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Eric D. Shaw
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.
DOWNLOAD -
Software Assurance for System of Systems
• White Paper
By John B. Goodenough, Linda M. Northrop
In this paper, the authors discuss confidence in system and SoS behavior and how theories can be used to make the assurance process more effective.
DOWNLOAD -
Architecture Evaluation without an Architecture: Experience with the Smart Grid
• White Paper
By Len Bass, James Ivers, Gabriel Moreno, Rick Kazman
This paper describes an analysis of some of the challenges facing one portion of the Electrical Smart Grid in the United States - residential Demand Response (DR) systems.
DOWNLOAD -
Correlating Domain Registrations and DNS First Activity in General and for Malware
• White Paper
By Ed Stoner, Leigh B. Metcalf, Jonathan Spring
In this paper, the authors describe a pattern in the amount of time it takes for that domain to be actively resolved on the Internet.
DOWNLOAD -
Architectures for the Cloud: Best Practices for Navy Adoption of Cloud Computing
• White Paper
By Grace Lewis
The goal of SEI research is to create best practices for architecture and design of systems that take advantage of the cloud, leading to greater system quality from both a …
DOWNLOAD -
Monitoring Cloud Computing by Layer, Part 1
• White Paper
By Jonathan Spring
In this paper, Jonathan Spring presents a set of recommended restrictions and audits to facilitate cloud security.
DOWNLOAD -
Principles of Survivability and Information Assurance
• White Paper
By None
In this paper, the authors describe a Security Information and Event Management signature for detecting possible malicious insider activity.
DOWNLOAD -
Employing SOA to Achieve Information Dominance
• White Paper
By Grace Lewis
SEI research will enable the Navy to to develop service-oriented systems that address information dominance priority requirements.
DOWNLOAD -
Managing Technical Debt in Software-Reliant Systems
• White Paper
By Nanette Brown
This whitepaper argues that there is an opportunity to study and improve the “technical debt” metaphor concept and offers software engineers a foundation for managing such trade-offs based on models …
DOWNLOAD -
Appraisal Requirements for CMMI Version 1.3 (ARC, V1.3)
• Technical Report
By SCAMPI Upgrade Team
The Appraisal Requirements for CMMI, Version 1.3 (ARC, V1.3), defines the requirements for appraisal methods intended for use with Capability Maturity Model Integration (CMMI) and with the People CMM.
DOWNLOAD -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
• Technical Report
By Bradford J. Willke, Samuel A. Merrell, Matthew J. Butkovic, John Haller
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
DOWNLOAD -
Trusted Computing in Embedded Systems Workshop
• Special Report
By Jonathan M. McCune, Archie D. Andrews
In this report, the authors describe the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University.
DOWNLOAD -
Issues and Opportunities for Improving the Quality and Use of Data in the Department of Defense
• Special Report
By Erin Harper, David Zubrow, Mark Kasunic
This report contains the recommendations of an SEI-lead, joint-sponsored workshop by the OSD (AT&L) and DDR&, around the topics of data quality, data analysis, and data use.
DOWNLOAD -
IEEE Computer Society/Software Engineering Institute Software Process Achievement (SPA) Award 2009
• Technical Report
By Ramakrishnan M., Satyendra Kumar
This report describes the work of the 2009 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
CMMI for Acquisition (CMMI-ACQ) Primer, Version 1.3
• Technical Report
By Mike Phillips
Acquisition practices for the project level that help you get started with CMMI for Acquisition practices without using the whole model.
DOWNLOAD -
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi
• Technical Report
By Julia H. Allen, Andrew J. Kornecki (Embry-Riddle Aeronautical University), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Mark A. Ardis (Stevens Institute of Technology), Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead
In this report, the authors provide sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
DOWNLOAD -
Delivering Software-Reliant Products Faster: Take Action to Help Your Organization Gain Speed Without Sacrificing Quality
• White Paper
By None
Learn how to deliver software-reliant products faster and explore ways to use software architecture more effectively.
DOWNLOAD -
Delivering Software-Reliant Products Faster: Help Your Organization Gain Speed Without Sacrificing Quality
• White Paper
By None
Learn how to look into the initial steps suggested for delivering software-reliant products faster.
DOWNLOAD -
A Framework for Evaluating Common Operating Environments: Piloting, Lessons Learned, and Opportunities
• Special Report
By Steve Rosemergy, Cecilia Albert
This report explores the interdependencies among common language, business goals, and soft-ware architecture as the basis for a common framework for conducting evaluations of software technical solutions.
DOWNLOAD -
Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems
• Technical Note
By Nancy R. Mead, Jeff Ingalsbe (University of Detroit Mercy), Dan Shoemaker (University of Detroit Mercy)
In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.
DOWNLOAD -
An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases
• Technical Note
By Matt Houy, Will Schroeder, Tyler Dean, Michael Hanley, Joji Montelibano, Randall F. Trzeciak
In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.
DOWNLOAD -
Results of SEI Independent Research and Development Projects (FY 2010)
• Technical Report
By Peter H. Feiler, William Anderson, David Fisher, David P. Gluch, Jeffrey Hansen, Jörgen Hansson (University of Skovde), John J. Hudak, Karthik Lakshmanan, Richard C. Linger (Oak Ridge National Laboratory), Howard F. Lipson, Gabriel Moreno, Edwin J. Morris, Archie D. Andrews, Onur Mutlu, Robert Nord, Ipek Ozkaya, Daniel Plakosh, Mark Pleszkoch, Ragunathan Rajkumar, Joe Seibel, Soumya Simanta, Charles Weinstock, Lutz Wrage, Nanette Brown, Cory Cohen, Christopher Craig, Tim Daly, Dionisio de Niz, Andres Diaz-Pace
This report describes results of independent research and development (IRAD) projects undertaken in fiscal year 2010.
DOWNLOAD -
Network Monitoring for Web-Based Threats
• Technical Report
By Matthew Heckathorn
In this report, Matthew Heckathorn models the approach an attacker would take and provides detection or prevention methods to counter that approach.
DOWNLOAD -
Function Extraction (FX) Research for Computation of Software Behavior: 2010 Development and Application of Semantic Reduction Theorems for Behavior Analysis
• Technical Report
By Tim Daly, Richard C. Linger (Oak Ridge National Laboratory), Mark Pleszkoch
In this report, the authors present research to compute the behavior of software with mathematical precision and how this research has been implemented.
DOWNLOAD -
FloCon 2011 Proceedings
• White Paper
By None
These papers were presented at FloCon 2011, where participants discussed dark space, web servers, spam, and the susceptibility of DNS servers to cache poisoning.
DOWNLOAD -
Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data
• Technical Note
By Michael Hanley
In this 2011 report, Michael Hanley demonstrates how a method for modeling insider crimes can create candidate technical controls and indicators.
DOWNLOAD -
Trust and Trusted Computing Platforms
• Technical Note
By David Fisher, Archie D. Andrews, Jonathan M. McCune
This technical note examines the Trusted Platform Module, which arose from work related to the Independent Research and Development project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as …
DOWNLOAD -
Enabling Agility Through Architecture
• White Paper
By Ipek Ozkaya, Robert Nord, Nanette Brown
Enabling Agility Through Architecture: A Crosstalk article by Nanette Brown, Rod Nord, and Ipek Ozkaya.
DOWNLOAD -
Software Supply Chain Risk Management: From Products to Systems of Systems
• Technical Note
By Audrey J. Dorofee, Rita C. Creel, Christopher J. Alberts, Carol Woody, Robert J. Ellison
In this report, the authors consider current practices in software supply chain analysis and suggest some foundational practices.
DOWNLOAD -
A Taxonomy of Operational Cyber Security Risks
• Technical Note
By Lisa R. Young, James J. Cebula
In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.
DOWNLOAD -
Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems
• Technical Report
By James McCurley, Will Dormann, Jefferson Welch, David Svoboda, Robert C. Seacord, Robert W. Stoddard, Philip Miller
In this report, the authors describe the Source Code Analysis Laboratory (SCALe), which tests software for conformance to CERT secure coding standards.
DOWNLOAD -
Adaptive Flow Control for Enabling Quality of Service in Tactical Ad Hoc Wireless Networks
• Technical Report
By Daniel Plakosh, Soumya Simanta, Lutz Wrage, Edwin J. Morris, B. Craig Meyers, Scott Hissam, Jeffrey Hansen
The network infrastructure for users such as emergency responders or warfighters is wireless, ad hoc, mobile, and lacking in sufficient bandwidth. This report documents the results from 18 experiments to …
DOWNLOAD -
Combining Architecture-Centric Engineering with the Team Software Process
• Technical Report
By Jim McHale, Robert Nord, Felix Bachmann
ACE methods and the TSP provides an iterative approach for delivering high quality systems on time and within budget. The combined approach helps organizations that must set an architecture/developer team …
DOWNLOAD -
Beyond Technology Readiness Levels for Software: U.S. Army Workshop Report
• Technical Report
By Stephen Blanchette, Jr., Suzanne Miller, Cecilia Albert
This report synthesizes presentations, discussions, and outcomes from the "Beyond Technology Readiness Levels for Software" workshop from August 2010.
DOWNLOAD -
The CERT Approach to Cybersecurity Workforce Development
• Technical Report
By Christopher May, Josh Hammerstein
This report describes a model commonly used for developing and maintaining a competent cybersecurity workforce, explains some operational limitations associated with that model, and presents a new approach to cybersecurity …
DOWNLOAD -
Guide for SCAMPI Appraisals: Accelerated Improvement Method (AIM)
• Special Report
By None
This document provides guidance to lead appraisers and appraisal teams unfamiliar with TSP+ when conducting Standard CMMI Appraisal Method for Process Improvement (SCAMPI) appraisals within organizations that use the TSP+ …
DOWNLOAD -
Implementation Guidance for the Accelerated Improvement Method (AIM)
• Special Report
By None
This 2010 report describes the (AIM which helps an organization to implement high-performance, high-quality CMMI practices much more quickly than industry norms.
DOWNLOAD -
Executive Overview: Best Practices for Adoption of Cloud Computing
• White Paper
By Grace Lewis
This paper describes the SEI approach to cloud computing research for the DoD.
DOWNLOAD -
Executive Overview: Employing SOA to Achieve Information Dominance
• White Paper
By Grace Lewis
The current ability to implement systems in the DoD based on SOA technologies falls short of the DoD's goals. To close the gaps in these areas, research is needed in …
DOWNLOAD -
French language translation of CMMI for Development, V1.3
• White Paper
By None
This is The French language translation of CMMI for Development, V1.3.
DOWNLOAD -
Dutch language translation of CMMI for Development V1.3
• White Paper
By None
This document is the Dutch language translation of CMMI-DEV V1.3.
DOWNLOAD -
Spanish Language Translation of CMMI for Development, v1.3
• White Paper
By None
Spanish language translation of CMMI for Development, v1.3
DOWNLOAD -
Traditional Chinese Language Translation of CMMI for Development V1.3
• White Paper
By None
CMMI-DEV V1.3 Traditional Chinese Translation
DOWNLOAD -
A Workshop on Analysis and Evaluation of Enterprise Architectures
• Technical Note
By Michael J. Gagliardi, John Klein
This report summarizes a workshop on the analysis and evaluation of enterprise architectures that was held at the SEI in April of 2010.
DOWNLOAD -
Performance Analysis of WS-Security Mechanisms in SOAP-Based Web Services
• Technical Report
By Gunnar Peterson, Edwin J. Morris, Grace Lewis, Marc Novakouski, Soumya Simanta
This paper presents the results of a series of experiments targeted at analyzing the performance impact of adding WS-Security, a common security standard used in IdM frameworks, to SOAP-based web …
DOWNLOAD -
CMMI for Acquisition, Version 1.3
• Technical Report
By The CMMI Product Team
The CMMI-ACQ model provides guidance for applying CMMI best practices in an acquiring organization. Best practices in the model focus on activities for initiating and managing the acquisition of products …
DOWNLOAD -
CMMI for Development, Version 1.3
• Technical Report
By The CMMI Product Team
This 2010 report details CMMI for Development (CMMI-DEV) V.1.3, which provides a comprehensive integrated set of guidelines for developing products and services.
DOWNLOAD -
CMMI for Services, Version 1.3
• Technical Report
By The CMMI Product Team
This 2010 report details CMMI for Services (CMMI-SVC) V.1.3, which provides a comprehensive integrated set of guidelines for providing superior services.
DOWNLOAD -
Strategic Planning with Critical Success Factors and Future Scenarios: An Integrated Strategic Planning Framework
• Technical Report
By Linda Parker Gates
This report explores the value of enhancing typical strategic planning techniques with the CSF method and scenario planning.
DOWNLOAD -
Designing for Incentives: Better Information Sharing for Better Software Engineering
• White Paper
By None
This paper outlines a research agenda in bridging to the economic theory of mechanism design, which seeks to align incentives in multi-agent systems with private information and conflicting goals.
DOWNLOAD -
Cloud Computing Basics Explained
• White Paper
By Grace Lewis
This paper seeks to help organizations understand cloud computing essentials, including drivers for and barriers to adoption, in support of making decisions about adopting the approach.
DOWNLOAD -
Primer on SOA Terms
• White Paper
By Grace Lewis
This white paper presents basic terminology related to Service- Oriented Architecture (SOA). The goal of the paper is to establish a baseline of terms for service-oriented systems.
DOWNLOAD -
T-Check in System-of-Systems Technologies: Cloud Computing
• Technical Note
By Harrison D. Strowd, Grace Lewis
The purpose of this report is to examine a set of claims about cloud computing adoption.
DOWNLOAD -
Emerging Technologies for Software-Reliant Systems of Systems
• Technical Note
By Grace Lewis
The purpose of this report is to present an informal survey of technologies that are, or are likely to become, important for software-reliant systems of systems in response to current …
DOWNLOAD -
Integrated Measurement and Analysis Framework for Software Security
• Technical Note
By Robert W. Stoddard, Julia H. Allen, Christopher J. Alberts
In this report, the authors address how to measure software security in complex environments using the Integrated Measurement and Analysis Framework (IMAF).
DOWNLOAD -
Security Requirements Reusability and the SQUARE Methodology
• Technical Note
By Nancy R. Mead, Travis Christian
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
DOWNLOAD -
Measuring Operational Resilience Using the CERT® Resilience Management Model
• Technical Note
By Noopur Davis, Julia H. Allen
In this 2010 report, the authors begin a dialogue and establish a foundation for measuring and analyzing operational resilience.
DOWNLOAD -
Program Executive Officer Aviation, Major Milestone Reviews: Lessons Learned Report
• Technical Report
By Kate Ambrose, Scott Reed
This report documents ideas and recommendations for improving the overall acquisition process and presents the actions taken by project managers in several programs to develop, staff, and obtain approval for …
DOWNLOAD -
Smart Grid Maturity Model, Version 1.1: Model Definition
• Technical Report
By The SGMM Team
The Smart Grid Maturity Model (SGMM) is business tool that provides a framework for electric power utilities to help modernize their operations and practices for delivering electricity.
DOWNLOAD -
Success in Acquisition: Using Archetypes to Beat the Odds
• Technical Report
By William E. Novak, Linda Levine
This report describes key elements in systems thinking, provides an introduction to general systems archetypes, and applies these concepts to the software acquisition domain.
DOWNLOAD -
Building Assured Systems Framework
• Technical Report
By Nancy R. Mead, Julia H. Allen
This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
DOWNLOAD -
Using TSP Data to Evaluate Your Project Performance
• Technical Report
By Shigeru Sasao, Bill Nichols, James McCurley
A set of measures was determined that allow analyses This report discusses the application of a set of measures to a data set of 41 TSP projects from an organization …
DOWNLOAD -
Suggestions for Documenting SOA-Based Systems
• Technical Report
By Stephany Bellomo
This report provides suggestions for documenting service-oriented architecture-based systems based on the Views & Beyond (V&B) software documentation approach.
DOWNLOAD -
Exploring Acquisition Strategies for Adopting a Software Product Line
• White Paper
By Lawrence G. Jones, John K. Bergey
Some basics of software product line practice, the challenges that make product line acquisition unique, and three basic acquisition strategies are all part of this white paper.
DOWNLOAD -
YAF: Yet Another Flowmeter
• White Paper
By Chris Inacio, Brian Trammell
In this paper, the authors describe issues encountered in designing and implementing YAF.
DOWNLOAD -
A Continuous Time List Capture Model for Internet Threats
• White Paper
By Rhiannon Weaver
In this paper, Rhiannon Weaver describes a population study of malware files under the CTLC framework and presents a simulation study as well as future work.
DOWNLOAD -
Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum
• Technical Report
By Julia H. Allen, Nancy R. Mead, Mark A. Ardis (Stevens Institute of Technology), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory), James McDonald (Monmouth University)
In this report, the authors present a master of software assurance curriculum that educational institutions can use to create a degree program or track.
DOWNLOAD -
Risk Management Framework
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee
In this report, the authors specify (1) a framework that documents best practice for risk management and (2) an approach for evaluating a program's risk management practice in relation to …
DOWNLOAD -
Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines
• Technical Report
By Thomas B. Hilburn (Embry-Riddle Aeronautical University), Nancy R. Mead, Richard C. Linger (Oak Ridge National Laboratory)
In this report, the authors describe seven courses for an undergraduate curriculum specialization for software assurance.
DOWNLOAD -
A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project
• Technical Report
By Carol Woody, Lisa Brownsword, Andrew P. Moore, Christopher J. Alberts
In this report, the authors describe the SEI Assurance Modeling Framework, piloting to prove its value, and insights gained from that piloting.
DOWNLOAD -
COVERT: A Framework for Finding Buffer Overflows in C Programs via Software Verification
• Technical Report
By Arie Gurfinkel, Sagar Chaki
In this report, the authors present COVERT, an automated framework for finding buffer overflows in C programs using software verification tools and techniques.
DOWNLOAD -
Measurement and Analysis Infrastructure Diagnostic, Version 1.0: Method Definition Document
• Technical Report
By Mark Kasunic
This 2010 report is a guidebook for conducting a Measurement and Analysis Infrastructure Diagnostic (MAID) evaluation.
DOWNLOAD -
Security Requirements Engineering
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
DOWNLOAD -
Adapting the SQUARE Process for Privacy Requirements Engineering
• Technical Note
By Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
DOWNLOAD -
Team Software Process (TSP) Body of Knowledge (BOK)
• Technical Report
By Watts S. Humphrey, Bill Nichols, Marsha Pomeroy-Huff, Timothy A. Chick
The TSP BOK helps practitioners and employers assess and improve their skills, and shows academic institutions how to incorporate TSP into their engineering courses.
DOWNLOAD -
Programmatic and Constructive Interdependence: Emerging Insights and Predictive Indicators of Development Resource Demand
• Technical Report
By Mark Kasunic, Robert M. Flowe, William Anderson, David Zubrow, James McCurley, Paul L. Hardin, III, Mary M. Brown
This 2010 report describes a series of ongoing research efforts that investigate the role of interdependence in the acquisition of major defense acquisition programs.
DOWNLOAD -
Rayon: A Unified Framework for Data Visualization
• White Paper
By Phil Groce
In this paper, Phil Groce describes the Rayon visualization toolkit, developed to augment network analytic information and improve analytic operations.
DOWNLOAD -
Finding Malicious Activity in Bulk DNS Data
• White Paper
By Ed Stoner
In this paper, Ed Stoner describes techniques for detecting certain types of malicious traffic.
DOWNLOAD -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
• Special Report
By Bradford J. Willke, Matthew J. Butkovic, Samuel A. Merrell, John Haller
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
DOWNLOAD -
Team Software Process (TSP) Coach Mentoring Program Guidebook, Version 1.1
• Special Report
By Jefferson Welch, Bill Nichols, Jim McHale, Robert Cannon, Timothy A. Chick, Alan Willett, Marsha Pomeroy-Huff
This guidebook is designed to explain the steps for becoming an SEI-Certified Team Software Process (TSP) Coach or SEI-Certified TSP Mentor Coach, with emphasis on guiding individuals through the mentoring …
DOWNLOAD -
Survivability Analysis Framework
• Technical Note
By Carol Woody, Robert J. Ellison
In this report, the authors describe the Survivability Analysis Framework, which is used to evaluate critical operational capabilities.
DOWNLOAD -
Software Product Lines: Report of the 2010 U.S. Army Software Product Line Workshop
• Technical Report
By John K. Bergey, Sholom G. Cohen, Patrick Donohoe, Lawrence G. Jones, Linda M. Northrop, Gary Chastek
This report synthesizes presentations and discussions from a 2010 workshop to discuss product line practices and operational accomplishments.
DOWNLOAD -
Performance Effects of Measurement and Analysis: Perspectives from CMMI High Maturity Organizations and Appraisers
• Technical Report
By Dennis Goldenson, James McCurley
This report describes results from two recent surveys conducted by the Software Engineering Institute (SEI) to collect information about the measurement and analysis activities of software systems development organizations.
DOWNLOAD -
Resource Allocation in Distributed Mixed-Criticality Cyber-Physical Systems
• White Paper
By Karthik Lakshmanan
This paper explains a formal overload-resilience metric called ductility.
DOWNLOAD -
The Illusion of Certainty - Paper
• White Paper
By Grady Campbell
In this 2010 paper, Grady Campbell - delivered at the 7th Acquisition Research Symposium - argues that a new approach to acquisition is needed that recognizes that hiding uncertainty is …
DOWNLOAD -
Edge Enabled Systems
• White Paper
By Kurt C. Wallnau, Joseph Giampapa, Daniel Plakosh, Rick Kazman, Zacharie Hall (Aberdeen Proving Ground)
This paper describes the characteristics of edge systems and the edge organizations in which these systems operate, and make initial recommendations about how such systems and organizations can be created …
DOWNLOAD -
Managing Variation in Services in a Software Product Line Context
• Technical Note
By Sholom G. Cohen, Robert W. Krut, Jr.
This report highlights the mutual benefits of combining systematic reuse approaches from product line development with flexible approaches for implementing business processes in a service oriented architecture.
DOWNLOAD -
Evaluating and Mitigating Software Supply Chain Security Risks
• Technical Note
By Carol Woody, John B. Goodenough, Charles Weinstock, Robert J. Ellison
In this 2010 report, the authors identify software supply chain security risks and specify evidence to gather to determine if these risks have been mitigated.
DOWNLOAD -
Relating Business Goals to Architecturally Significant Requirements for Software Systems
• Technical Note
By Len Bass, Paul C. Clements
The purpose of this report is to facilitate better elicitation of high-pedigree quality attribute requirements. Toward this end, we want to be able to elicit business goals reliably and understand …
DOWNLOAD -
Case Study: Model-Based Analysis of the Mission Data System Reference Architecture
• Technical Report
By Peter H. Feiler, David P. Gluch, Kurt Woodham (L-3 Communications-Titan Group)
This report describes how AADL support an instantiation of a reference architecture, address architectural themes, and provide a foundation for the analysis of performance elements and system assurance concerns.
DOWNLOAD -
Identifying Anomalous Port-Specific Network Behavior
• Technical Report
By Rhiannon Weaver
In this report, Rhiannon Weaver describes a method for identifying network behavior that may be a sign of coming internet-wide attacks.
DOWNLOAD -
CERT Resilience Management Model, Version 1.0
• Technical Report
By Julia H. Allen, Pamela D. Curtis, David W. White, Lisa R. Young, Richard A. Caralli
In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.
DOWNLOAD -
Java Concurrency Guidelines
• Technical Report
By David Svoboda, Robert C. Seacord, Dhruv Mohindra, Fred Long
In this report, the authors describe the CERT Oracle Secure Coding Standard for Java, which provides guidelines for secure coding in Java.
DOWNLOAD -
Specifications for Managed Strings, Second Edition
• Technical Report
By Hal Burch, David Svoboda, Robert C. Seacord, Raunak Rungta, Fred Long
In this report, the authors describe a managed string library for the C programming language.
DOWNLOAD -
Considerations for Using Agile in DoD Acquisition
• Technical Note
By Alfred Schenker, Mary Ann Lapham, Ray C. Williams, Charles (Bud) Hammons, Daniel Burton
This 2010 report explores the questions: Can Agile be used in the DoD environment? If so, how?
DOWNLOAD -
As-If Infinitely Ranged Integer Model, Second Edition
• Technical Note
By David Svoboda, Alex Volkovitsky, Timothy Wilson, Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord
In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
DOWNLOAD -
Data Rights for Proprietary Software Used in DoD Programs
• Technical Note
By Henry Ouyang (The Aerospace Corporation), Julie B. Cohen, Bonnie Troup (The Aerospace Corporation)
This report examines how data rights issues were addressed in the TSAT program. It also reviews concerns posed by the use of commercial software in the TSAT program's Space Segment, …
DOWNLOAD -
Characterizing Technical Software Performance Within System of Systems Acquisitions: A Step-Wise Methodology
• Technical Report
By James Wessel, Bryce L. Meyer
This report focuses on both qualitative and quantitative ways of determining the current state of SWP (software performance) in terms of both test coverage and confidence for SOA-based SoS environments.
DOWNLOAD -
Measuring Software Security
• White Paper
By Julia H. Allen
This paper, extracted from the 2009 CERT Research Report, describes planned research tasks in the field of software security.
DOWNLOAD -
Cyber Assurance
• White Paper
By Christopher J. Alberts, Carol Woody, Robert J. Ellison
This paper, extracted from the 2009 CERT Research Report, describes planned research tasks in the field of cyber assurance.
DOWNLOAD -
Evaluating Software's Impact on System and System and System of Systems Reliability
• White Paper
By None
In this paper, the authors discuss how system engineers are uncertain about how to determine the impact of software on overall system.
DOWNLOAD -
A Research Agenda for Service-Oriented Architecture (SOA): Maintenance and Evolution of Service-Oriented Systems
• Technical Note
By Dennis B. Smith, Grace Lewis, Kostas Kontogiannis
This 2010 report describes the agenda of an SEI-led group that was formed to explore the business, engineering, and operations aspects of service-oriented architecture.
DOWNLOAD -
Extending Team Software Process (TSP) to Systems Engineering: A NAVAIR Experience Report
• Technical Report
By Jeff Schwalb, Delwyn Kellogg, Timothy A. Chick, Anita Carleton, James W. Over
This 2010 report communicates status, progress, lessons learned, and results on a joint collaboration between the SEI and NAVAIR.
DOWNLOAD -
Testing in Service-Oriented Environments
• Technical Report
By William Anderson, Edwin J. Morris, Sriram Balasubramaniam, David J. Carney, John Morley, Patrick R. Place, Soumya Simanta
This report makes 65 recommendations for improving testing in service-oriented environments. It covers testing functionality and testing for interoperability, security, performance, and reliability qualities.
DOWNLOAD -
Reports from the Field on System of Systems Interoperability Challenges and Promising Approaches
• Technical Report
By Carol Sledge
In this report, Carol Sledge identifies challenges and successful approaches to achieving system of systems (SoS) interoperability.
DOWNLOAD -
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
DOWNLOAD -
0-knowledge fuzzing
• White Paper
By Vincenzo Iozzo (Zynamics)
In this paper, Vincenzo Iozzo describes how to effectively fuzz with no knowledge of the user-input and the binary.
DOWNLOAD -
MITRE, CWE, and CERT Secure Coding Standards
• White Paper
By Robert A. Martin, Robert C. Seacord
In this paper, the authors summarize the Common Weakness Enumeration (CWE) and CERT Secure Coding Standards and the relationship between the two.
DOWNLOAD -
A Probabilistic Population Study of the Conficker-C Botnet
• White Paper
By Rhiannon Weaver
In this paper, Rhiannon Weaver estimates the number of active machines per hour infected with the Conficker-C worm using a probability model.
DOWNLOAD -
Instrumented Fuzz Testing Using AIR Integers (Whitepaper)
• White Paper
By David Keaton, Will Dormann, Thomas Plum (Plum Hall, Inc.), Timothy Wilson, Robert C. Seacord, Roger Dannenberg (School of Computer Science, Carnegie Mellon University)
In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.
DOWNLOAD -
Spotlight On: Insider Threat from Trusted Business Partners
• White Paper
By Randall F. Trzeciak, Derrick Spooner, Robert Weiland (Carnegie Mellon University), Andrew P. Moore, Dawn Cappelli
In this report, the authors focus on cases in which the insider was employed by a trusted business partner of the victim organization.
DOWNLOAD -
Profiling Systems Using the Defining Characteristics of Systems of Systems (SoS)
• Technical Note
By Donald Firesmith
This technical note identifies and describes the characteristics that have been used in various definitions of the term system of systems.
DOWNLOAD -
Proceedings of the 3rd International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems (MESOA 2009)
• Special Report
By None
This report contains selected papers from the 3rd International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems (MESOA 2009).
DOWNLOAD -
Acquisition Archetype: Shooting the Messenger
• White Paper
By William E. Novak, Linda Levine
When problems are detected in programs, everyone needs to listen and work together towards a solution. Shooting the messenger only delays the process, and hurts program morale.
DOWNLOAD -
Industry Standard Notation for Architecture-Centric Model-Based Engineering
• White Paper
By Peter H. Feiler
In this paper, Peter Feiler describes the AADL, an industry standard for modeling and analyzing the architecture of software-reliant systems.
DOWNLOAD -
Approaches to Process Performance Modeling: A Summary from the SEI Series of Workshops on CMMI High Maturity Measurement and Analysis
• Technical Report
By Dennis Goldenson, Robert W. Stoddard
This report summarizes the results from the second and third high maturity measurement and analysis workshops.
DOWNLOAD -
Evaluating the Software Design of a Complex System of Systems
• Technical Report
By Stephen Blanchette, Jr., Steven Crosson (U.S. Army), Barry Boehm (University of California, Los Angeles)
The report examines the application of the life-cycle architecture milestone to the software and computing elements of the former Future Combat Systems program.
DOWNLOAD -
Secure Coding Governance and Guidance
• White Paper
By None
In this paper, the authors propose the use of secure coding standards in the development of software for surface combatants and submarines.
DOWNLOAD -
Secure Coding Plan
• White Paper
By None
This plan is a government-provided customizable document that is part of the acquisition's government reference library.
DOWNLOAD -
Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report
• Technical Note
By Scott Reed, William Craig (AMRDEC SED), Matt Fisher, Suzanne Miller, Clay Kaylor (AMRDEC SED), John Porter (AMRDEC SED)
Criteria and standards to certify an organization as a COE are presented in this Carnegie Mellon Software Engineering Institute preliminary report.
DOWNLOAD -
A Structured Approach for Reviewing Architecture Documentation
• Technical Note
By David Emery, Rich Hilliard, Robert Nord, Paul C. Clements
This technical note proposes a structured approach for reviewing architecture documentation that is centered on the documentation's stakeholders and engages them in a guided manner so as to ensure that …
DOWNLOAD -
Measurement and Analysis Infrastructure Diagnostic (MAID) Evaluation Criteria, Version 1.0
• Technical Report
By Software Engineering Measurement and Analysis (SEMA) Group
This 2009 report presents the criteria used during a MAID evaluation that serve as a checklist to rate the quality of an organization's measurement and analysis practices and the quality …
DOWNLOAD -
Results of SEI Independent Research and Development Projects (FY 2009)
• Technical Report
By Kristopher Rush, Paul C. Clements, Lutz Wrage, Dionisio de Niz, Kurt C. Wallnau, Cal Waits, Jörgen Hansson (University of Skovde), Peter H. Feiler, Scott Hissam, Daniel Plakosh, Len Bass, Gabriel Moreno, Ragunathan Rajkumar, Mark H. Klein, Karthik Lakshmanan, Jeffrey Hansen, Matthew Geiger, James Ivers
In this report, the authors describe the SEI independent research and development (IRAD) projects conducted during fiscal year 2009.
DOWNLOAD -
An Everyday Example of Architecture Documentation: Subway Maps
• White Paper
By Paul C. Clements
This white paper explores the idea that subway maps provide a good, common example of architecture documentation and that they might be instructive about good software architecture documentation.
DOWNLOAD -
System of Systems Software Assurance
• White Paper
By John B. Goodenough
This white paper describes SEI investigation into ways to provide justified confidence that a system of systems will behave as needed in its actual and evolving usage environments.
DOWNLOAD -
Proceedings of the Workshop on Software Engineering Foundations for End-User Programming (SEEUP 2009)
• Special Report
By Len Bass, Dennis B. Smith, Brad Myers, Grace Lewis
This report presents the papers that were given at SEEUP 2009, held at the 31st ICSE in Vancouver, British Columbia on May 23, 2009.
DOWNLOAD -
The Watts New Collection: Columns by the SEI’s Watts Humphrey
• Special Report
By Watts S. Humphrey
news@sei columns written by the SEI's Watts Humphrey between June 1998 and August 2008
DOWNLOAD -
Evaluating Artifact Quality from an Appraisal Perspective
• Technical Note
By Matt Fisher, Charlene Gross, Emanuel R. Baker
This report explores the lack of agreement among SCAMPI Lead Appraisers about what “artifact quality” means in the SCAMPI process context.
DOWNLOAD -
Evaluating Process Quality from an Appraisal Perspective
• Technical Note
By Matt Fisher, Emanuel R. Baker
This report explores the lack of agreement among SCAMPI Lead Appraisers about what “process quality” means in the SCAMPI process context.
DOWNLOAD -
A Method for Assessing Technical Progress and Quality Throughout the System Life Cycle
• Technical Note
By Summer C. Fowler, Rita C. Creel, Robert Ferguson
This 2009 paper provides a framework for evaluating a system from several perspectives for a comprehensive picture of progress and quality.
DOWNLOAD -
Integrating CMMI and TSP/PSP: Using TSP Data to Create Process Performance Models
• Technical Note
By Shurei Tamura
This report describes the fundamental concepts of process performance models (PPMs) and describes how they can be created using data generated by projects following the TSP.
DOWNLOAD -
System Architecture Virtual Integration: An Industrial Case Study
• Technical Report
By Peter H. Feiler, Dionisio de Niz, Lutz Wrage, Jörgen Hansson (University of Skovde)
This report introduces key concepts of the SAVI paradigm and discusses the series of development scenarios used in a POC demonstration to illustrate the feasibility of improving the quality of …
DOWNLOAD -
The Software Quality Profile
• White Paper
By Watts S. Humphrey
The software community has been slow to use data to measure software quality. This paper discusses the reasons for this problem and describes a way to use process measurements to …
DOWNLOAD -
Acquisition Archetypes: Happy Path Testing
• White Paper
By William E. Novak, Linda Levine
When time and budget are tight, it's tempting to follow the "happy path" in testing. But be careful: it may be a path that brings your program great unhappiness.
DOWNLOAD -
Acquisition Archetypes: Brooks' Law
• White Paper
By Linda Levine, William E. Novak
This April 2009 whitepaper focuses on the problems of underspending, which can result in funds being shifted from one acquisition program to another.
DOWNLOAD -
The Economics of CMMI
• White Paper
By None
This paper provides practical guidance for CMMI adopters in the effective use of CMMI, based upon established NDIA principles.
DOWNLOAD -
Insights on Program Success
• Special Report
By The Software Engineering Institute, Systems and Software Consortium, Inc.
This 2009 report examines the reasons why some programs fail and studies the factors that lead to program success.
DOWNLOAD -
A Bibliography of the Personal Software Process (PSP) and the Team Software Process (TSP)
• Special Report
By Rachel Callison, Marlene MacDonald
This 2009 special report provides a bibliography of books, articles, and other literature concerning the PSP and TSP methodologies.
DOWNLOAD -
Towards an Assurance Case Practice for Medical Devices
• Technical Note
By John B. Goodenough, Charles Weinstock
In this report, the authors explore how to enable manufacturers and federal regulators gain confidence in software-dominated medical devices.
DOWNLOAD -
Data Model as an Architectural View
• Technical Note
By Paulo Merson
This 2009 report describes the data model as an architectural style in an effort to help architects apply this style to create data model architectural views.
DOWNLOAD -
Secure Design Patterns
• Technical Report
By Kirk Sayre, Kazuya Togashi (JPCERT/CC), Chad Dougherty, Robert C. Seacord, David Svoboda
In this report, the authors describe a set of general solutions to software security problems that can be applied in many different situations.
DOWNLOAD -
CMMI and Medical Device Engineering
• White Paper
By David W. Walker
This paper summarizes the comparison performed between the CMMI and the regulations and standards that drive software intensive medical device product development.
DOWNLOAD -
Lessons Learned from a Large, Multi-Segment, Software-Intensive System
• Technical Note
By John T. Foreman, Mary Ann Lapham
This 2009 report contains a series of observations and their associated lessons learned from a large, multi-segment, software-intensive system.
DOWNLOAD -
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
• White Paper
By Joseph B. Kadane, Masanori Yamaguchi (IIJ Technology Inc.), Shawn McCaffrey (Carnegie Mellon University), Christopher King, Robert Weiland (Carnegie Mellon University), Fumihiko Kousaka (JPCERT/CC), Art Manion, Kazuya Togashi (JPCERT/CC)
In this paper, the authors describe the Vulnerability Response Decision Assistance (VRDA) framework, a decision support and expert system.
DOWNLOAD -
The Personal Software Process (PSP) Body of Knowledge, Version 2.0
• Special Report
By Marsha Pomeroy-Huff, Robert Cannon, Timothy A. Chick, Julia L. Mullaney, Bill Nichols
The Personal Software Process (PSP) body of knowledge (BOK) provides guidance to software professionals who are interested in using proven-effective, disciplined methods to improve their personal software development process.
DOWNLOAD -
Formulation of a Production Strategy for a Software Product Line
• Technical Note
By John McGregor, Patrick Donohoe, Gary Chastek
This 2009 report describes a technique for formulating the production strategy of a production system.
DOWNLOAD -
Realizing and Refining Architectural Tactics: Availability
• Technical Report
By James Scott, Rick Kazman
Tactics are fundamental elements of software architecture that an architect employs to meet a system's quality requirements. This report describes an updated set of tactics that enable the architect to …
DOWNLOAD -
Team Software Process (TSP) Coach Mentoring Program Guidebook
• Special Report
By None
This guidebook is designed to explain the steps for becoming an SEI-Certified Team Software Process (TSP) Coach or SEI-Certified TSP Mentor Coach, with emphasis on guiding individuals through the mentoring …
DOWNLOAD -
German language translation of CMMI for Development, V1.2
• White Paper
By None
The German language translation of CMMI for Development, V1.2.
DOWNLOAD -
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
• White Paper
By Andrew P. Moore, Randall F. Trzeciak, Eric D. Shaw, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Dawn Cappelli
In this paper, the authors describe general observations about a preliminary system dynamics model of insider crime based on our empirical data.
DOWNLOAD -
Why Don't They Practice What We Preach?
• White Paper
By Watts S. Humphrey
One of the most intractable problems in software is getting engineers to consistently use effective methods. The Software Engineering Institute has worked on this problem for a number of years …
DOWNLOAD -
Resiliency Management Model: Communications
• White Paper
By None
In this paper, the authors describe the purpose of Communications: to develop, deploy, and manage communications to support resiliency activities and processes.
DOWNLOAD -
Privacy Risk Assessment Case Studies in Support of SQUARE
• Special Report
By Prashanth Batlagundu, Varokas Panusuwan, Nancy R. Mead
In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.
DOWNLOAD -
A Proactive Means for Incorporating a Software Architecture Evaluation in a DoD System Acquisition
• Technical Note
By John K. Bergey
This technical note provides guidance on how to contractually incorporate architecture evaluations in an acquisition.
DOWNLOAD -
Building Process Improvement Business Cases Using Bayesian Belief Networks and Monte Carlo Simulation
• Technical Note
By Ben Linders
This report describes a collaboration between the SEI and Ericsson Research and Development to build a business case using high maturity measurement approaches that require limited measurement effort.
DOWNLOAD -
As-if Infinitely Ranged Integer Model
• Technical Note
By Alex Volkovitsky, Timothy Wilson, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda
In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.
DOWNLOAD -
People Capability Maturity Model (P-CMM), Version 2.0, Second Edition
• Technical Report
By Bill Curtis (CAST Research Labs), Sally Miller, William E. Hefley
This report documents an update to the People CMM, Version 2, which updates informative material within the People CMM and its subpractices and provides new information learned from the continuing …
DOWNLOAD -
Revealing Cost Drivers for Systems Integration and Interoperability Through Q Methodology
• White Paper
By Maureen Brown (University of North Carolina), William Anderson
The findings suggest that Q Methodology may prove helpful in isolating many of the non-technical latent cost factors associated with system integration and interoperability.
DOWNLOAD -
Spanish language translation of CMMI for Development, V1.2
• White Paper
By None
The Spanish language translation of CMMI for Development, V1.2 was performed by Cátedra de Mejora de Procesos de Software en el Espacio, Iberoamericano de la Universidad Politécnica de Madrid and …
DOWNLOAD -
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2009)
• White Paper
By Randall F. Trzeciak, Andrew P. Moore, Dawn Cappelli, Derrick Spooner
In this report, the authors focus on employees, contractors, and business partners who stole intellectual property to benefit a foreign entity.
DOWNLOAD -
Computational Evaluation of Software Security Attributes
• White Paper
By Thomas A. Longstaff, Richard C. Linger (Oak Ridge National Laboratory), Gwendolyn H. Walton
This paper provides an introduction to the CSA approach, provides behavioral requirements for security attributes, and discusses possible application of the CSA approach.
DOWNLOAD -
Measurement for Improvement: Successful Measurement Practices Used in Army Software Acquisition
• Technical Note
By Robert Ferguson, James Wessel
This report summarizes the findings of a study conducted for the Army to find and describe software measurement practices that are being used successfully.
DOWNLOAD -
A Scenario-Based Technique for Developing SOA Technical Governance
• Technical Note
By Sriram Balasubramaniam, Dennis B. Smith, Edwin J. Morris, Soumya Simanta, Grace Lewis
Organizations can make the available SOA governance frameworks more effective in their organizations using the scenario-based tailoring technique introduced in this technical note.
DOWNLOAD -
Incremental Development in Large-Scale Systems: Finding the Programmatic IEDs
• Technical Note
By Charles (Bud) Hammons
This paper explores how continued use of the acquisition roadmaps opens up the potential for running into program pitfalls (programmatic IEDs) that aren‰t acknowledged on the map at hand.
DOWNLOAD -
Integrating Quality-attribute Reasoning Frameworks in the ArchE Design Assistant
• White Paper
By Felix Bachmann, Philip Bianco, Len Bass, Hyunwoo Kim, Andres Diaz-Pace
Bachmann et al present their work on a design assistant called ArchE that provides third-party researchers with an infrastructure to integrate their own quality-attribute models.
DOWNLOAD -
Incorporating Software Requirements into the System RFP: Survey of RFP Language for Software by Topic, v. 2.0
• Special Report
By Charlene Gross
The 2009 report defines and communicates software engineering and management events necessary to support the successful acquisition of software-intensive systems.
DOWNLOAD -
Evaluating Hazard Mitigations with Dependability Cases
• White Paper
By Matthew R. Barry (Software Intensive Systems, Inc.), John B. Goodenough
In this 2009 paper, the authors present an example to show the value a dependability case adds to a traditional hazard analysis.
DOWNLOAD -
Risk Detection and Mitigation Metrics and Design Check Lists for Real Time and Embedded Systems
• White Paper
By Doug Locke, Lui R. Sha
A whitepaper by Lui Sha of the University of Illinois and C. Douglass Locke of LC System Services Inc. The paper discusses risk detection and mitigation metrics and design check …
DOWNLOAD -
Assurance Cases for Design Analysis of Complex System of Systems Software
• White Paper
By Stephen Blanchette, Jr.
This paper discusses the application of assurance cases as a means of building confidence that the software design of a complex system of systems will actually meet the operational objectives …
DOWNLOAD -
Acquisition Archetypes: Longer Begets Bigger
• White Paper
By None
Planning for a long development period doesn't always solve acquisition scheduling problems. Sometimes it makes them worse.
DOWNLOAD -
Acquisition Archetypes: Robbing Peter to Pay Paul
• White Paper
By None
This April 2009 whitepaper is one in a short series of acquisition failures. This paper focuses on the problems of underspending, which can result in funds being shifted from one …
DOWNLOAD -
Making the Business Case for Software Assurance
• Special Report
By Nancy R. Mead, Art Conklin, Antonio Drommi, James Rainey, John Harrison, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Julia H. Allen
In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.
DOWNLOAD -
Impact of Army Architecture Evaluations
• Special Report
By Robert Nord, John K. Bergey, Stephen Blanchette, Jr., Mark H. Klein
This 2009 report describes the results of a study of the impact that the ATAM evaluations and QAWs had on Army programs.
DOWNLOAD -
A Workshop on Architecture Competence
• Technical Note
By Jeannine Siviy, Paul C. Clements, Rick Kazman, John Klein, Mark H. Klein, Len Bass
This report summarizes a June 2008 architecture competence workshop where practitioners discussed key issues in assessing architecture competence in organizations.
DOWNLOAD -
A Framework for Categorizing Key Drivers of Risk
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee
This 2009 report features a systemic approach for managing risk that takes into account the complex nature of distributed environments.
DOWNLOAD -
Software Product Lines: Report of the 2009 U.S. Army Software Product Line Workshop
• Technical Report
By Lawrence G. Jones, Matt Fisher, Sholom G. Cohen, Patrick Donohoe, John K. Bergey
This report is a synthesis of the presentations and discussions that took place during the 2009 U.S. Army Software Product Line Workshop.
DOWNLOAD -
Acquisition Archetypes: Everything for Everybody
• White Paper
By None
When projects attempt to please too many customers, complexity mounts, schedules slip, costs expand, and no one is happy.
DOWNLOAD -
Spotlight On: Malicious Insiders with Ties to the Internet Underground Community
• White Paper
By Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Michael Hanley
In this report, the authors focus on insider threat cases in which the insider had relationships with the internet underground community.
DOWNLOAD -
An Initial Comparative Analysis of the CMMI Version 1.2 Development Constellation and the ISO 9000 Family
• Special Report
By David Kitson, Robert Vickroy, John Walz, Dave Wynn
A preliminary, high-level comparison of the CMMI Development constellation and the ISO 9001:2000 family of process improvement standards.
DOWNLOAD -
U.S. Army Workshop on Exploring Enterprise, System of Systems, System, and Software Architectures
• Technical Report
By Michael J. Gagliardi, Stephen Blanchette, Jr., John K. Bergey, John Klein, William Wood, Robert Wojcik, Paul C. Clements
This report confirms that various architectural genres enjoy more commonalities than differences. Each one has its own important knowledge base, and openness among the various architectural tasks within an organization …
DOWNLOAD -
Deploying TSP on a National Scale: An Experience Report from Pilot Projects in Mexico
• Technical Report
By Bill Nichols, Rafael Salazar
This report communicates status, progress, lessons learned, and next steps for the Mexican TSP Initiative.
DOWNLOAD -
CMMI for Services V1.2 (Traditional Chinese)
• White Paper
By None
The Traditional Chinese translation of CMMI for Services V.1.2.
DOWNLOAD -
Multi-View Decision Making (MVDM) Workshop
• Special Report
By Christopher J. Alberts, Carol Woody, James Smith
In this report, the authors describe the value of multi-view decision making, a set of practices that reflect the realities of complex development efforts.
DOWNLOAD -
Overview of the Lambda-* Performance Reasoning Frameworks
• Technical Report
By Jeffrey Hansen, Gabriel Moreno
This report provides an overview of the Lambda-* performance reasoning frameworks, their current capabilities, and ongoing research.
DOWNLOAD -
Use and Organizational Effects of Measurement and Analysis in High Maturity Organizations: Results from the 2008 SEI State of Measurement and Analysis Practice Surveys
• Technical Report
By James McCurley, Dennis Goldenson, Robert W. Stoddard
This report contains results from a survey of high maturity organizations conducted by the Software Engineering Institute (SEI) in 2008. The questions center on the use of process performance modeling …
DOWNLOAD -
CMMI for Services, Version 1.2
• Technical Report
By The CMMI Product Team
A model of best practices to improve the processes of service providers.
DOWNLOAD -
The Arcade Game Maker Pedagogical Product Line
• White Paper
By None
The Arcade Game Maker product line is an example product line created to support learning about and experimenting with software product lines in the classroom.
DOWNLOAD -
Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition – Version 3.1
• White Paper
By Randall F. Trzeciak, Timothy J. Shimeall, Dawn Cappelli, Andrew P. Moore
In this paper, the authors present findings from examining insider crimes in a new way and add new practices that were not present in the second edition.
DOWNLOAD -
Developing An Acquisition Strategy
• White Paper
By None
An acquisition strategy is of great importance to those organizations that primarily acquire rather than develop.
DOWNLOAD -
High-Fidelity E-Learning: The SEI's Virtual Training Environment (VTE)
• Technical Report
By David W. White, Jim Wrubel, Julia H. Allen
In this 2008 report, the authors compare various approaches and tools used to capture and analyze evidence from computer memory.
DOWNLOAD -
Statistical-Based WCET Estimation and Validation
• White Paper
By Jeffrey Hansen, Gabriel Moreno, Scott Hissam
This paper presents a measurement-based approach that produces both a WCET (Worst Case Execution Time) estimate and a prediction of the probability that a future execution time will exceed a …
DOWNLOAD -
Spotlight On: Programming Techniques Used as an Insider Attack Tool
• White Paper
By Andrew P. Moore, Randall F. Trzeciak, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)
In this report, the authors focus on persons who use programming techniques to commit malicious acts against their organizations.
DOWNLOAD -
A Survey of Systems Engineering Effectiveness - Initial Results
• Special Report
By Dennis Goldenson, Khaled El Emam, The NDIA SE Effectiveness Committee, Angelica Neisa, Nichole Donitelli, Joseph P. Elm
This survey quantifies the relationship between the application of Systems Engineering (SE) best practices to projects and programs, and the performance of those projects and programs.
DOWNLOAD -
Results of SEI Independent Research and Development Projects (FY 2008)
• Technical Report
By Dionisio de Niz, John B. Goodenough, Jörgen Hansson (University of Skovde), Paul Jones, Peter H. Feiler, Sherman Eagles, Lutz Wrage, Charles Weinstock, Kurt C. Wallnau, Robert W. Stoddard, Lui R. Sha, Rick Kazman, Mark H. Klein, Insup Lee, Ragunathan Rajkumar, Daniel Plakosh, Ipek Ozkaya, Robert Nord, Gabriel Moreno
This report describes the independent research and development (IRAD) projects that were conducted during fiscal year 2008 (October 2007 through September 2008).
DOWNLOAD -
CMMI or Agile: Why Not Embrace Both!
• Technical Note
By Michael D. Konrad, David Anderson (David J. Anderson & Associates Inc.), Jeff Dalton (Broadsword Solutions Corporation), Hillel Glazer - Entinex Inc., Sandra Shrum
This report describes how CMMI and Agile methods can be used together successfully.
DOWNLOAD -
CMMI Roadmaps
• Technical Note
By Andre Heijstek, Rini Van Solingen, Ben Linders, Jan J. Cannegieter
The report guides organizations that are starting a CMMI for development implementation and deciding to use the continuous representation. The report offers guidance for how to decide what process areas …
DOWNLOAD -
CMMI High Maturity Measurement and Analysis Workshop Report: March 2008
• Technical Note
By Robert W. Stoddard, Erin Harper, David Zubrow, Dennis Goldenson
This report outlines a 2008 workshop, in which leaders discussed high maturity practices and how to sustain momentum for improvement.
DOWNLOAD -
Can You Trust Your Data? Establishing the Need for a Measurement and Analysis Infrastructure Diagnostic
• Technical Note
By Mark Kasunic, James McCurley, David Zubrow
This report describes common errors in measurement and analysis and the need for a criterion-based assessment method that will allow organizations to evaluate key characteristics of their measurement programs.
DOWNLOAD -
Software Engineering Bibliography
• White Paper
By David Zubrow, Carol Dekkers, James McCurley
In this paper, the authors provide a bibliography of sources related to software engineering.
DOWNLOAD -
Application Firewalls and Proxies - Introduction and Concept of Operations
• White Paper
By Howard F. Lipson, Ken Van Wyk (No Affiliation)
In this paper, the authors describe one of the many potential topic areas involving the integration of business applications into a supporting IT security infrastructure.
DOWNLOAD -
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis
• White Paper
By Jeff Janies
In this paper, Jeff Janies introduces the existence plot as a visualization and discuss its use in gaining insight into a host's behavior.
DOWNLOAD -
Acquisition Archetypes: Underbidding the Contract
• White Paper
By None
From the Acquisition Support Program, one in a series of short papers on acquisition patterns of failure.
DOWNLOAD -
Acquisition Archetypes: Staff Burnout and Turnover
• White Paper
By None
Applying more pressure on staff can temporarily increase productivity, but burnout soon sets in.
DOWNLOAD -
T-Check in Technologies for Interoperability: Business Process Management in a Web Services Context
• Technical Note
By Lutz Wrage, Fabian Hueppi, Grace Lewis
This technical note presents an investigation of the Business Process Execution Language, a popular BPM technology used to describe, analyze, execute, and monitor business processes.
DOWNLOAD -
Service Level Agreements in Service-Oriented Architecture Environments
• Technical Note
By Grace Lewis, Paulo Merson, Philip Bianco
This 2008 report surveys the state of practice in service level agreement specification and offers guidelines on how to assure that services are provided with high availability, security, performance, and …
DOWNLOAD -
Requirements and Their Impact Downstream: Improving Causal Analysis Processes Through Measurement and Analysis of Textual Information
• Technical Report
By Lawrence T. Osiecki, Dennis Goldenson, Ira Monarch
Requirements documents, test procedures, and problem and change reports from a U. S. Army Software Engineering Center (SEC) were analyzed to identify, clarify, and begin categorizing recurring patterns of issues …
DOWNLOAD -
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis
• Technical Note
By Cal Waits, Larry Rogers, Richard Nolan, Joseph A. Akinyele
The authors compare various approaches and tools used to capture and analyze evidence from computer memory.
DOWNLOAD -
Introducing Function Extraction into Software Testing (July 2008)
• White Paper
By Alan R. Hevner (University of South Florida), Mark Pleszkoch, Richard C. Linger (Oak Ridge National Laboratory)
This paper describes the emerging technology of function extraction (FX).
DOWNLOAD -
Preview of the Mission Assurance Analysis Protocol (MAAP): Assessing Risk and Opportunity in Complex Environments
• Technical Note
By Christopher J. Alberts, Lisa Marino, Audrey J. Dorofee
In this 2008 document, the authors preview a core set of activities and outputs that define a MAAP assessment.
DOWNLOAD -
A Data Specification for Software Project Performance Measures: Results of a Collaboration on Performance Measurement
• Technical Report
By Mark Kasunic
This 2008 document contains defined software project performance measures and influence factors that can be used by software development projects so that valid comparisons can be made between completed projects.
DOWNLOAD -
Results of SEI Independent Research and Development Projects (FY 2007)
• Technical Report
By Kostas Kontogiannis, Stefan Schuster, Marin Litoiu (IBM Canada Ltd.), Grace Lewis, Mark H. Klein, Donald Firesmith, Peter H. Feiler, Dionisio de Niz, John J. Hudak, Jörgen Hansson (University of Skovde), Kurt C. Wallnau, Len Bass, Lui R. Sha, Dennis B. Smith
This report describes the independent research and development (IRAD) projects that were conducted during fiscal year 2007 (October 2006 through September 2007).
DOWNLOAD -
Proceedings of the International Workshop on the Foundations of Service-Oriented Architecture (FSOA 2007)
• Special Report
By Grace Lewis, Dennis B. Smith
This report presents the results of the Foundations of Software-Oriented Architecture (FSOA) workshop held at the Third International Conference on Interoperability for Enterprise Software and Applications (I-ESA 2007).
DOWNLOAD -
SQUARE-Lite: Case Study on VADSoft Project
• Special Report
By Nancy R. Mead, Deepa Padmanabhan, Venkatesh Viswanathan, Ashwin Gayash
In this 2008 report, the authors describe SQUARE and SQUARE-Lite, and using SQUARE-Lite to develop security requirements for a financial application.
DOWNLOAD -
SoS Navigator 2.0: A Context-Based Approach to System-of-Systems Challenges
• Technical Note
By William Anderson, Dennis B. Smith, John Morley, David J. Carney, Suzanne Miller, Lisa Brownsword, Patrick Kirwan, Philip J. Boxer
This report introduces the fundamental concepts, processes, and techniques of the SoS Navigator approach. It also presents case studies that show the use of SoS Navigator in healthcare, military, and …
DOWNLOAD -
SMART: Analyzing the Reuse Potential of Legacy Components in a Service-Oriented Architecture Environment
• Technical Note
By Grace Lewis, Soumya Simanta, Dennis B. Smith, Edwin J. Morris
Is legacy system migration feasible for your organization as a means of SOA adoption? The Service Migration and Reuse Technique (SMART) assists an organization in determining what to migrate, the …
DOWNLOAD -
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools
• Technical Report
By David Keaton, Dan Saks, Robert C. Seacord, David Svoboda, Chris Taschner, Kazuya Togashi (JPCERT/CC), Stephen Dewhurst, Chad Dougherty, Yurie Ito
In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.
DOWNLOAD -
Strategic Technology Selection and Classification in Multimodel Environments
• White Paper
By John Morley, Patrick Kirwan, Lisa Marino, Jeannine Siviy
This white paper is the second in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need …
DOWNLOAD -
Leadership and Management in Software Architecture
• White Paper
By Brian Berenbach, Len Bass
The workshop on Leadership and Management in Software Architecture that took place at ICSE 2008 was focused on understanding these non-technical duties and the type of support an architect should …
DOWNLOAD -
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System
• White Paper
By Akash G. Desai (Information Networking Institute, Carnegie Mellon University), Dawn Cappelli, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke, Timothy J. Shimeall, Andrew P. Moore
In this paper, the authors describe the MERIT insider threat model and simulation results.
DOWNLOAD -
Implementation Challenges in a Multimodel Environment
• White Paper
By Patrick Kirwan, John Morley, Jeannine Siviy, Lisa Marino
This white paper is the fifth in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments.
DOWNLOAD -
Using Model-Based Engineering and Architectural Models to Build Secure Systems
• White Paper
By Jörgen Hansson (University of Skovde), John Morley, Peter H. Feiler
In this paper, the authors present analytical techniques to model and validate security protocols for enforcing confidentiality and integrity.
DOWNLOAD -
Building Secure Systems Using Model-Based Engineering and Architectural Models
• White Paper
By Peter H. Feiler, Jörgen Hansson (University of Skovde), John Morley
A system designer faces several challenges when specifying security for distributed computing environments or migrating systems to a new execution platform.
DOWNLOAD -
Proceedings of the First Workshop on Service-Oriented Architectures and Product Lines
• Special Report
By Sholom G. Cohen, Robert W. Krut, Jr.
This 2008 report includes an overview of the First Workshop on Service-Oriented Architectures and Product Lines, four invited presentations, details of the workshops outcomes, and the workshop position papers.
DOWNLOAD -
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
• Technical Note
By Venkatesh Viswanathan, Nancy R. Mead, Deepa Padmanabhan, Anusha Raveendran
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
DOWNLOAD -
Survivability Assurance for System of Systems
• Technical Report
By Robert J. Ellison, Charles Weinstock, Carol Woody, John B. Goodenough
In this report, the authors describe the Survivability Analysis Framework, a structured view of people, process, and technology.
DOWNLOAD -
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
• Technical Report
By Randall F. Trzeciak, Andrew P. Moore, Dawn Cappelli
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.
DOWNLOAD -
CMMI for Acquisition (CMMI-ACQ) Primer, Version 1.2
• Technical Report
By Karen Richter
This primer can be used by projects that acquire products or services in government and non-government organizations to improve acquisition processes.
DOWNLOAD -
The State of Information Security Law A Focus on the Key Legal Trends
• White Paper
By Tom Smedinghoff (Wildman Harrold)
This paper will examine new developments as they relate to three trends that are posing significant new challenges for most businesses..
DOWNLOAD -
The Value of Harmonizing Multiple Improvement Technologies: A Process Improvement Professional's View
• White Paper
By Patrick Kirwan, John Morley, Jeannine Siviy, Lisa Marino
This white paper is the first in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need …
DOWNLOAD -
Process Architecture in a Multimodel Environment
• White Paper
By John Morley, Patrick Kirwan, Jeannine Siviy, Lisa Marino
This white paper is the fourth in a five-part series that examines problems organizations encounter when operating in multimodel environments.
DOWNLOAD -
Improvement Technology Classification and Composition in Multimodel Environments
• White Paper
By John Morley, Lisa Marino, Jeannine Siviy, Patrick Kirwan
This paper is the third in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to …
DOWNLOAD -
Acquisition Archetypes: Feeding the Sacred Cow
• White Paper
By None
Some programs take on a life of their own—privileged, and woven into an organization's existence. But when "sacred cow" projects begin to go wrong, that privilege and protection makes fixing …
DOWNLOAD -
Acquisition Archetypes: PMO versus Contractor Hostility
• White Paper
By None
Everyone intends the best in project-driven marriages of PMOs and contractors, but good intentions can't overcome the hostility generated by loss of trust and squabbles in poorly developed relationships.
DOWNLOAD -
Acquisition Archetypes: Firefighting
• White Paper
By None
All hands on deck helps put out the immediate blazes threatening projects, but falling into a routine of constant firefighting is not the way to guide a project across the …
DOWNLOAD -
Maximizing your Process Improvement ROI through Harmonization
• White Paper
By Lisa Marino, Jeannine Siviy, Patrick Kirwan, John Morley
This white paper is an executive overview of the business value in harmonizing process improvement efforts when multiple improvement technologies, models and standards are in use.
DOWNLOAD -
Lessons Learned Applying the Mission Diagnostic
• Technical Note
By Christopher J. Alberts, Audrey J. Dorofee, Lisa Marino
This technical note describes the adaptation of the Mission Diagnostic (MD) necessary for a customer and the lessons we learned from its use.
DOWNLOAD -
Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success
• Technical Report
By Lisa Marino, Audrey J. Dorofee, Christopher J. Alberts
This 2008 document describes the core set of activities and outputs that defines mission diagnostic protocol (MDP).
DOWNLOAD -
Models for Evaluating and Improving Architecture Competence
• Technical Report
By Mark H. Klein, Len Bass, Paul C. Clements, Rick Kazman
This report outlines the concepts of software architecture competence and describes four models for explaining, measuring, and improving the architecture competence of an individual or a software-producing organization.
DOWNLOAD -
Incident Management Mission Diagnostic Method, Version 1.0
• Technical Report
By Georgia Killcrece, Mark Zajicek, Robin Ruefle, Audrey J. Dorofee
This report is superseded by the Mission Risk Diagnostic for Incident Management Capabilities, CMU/SEI-2014-TN-004.
DOWNLOAD -
ASSIP Study of Real-Time Safety-Critical Embedded Software-Intensive System Engineering Practices
• Special Report
By Peter H. Feiler, Dionisio de Niz
This report presents findings of a study of RTSCE software-intensive systems issues and develop recommendations for effectively dealing with those issues.
DOWNLOAD -
On the Anonymization and Deanonymization of NetFlow Traffic
• White Paper
By Michalis Foukarakis (Institute of Computer Science), Evangelos P. Markatos (Institute of Computer Science), Demetres Antoniades (Institute of Computer Science)
In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.
DOWNLOAD -
Assessing Disclosure Risk in Anonymized Datasets
• White Paper
By Michele Bezzi (ATL), Alexi Kounine (EPFL)
In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.
DOWNLOAD -
Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing
• White Paper
By Will Dormann, Daniel Plakosh
In this 2008 paper, the authors explore results of a test of a large number of Active X controls, which provides insight into the current state of ActiveX security.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector Executive Summary
• White Paper
By None
In this paper, the authors present the findings of research examining reported insider incidents in information technology and telecommunications sectors.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity in the Government Sector Executive Summary
• White Paper
By None
In this paper, the authors present the findings of a research effort to examine reported insider incidents within the government sector.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
• White Paper
By Dawn Cappelli, Andrew P. Moore, Eileen Kowalski (United States Secret Service)
In this paper, the authors present the findings of research examining reported insider incidents in the information technology and telecommunications sectors.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity in the Government Sector
• White Paper
By Andrew P. Moore, Eileen Kowalski (United States Secret Service), Dawn Cappelli, Bradford J. Willke
In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.
DOWNLOAD -
T-Check in Technologies for Interoperability: Web Services and Security—Single Sign-On
• Technical Note
By Saul Jaspan, Lutz Wrage, Soumya Simanta, Grace Lewis
This technical note presents the results of applying the T-Check approach in an initial investigation of two Web services standards, WS-Security and SAML, to create an SSO solution that works …
DOWNLOAD -
Moving Up the CMMI Capability and Maturity Levels Using Simulation
• Technical Report
By David M. Raffo (Portland State University), Wayne Wakeland (Portland State University)
This report shows examples of how PSIM has been implemented within industry and government organizations to improve process consistency and results.
DOWNLOAD -
Using the Vickrey-Clarke-Groves Auction Mechanism for Enhanced Bandwidth Allocation in Tactical Data Networks
• Technical Report
By Kurt C. Wallnau, Mark H. Klein, Daniel Plakosh
This report describes an investigation of the potential for using computational mechanisms to improve the quality of a combat group's common operating picture, in a setting where network bandwidth is …
DOWNLOAD -
Handling Interdependent Values in an Auction Mechanism for Bandwidth Allocation in Tactical Data Networks
• White Paper
By Kurt C. Wallnau, Mark H. Klein, Daniel Plakosh, Gabriel Moreno
This paper introduces a mechanism that achieves efficient bandwidth allocation and provides incentive compatibility by conditioning payments on the realized value for data shared between agents.
DOWNLOAD -
The State of Information Security Law: A Focus on the Key Legal Trends
• White Paper
By Tom Smedinghoff (Wildman Harrold)
This paper provides information about the expanding duty to provide security and the emergency of a legal obligation for compliance.
DOWNLOAD -
Diagrams and Languages for Model-Based Software Engineering of Embedded Systems: UML and AADL
• White Paper
By Dionisio de Niz
The tools compared in this discussion, the Unified Modeling Language (UML) and the Architecture Analysis and Design Language (AADL), facilitate the modeling of software architecture and provide elements to understand …
DOWNLOAD -
Basic Principles and Concepts for Achieving Quality Parent
• Technical Note
By Matt Fisher, Emanuel R. Baker
This report extends the quality concepts first articulated in "A Software Quality Framework (SQF)" developed in the early 1980s for the DoD by Baker and colleagues.
DOWNLOAD -
Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)
• Technical Note
By Jörgen Hansson (University of Skovde), Peter H. Feiler
This 2007 report describes the ability of AADL to determine a lower bound for the worst-case end-to-end latency in a system.
DOWNLOAD -
Software-Intensive Systems Producibility: A Vision and Roadmap (v 0.1)
• Technical Note
By Grady Campbell
This 2007 document is a draft in progress of a technology vision and roadmap to improve the ability of the DoD and industry to deliver needed SiS capability in a …
DOWNLOAD -
Programmatic Interoperability
• Technical Note
By James Smith, B. Craig Meyers
This report introduces the concept of programmatic interoperability, which is the application of principles of interoperability to the acquisition management of systems. The report also discusses the orchestration of decisions …
DOWNLOAD -
Common Misconceptions About Service-Oriented Architecture
• White Paper
By Edwin J. Morris, Grace Lewis, Dennis B. Smith, Lutz Wrage, Soumya Simanta
This 2007 article from Crosstalk magazine suggests ways to more effectively address critical SOA issues that potential users, developers, and acquisition officers may have.
DOWNLOAD -
Traditional Chinese language translation of CMMI for Acquisition, V1.2
• White Paper
By None
The Traditional Chinese language translation of CMMI for Acquisition (CMMI-ACQ), V1.2.
DOWNLOAD -
Classifying Architectural Elements as a Foundation for Mechanism Matching
• White Paper
By Paul C. Clements, Rick Kazman, Len Bass
This paper presents a set of well-known but informally described software architectural elements used in system composition and taxonomizes them under a basic set of characteristic features.
DOWNLOAD -
A-Specification for the CMMI Product Suite, Version 1.7
• White Paper
By None
The A-Specification for the CMMI Product Suite (A-SPEC) defines the scope and requirements the CMMI Product Suite must meet to be considered acceptable.
DOWNLOAD -
A Survey of Systems Engineering Effectiveness: Initial Results
• Special Report
By Khaled El Emam, Dennis Goldenson, Joseph P. Elm, Nichole Donitelli, Angelica Neisa, The NDIA SE Effectiveness Committee
This survey quantifies the relationship between the application of systems engineering best practices to projects and the performance of those projects.
DOWNLOAD -
CMMI for Acquisition, Version 1.2
• Technical Report
By The CMMI Product Team
The CMMI-ACQ model provides guidance for the application of CMMI best practices by the acquirer.
DOWNLOAD -
Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations
• White Paper
By Rhiannon Weaver, M. P. Collins (Redjack)
In this paper, the authors describe addressing phishing problems by estimating population in terms of netblocks and by clustering phishing attempts into scams.
DOWNLOAD -
Acquisition Archetypes: The Bow Wave Effect
• White Paper
By None
From the Acquisition Support Program, one in a series of short papers on acquisition patterns of failure.
DOWNLOAD -
COTS and Reusable Software Management Planning: A Template for Life-Cycle Management
• Technical Report
By William Anderson, Mary C. Ward, Dennis B. Smith, Edwin J. Morris
This 2007 report presents a COTS and Reusable Software Management Plan that can serve as a guide for how to manage multiple COTS and other reusable software components in complex …
DOWNLOAD -
SCAMPI Lead Appraiser Body of Knowledge (SLA BOK)
• Technical Report
By Charlie Ryan, Sandra Behrens, Judah Mogilensky, Steve Masters
The SLA BOK identifies the competencies needed to carry out the method requirements and guidelines detailed in the MDD (Method Definition Document).
DOWNLOAD -
Hit-List Worm Detection and Bot Identification in Large Networks Using Protocol Graphs
• White Paper
By M. P. Collins (Redjack), Michael K. Reiter
In this paper, the authors present a novel method for detecting hit-list worms using protocol graphs.
DOWNLOAD -
Four Pillars of Service-Oriented Architecture
• White Paper
By Grace Lewis, Dennis B. Smith
This 2007 SEI whitepaper by Grace Lewis and Dennis B. Smith outlines four pillars to Service-Oriented Architecture (SOA) success.
DOWNLOAD -
Using ArchE in the Classroom: One Experience
• Technical Note
By Mark H. Klein, John McGregor, Felix Bachmann, Len Bass, Philip Bianco
The ArchE (Architecture Expert) tool serves as a software architecture design assistant. This report describes the use of a pre-alpha release of ArchE in a graduate-level software architecture class at …
DOWNLOAD -
Using Aspect-Oriented Programming to Enforce Architecture
• Technical Note
By Paulo Merson
This report illustrates how to use AOP (aspect-oriented programming) to ensure conformance to architectural design, proper use of design patterns and programming best practices, conformance to coding policies and naming …
DOWNLOAD -
Process Improvement Should Link to Security: SEPG 2007 Security Track Recap
• Technical Note
By Carol Woody
In this document, Carol Woody summarizes the content shared at the 2007 SEPG conference and steps underway toward ties between security and process improvement.
DOWNLOAD -
Ranged Integers for the C Programming Language
• Technical Note
By Shaun Hedrick, Jeff Gennari, Fred Long, Justin Pincar, Robert C. Seacord
In this 2007 report, the authors describe an extension to the C programming language to introduce the notion of ranged integers.
DOWNLOAD -
Certified Binaries for Software Components
• Technical Report
By Kurt C. Wallnau, James Ivers, Sagar Chaki, Noam Zeilberger, Peter Lee
In this report, the authors present an approach to certify binary code against expressive policies to achieve the benefits of PCC and CMC.
DOWNLOAD -
Modifiability Tactics
• Technical Report
By Felix Bachmann, Len Bass, Robert Nord
This report describes how architectural tactics are based on the parameters of quality attribute models.
DOWNLOAD -
Evaluating a Service-Oriented Architecture
• Technical Report
By Rick Kotermanski, Philip Bianco, Paulo Merson
This report contains technical information about SOA design considerations and tradeoffs that can help the architecture evaluator to identify and mitigate risks in a timely and effective manner.
DOWNLOAD -
Business Rules for CMMI Focus Topics
• White Paper
By The CMMI Product Team
This paper provides guidelines for organizations seeking to publish material related to any CMMI focus topics.
DOWNLOAD -
Governing for Enterprise Security (GES) Implementation Guide
• Technical Note
By Julia H. Allen, Jody R. Westby
In this 2007 report, the authors provide prescriptive guidance for creating and sustaining an enterprise security governance program.
DOWNLOAD -
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods
• Technical Note
By Nancy R. Mead
In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
DOWNLOAD -
System Strategies References
• White Paper
By Robert J. Ellison, Carol Woody
In this paper, the authors provide references related to system strategies.
DOWNLOAD -
Governing for Enterprise Security Implementation Guide: Sample Artifact Roles and Responsibilities for an Enterprise Security Program
• White Paper
By None
Governing for Enterprise Security Implementation Guide: Sample Artifact Roles and Responsibilities for an Enterprise Security Program
DOWNLOAD -
The Use of Malware Analysis in Support of Law Enforcement
• White Paper
By Ross Kinder
In this paper, Ross Kinder discusses how malware analysis supports the efforts of those pursuing adversaries employing malicious code in their tradecraft.
DOWNLOAD -
Introduction to the Architecture of the CMMI Framework
• Technical Note
By The CMMI Architecture Team
This 2007 document is an introduction to the CMMI Framework architecture, which guides how CMMI products are developed and integrated.
DOWNLOAD -
Dependability Modeling with the Architecture Analysis & Design Language (AADL)
• Technical Note
By Ana Rugina, Peter H. Feiler
This 2007 report explains the capabilities of the Error Model Annex and provides guidance on the use of the AADL and the error model in modeling dependability aspects of embedded …
DOWNLOAD -
Modeling of System Families
• Technical Note
By Peter H. Feiler
This report discusses how AADL can be used to model system families and configurations of system and component variants.
DOWNLOAD -
Results of SEI Independent Research and Development Projects (FY 2006)
• Technical Report
By Thomas A. Longstaff, James D. Herbsleb, Richard C. Linger (Oak Ridge National Laboratory), Peter Lee, James Ivers, William Anderson, Aaron Greenhouse, Philip J. Boxer, Matt Bass, Len Bass, Noam Zeilberger, J. Wing, Jörgen Hansson (University of Skovde), Gwendolyn H. Walton, Kurt C. Wallnau, James Smith, Carol Sledge, Mike Phillips, B. Craig Meyers, Pratyusa K. Manadhata, David Fisher, Peter H. Feiler, Sagar Chaki, Lisa Brownsword, Christopher J. Alberts, Eileen C. Forrester, Suzanne Miller
This report describes the IRAD projects that were conducted during fiscal year 2006 (October 2005 through September 2006).
DOWNLOAD -
Developing AADL Models for Control Systems: A Practitioner's Guide
• Technical Report
By John J. Hudak, Peter H. Feiler
This 2007 document helps practitioners use AADL and describes an approach for and the mechanics of constructing an architectural model that can be analyzed based on the AADL.
DOWNLOAD -
Progress Toward an Organic Software Architecture Capability in the U.S. Army
• Technical Report
By Stephen Blanchette, Jr., John K. Bergey
This 2007 report describes the Software Architecture Initiative of the Army Strategic Software Improvement Program.
DOWNLOAD -
Case Study: Accelerating Process Improvement by Integrating the TSP and CMMI
• Technical Report
By Jim McHale, Daniel S. Wall, Marsha Pomeroy-Huff
This report describes how two NAVAIR organizations integrated the use of the TSP methodology and the CMM framework to progress from maturity level 1 to maturity level 4 in 30 …
DOWNLOAD -
SAAM: A Method for Analyzing the Properties of Software Architectures
• White Paper
By Rick Kazman, Mike Webb (Texas Instruments), Gregory Abowd, Len Bass
This paper describes three perspectives by which we can understand the description of a software architecture and proposes a five-step method for analyzing software architectures called SAAM (Software Architecture Analysis …
DOWNLOAD -
Quality-Attribute-Based Economic Valuation of Architectural Patterns
• Technical Report
By Mark H. Klein, Ipek Ozkaya, Rick Kazman
This report shows how an analysis of the options embodied within architectural patterns allows a software and system architect or manager to make reasoned choices about the future value of …
DOWNLOAD -
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes
• Technical Report
By Lisa R. Young, William R. Wilson, David W. White, Charles M. Wallen, James F. Stevens, Richard A. Caralli
In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
DOWNLOAD -
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process
• Technical Report
By William R. Wilson, Richard A. Caralli, Lisa R. Young, James F. Stevens
In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
DOWNLOAD -
Function Extraction: Automated Behavior Computation for Aerospace Software Verification and Certification
• White Paper
By Tim Daly, Stacy J. Prowell, Richard C. Linger (Oak Ridge National Laboratory)
This paper describes verification and certification challenges for avionics software.
DOWNLOAD -
Copper Manual, Tutorial, and Specification Grammar
• White Paper
By Sagar Chaki
Copper is a software model checker for concurrent message-passing C programs.
DOWNLOAD -
T-Check for Technologies for Interoperability: Open Grid Services Architecture (OGSA)—Part 1 Parent SEI Program
• Technical Note
By Lutz Wrage, Soumya Simanta, Grace Lewis
This report investigates Open Grid Services Architecture (OGSA), one of the many technologies for accomplishing interoperability, using the T-Check technique.
DOWNLOAD -
Governing for Enterprise Security (GES) Implementation Guide Article 3: Enterprise Security Governance Activities
• White Paper
By Julia H. Allen, Jody R. Westby
Governing for Enterprise Security (GES) Implementation Guide Article 3: Enterprise Security Governance Activities
DOWNLOAD -
Governing for Enterprise Security (GES) Implementation Guide Article 2: Defining an Effective Enterprise Security Program (ESP)
• White Paper
By None
Governing for Enterprise Security (GES) Implementation Guide Article 2: Defining an Effective Enterprise Security Program (ESP)
DOWNLOAD -
Global Information Grid Survivability: Four Studies
• Special Report
By Jennifer R. Franks, Dawn Day, Richard C. Ciampa, Christopher T. Tsuboi
Four studies from 2006 that explore an issue relevant to the survivability of networks which are systems of systems.
DOWNLOAD -
Modeling and Analysis of Information Technology Change and Access Controls in the Business Context
• Technical Note
By Rohit S. Antao, Andrew P. Moore
In this report, the authors describe progress in developing a system dynamics model of typical use of change and access controls to support IT operations.
DOWNLOAD -
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
• Technical Note
By Andrew P. Moore, Timothy J. Shimeall, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke, Dawn Cappelli, Akash G. Desai (Information Networking Institute, Carnegie Mellon University)
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
DOWNLOAD -
+SAFE, V1.2: A Safety Extension to CMMI-DEV, V1.2
• Technical Note
By Defence Materiel Organisation, Australian Department of Defence
This technical report describes how to use +SAFE to appraise an organization's capability in developing, sustaining, maintaining, and managing safety-critical products.
DOWNLOAD -
Executive Overview of SEI MOSAIC: Managing for Success Using a Risk-Based Approach
• Technical Note
By Audrey J. Dorofee, Lisa Marino, Christopher J. Alberts
This 2007 report provides an overview of the concepts and foundations of MOSAIC, a suite of advanced, risk-based analysis methods for assessing complex, distributed programs, processes, and information-technology systems.
DOWNLOAD -
Understanding and Leveraging a Supplier's CMMI Efforts: A Guidebook for Acquirers
• Technical Report
By The CMMI Guidebook for Acquirers Team
This guidebook is designed to help acquisition organizations benefit from their suppliers' use of CMMI for Development, a collection of best practices that addresses product development and maintenance activities throughout …
DOWNLOAD -
Governing for Enterprise Security (GES) Implementation Guide Article 1: Characteristics of Effective Security Governance1
• White Paper
By Jody R. Westby, Julia H. Allen
Governing for Enterprise Security (GES) Implementation Guide Article 1: Characteristics of Effective Security Governance1
DOWNLOAD -
A Practical Example of Applying Attribute-Driven Design (ADD), Version 2.0
• Technical Report
By William Wood
This 2007 report describes an example application of the ADD method, an approach to defining a software architecture in which the design process is based on the quality attribute requirements …
DOWNLOAD -
Defining Computer Security Incident Response Teams
• White Paper
By Robin Ruefle
In this paper, Robin Ruefle describes the purpose and goals of a computer security incident response team (CSIRT).
DOWNLOAD -
Penetration Testing Tools
• White Paper
By Ken Van Wyk (No Affiliation)
In this paper, Ken van Wyk provides a primer on the most commonly used tools for traditional penetration testing.
DOWNLOAD -
CERT® Resiliency Engineering Framework
• White Paper
By None
In this paper, the authors answer commonly asked questions about the CERT Resiliency Engineering Framework project.
DOWNLOAD -
Instructional Case of Insider Threat in the SDLC: The Case of InsureACure, Inc.
• White Paper
By None
In this paper, the authors provide an instructional case of insider threat in the systems development lifecycle.
DOWNLOAD -
A Proposed Taxonomy for Software Development Risks for High-Performance Computing (HPC) Scientific/Engineering Applications
• Technical Note
By David Fisher, Dale B. Henderson, Jeffrey Carver, Douglass Post (DoD High Performance Computing Modernization Program), Richard Kendall
In this report, the authors classify the sources of software development risk for scientific/engineering applications.
DOWNLOAD -
Case Study of the NENE Code Project
• Technical Note
By Andrew Mark (DoD High Performance Computing Modernization Program), Richard Kendall, Douglass Post (DoD High Performance Computing Modernization Program)
This report outlines the case studies of high-performance code development projects. This is the fifth case study in this series.
DOWNLOAD -
Conditions for Achieving Network-Centric Operations in Systems of Systems
• Technical Note
By David Fisher, B. Craig Meyers, Patrick R. Place
This 2007 report lists conditions that must prevail to achieve effective acquisition, development, and use of systems of systems.
DOWNLOAD -
Interpreting Capability Maturity Model Integration (CMMI) for Business Development Organizations in the Government and Industrial Business Sectors
• Technical Note
By Donald R. Beynon
This 2007 interpretation of CMMI best practices is for business development activities applicable to contractors doing business within the government (Department of Defense) and industrial business sectors.
DOWNLOAD -
The State of Software Measurement Practice: Results of 2006 Survey
• Technical Report
By Mark Kasunic
This paper reports the results of a February 2006 study to gauge the state of the practice in software measurement.
DOWNLOAD -
Technology Foundations for Computational Evaluation of Software Security Attributes
• Technical Report
By Richard C. Linger (Oak Ridge National Laboratory), Gwendolyn H. Walton, Thomas A. Longstaff
In this 2006 report, the authors describe foundations for computational security attributes technology.
DOWNLOAD -
Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
• Technical Report
By Dawn Cappelli, Randall F. Trzeciak, Eric D. Shaw, Stephen R. Band (Counterintelligence Field Activity - Behavioral Science Directorate), Andrew P. Moore, Lynn F. Fischer
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.
DOWNLOAD -
Action List for Developing a Computer Security Incident Response Team (CSIRT)
• White Paper
By None
In this paper, the authors summarize actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT).
DOWNLOAD -
Army ASSIP System-of-Systems Test Metrics Task
• Special Report
By Carol Sledge
This report contains presents the results of an effort to improve the acquisition of software-intensive systems by focusing on acquisition programs, people, and production/sustainment and by institutionalizing continuous improvement.
DOWNLOAD -
Schedule Considerations for Interoperable Acquisition
• Technical Note
By Carol Sledge, B. Craig Meyers
This 2006 report examines the issue of schedule considerations for interoperable acquisition.
DOWNLOAD -
Attribute-Driven Design (ADD), Version 2.0
• Technical Report
By William Wood, Paulo Merson, Paul C. Clements, Len Bass, Felix Bachmann, Robert Wojcik, Robert Nord
This report revises the steps of the Attribute-Driven Design (ADD) method and offers practical guidelines for carrying out each step.
DOWNLOAD -
A Traffic Analysis of a Small Private Network Compromised by an Online Gaming Host (White Paper)
• White Paper
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this paper, Ron McLeod describes a network traffic capture and analysis used to investigate network performance issues of a small private network.
DOWNLOAD -
System Requirements for Flow Processing
• White Paper
By Raj Srinivasan (Bivio Networks)
In this paper, Raj Srinivasan proposes an architecture that meets security requirements and is flexible enough to support future application needs.
DOWNLOAD -
Scalable Flow Analysis (White Paper)
• White Paper
By Abhishek Kumar (University of Maryland), Sapan Bhatia (Princeton)
In this paper, the authors present a new approach for summarization and analysis of flow records.
DOWNLOAD -
RAVE: The Retrospective Analysis and Visualization Engine
• White Paper
By John Prevost, Phil Groce
In this paper, the authors present RAVE as an analysis service provider.
DOWNLOAD -
The Effect of Packet Sampling on Anomaly Detection
• White Paper
By Martin May (Swiss Federal Institute of Technology (ETH)), Anukool Lakhina (Boston University), Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Bernhard Tellenbach (Swiss Federal Institute of Technology (ETH)), Daniela Brauckhoff (Swiss Federal Institute of Technology (ETH))
In this paper, the authors empirically evaluate the impact of sampling on anomaly detection.
DOWNLOAD -
Attribution and Aggregation of Network Flows for Security Analysis (White Paper)
• White Paper
By IanGregorioDe Souza (Dartmouth College), George Cybenko (Dartmouth College), Annarita Giani (UC Berkeley), Vincent Berk (Dartmouth College)
In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.
DOWNLOAD -
IPFIX/PSAMP: What Future Standards Can Offer to Network Security (White Paper)
• White Paper
By Tanja Zseby (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus), Elisa Boschi (Hitachi), Thomas Hirsch (Fraunhofer Fokus)
In this paper, the authors show how IPFIX and PSAMP can be used to support network security.
DOWNLOAD -
Identifying Anomalous Network Traffic Through the Use of Client Port Distribution
• White Paper
By Josh Goldfarb (US-CERT)
In this paper, Josh Goldfarb introduces an approach to IP flow analysis that examines server ports and client ports that exchange flows with them.
DOWNLOAD -
Anomaly Detection Through Blind Flow Analysis Inside a Local Network (White Paper)
• White Paper
By Vagishwari Nagaonkar (Wipro Technologies), Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this paper, the authors describe how hosts may be clustered into user workstations, servers, printers, and hosts compromised by worms.
DOWNLOAD -
An Examination of a Structural Modeling Risk Probe Technique
• Special Report
By Lisa Brownsword, William Anderson, Philip J. Boxer
This report examines a structural dynamic analysis modeling technique called Projective ANalysis (PAN) that was used on an interoperability technical probe of a NATO modernization program.
DOWNLOAD -
System-of-Systems Governance: New Patterns of Thought
• Technical Note
By Patrick R. Place, Edwin J. Morris, Dennis B. Smith
This 2006 technical note examines the ways in which six key characteristics of good IT governance are affected by the autonomy of individual systems in a system of systems.
DOWNLOAD -
Topics in Interoperability: Structural Programmatics in a System of Systems
• Technical Note
By James Smith
This technical note presents a case study on how choices of structural programmatics (e.g., hierarchical or peer-to-peer organization, centralized or decentralized execution) affect programmatic interoperability in complex systems of systems.
DOWNLOAD -
Next-Generation Software Engineering: Function Extraction for Computation of Software Behavior
• White Paper
By Richard C. Linger (Oak Ridge National Laboratory), Alan R. Hevner (University of South Florida), Gwendolyn H. Walton
This white paper discusses function extraction FX technology.
DOWNLOAD -
Finding Peer-To-Peer File-Sharing Using Coarse Network Behaviors?
• White Paper
By Michael K. Reiter, Michael Collins
In this paper, the authors propose a set of tests for identifying masqueraded peer-to-peer file-sharing based on traffic summaries (flows).
DOWNLOAD -
Quantitative Methods for Software Selection and Evaluation
• Technical Note
By Michael S. Bandor
This 2006 report describes methods for selecting candidate commercial off-the-shelf packages for further evaluation, possible methods for evaluation, and other factors besides requirements to be considered.
DOWNLOAD -
Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks
• Technical Note
By Howard F. Lipson
In this 2006 report, Howard Lipson uses an example to illustrate the critical importance of evolutionary design changes in secure and survivable systems.
DOWNLOAD -
Assume-Guarantee Reasoning for Deadlock
• Technical Note
By Nishant Sinha, Sagar Chaki
This report shows how L^F can be used for compositional regular failure language containment and deadlock detection, using non-circular and circular assume-guarantee rules.
DOWNLOAD -
Certifying the Absence of Buffer Overflows
• Technical Note
By Sagar Chaki, Scott Hissam
In this report, the authors present a technique for certifying the safety of buffer manipulations in C programs.
DOWNLOAD -
Interoperable Acquisition for Systems of Systems: The Challenges
• Technical Note
By Mike Phillips, James Smith
This 2006 report explores how systems-of-systems realities necessitate changes in the processes used to acquire, develop, field, and sustain operational capability.
DOWNLOAD -
Risk Themes Discovered Through Architecture Evaluations
• Technical Report
By David Zubrow, Len Bass, William Wood, Robert Nord
This 2006 report analyzes the output of 18 evaluations conducted using the Architecture Tradeoff Analysis (ATAM). The goal of the analysis was to find patterns in the risk themes identified …
DOWNLOAD -
French language translation of CMMI for Development, V1.2
• White Paper
By None
The French language translation of CMMI for Development (CMMI-DEV), V1.2.
DOWNLOAD -
Traditional Chinese language translation of CMMI for Development, V1.2
• White Paper
By None
The Traditional Chinese language translation of CMMI for Development (CMMI-DEV), V1.2.
DOWNLOAD -
Security in the Software Lifecycle
• White Paper
By None
Security in the Software Lifecycle: Making Software Development Processes--and Software Produced by Them--More Secure (Draft).
DOWNLOAD -
Portuguese language translation of CMMI for Development, V1.2
• White Paper
By None
This is the Portuguese language translation of CMMI for Development, V1.2.
DOWNLOAD -
Workshop on Model-Driven Architecture and Program Generation
• Technical Note
By Kurt C. Wallnau, B. Craig Meyers, Grace Lewis
This report summarizes the results of a June 2006 workshop, held to explore business and technical aspects of program generation in the context of the Object Management Group's model-driven architecture …
DOWNLOAD -
Risk Management Considerations for Interoperable Acquisition
• Technical Note
By B. Craig Meyers
In this report, Craig Meyers addresses interoperable risk management, the interoperability of organizations that engage in risk management.
DOWNLOAD -
Techniques for Developing an Acquisition Strategy by Profiling Software Risks
• Technical Report
By Susan Kushner, Mary C. Ward, Joseph P. Elm
This report introduces a taxonomy of strategy drivers and strategy elements and provides a method for performing a comparative analysis of the strategy drivers and the resulting strategic choices for …
DOWNLOAD -
Performance Results of CMMI-Based Process Improvement
• Technical Report
By Dennis Goldenson, Diane Gibson, Keith Kost
This technical report summarizes much of the publicly available empirical evidence about the performance results that can occur as a consequence of CMMI-based process improvement.
DOWNLOAD -
CMMI for Development, Version 1.2
• Technical Report
By The CMMI Product Team
This report is an upgrade of CMMI-SE/SW/IPPD/SS, Version 1.1 and represents the model portion of the CMMI Product Suite.
DOWNLOAD -
Proceedings of the Second Software Architecture Technology User Network (SATURN) Workshop
• Technical Report
By Robert Nord
This report describes the second SATURN workshop format, discussion, and results, as well as plans for future SATURN workshops.
DOWNLOAD -
Appraisal Requirements for CMMI, Version 1.2 (ARC, V1.2)
• Technical Report
By SCAMPI Upgrade Team
The report defines the Appraisal Requirements for CMMI (ARC) V1.2 requirements that are considered to be essential to appraisal methods intended for use with Capability Maturity Model Integration (CMMI) models.
DOWNLOAD -
A Comparison of Requirements Specification Methods from a Software Architecture Perspective
• Technical Report
By Len Bass, Paul C. Clements, Raghvinder Sangwan, Paulo Merson, Ipek Ozkaya, John K. Bergey
In this report, five methods for the elicitation and expression of requirements are evaluated with respect to their ability to capture architecturally significant requirements.
DOWNLOAD -
Systems of Systems: Scaling Up the Development Process
• Technical Report
By Watts S. Humphrey
This report reviews the fundamental process and project-management problems of large-scale SoS-like programs and outlines steps to address these problems.
DOWNLOAD -
A Model for Opportunistic Network Exploits: The Case of P2P Worms
• White Paper
By Carrie Gates, Michael Collins
In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
DOWNLOAD -
Adapting CMMI for Acquisition Organizations: A Preliminary Report
• Special Report
By Kathryn M. Dodson (EDS), Deborah K. Yedlin (General Motors), Gowri S. Ramani (Hewlett Packard), Hubert F. Hofmann (General Motors)
This 2006 document presents the initial draft CMMI-ACQ, which adapts CMMI for acquisition organizations.
DOWNLOAD -
Information Assurance: Building Educational Capacity
• Special Report
By Carol Sledge
This 2006 report describes SEI and CERT Program efforts to increase the capacity of institutions of higher education to offer IA and IS courses.
DOWNLOAD -
Model Problems in Technologies for Interoperability: Web Services
• Technical Note
By Lutz Wrage, Grace Lewis
This 2006 report presents the results of applying the model problem approach in an initial investigation of the potential of Web services to enable interoperability.
DOWNLOAD -
Specifying Initial Design Review (IDR) and Final Design Review (FDR) Criteria
• Technical Note
By Mary Ann Lapham
This 2006 report presents definitions of IDR and FDR, their context in the acquisition life cycle, a comparison of engineering emphasis during IDR and FDR, IDR and FDR pre- and …
DOWNLOAD -
Joint Capabilities and System-of-Systems Solutions: A Case for Crossing Solution Domains
• Technical Note
By Mary M. Brown, Robert M. Flowe, William Anderson
This 2006 report presents a case for the investigation and adaptation of structural and dynamic modeling techniques to the engineering of systems of systems.
DOWNLOAD -
Security Quality Requirements Engineering (SQUARE): Case Study Phase III
• Special Report
By Don Ojoko-Adams, Frank Hung, Lydia Chung, Eric Hough, Nancy R. Mead
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
DOWNLOAD -
Sustaining Software-Intensive Systems
• Technical Note
By Mary Ann Lapham, Carol Woody
This 2006 report discusses questions about sustaining new and legacy systems; the report presents definitions, related issues, future considerations, and recommendations for sustaining software-intensive systems.
DOWNLOAD -
Applying OCTAVE: Practitioners Report
• Technical Note
By Carol Woody, Carol Myers (No Affiliation), Lisa R. Young, Johnathan Coleman (No Affiliation), Michael Fancher (No Affiliation)
In this report, the authors describe how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs.
DOWNLOAD -
PROxy Based Estimation (PROBE) for Structured Query Language (SQL)
• Technical Note
By Rob Schoedel
This 2006 report outlines a method for applying the PROxy Based Estimation (PROBE) technique to Structured Query Language (SQL).
DOWNLOAD -
Specifications for Managed Strings
• Technical Report
By Robert C. Seacord, Fred Long, Hal Burch
This report has been superseded by Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018).
DOWNLOAD -
Autonomic Computing
• Technical Note
By Hausi A. Muller (University of Victoria), William O'Brien, William Wood, Mark H. Klein
This report examines selected aspects of autonomic computing and explores some of the strengths and weaknesses of that technology.
DOWNLOAD -
Sustaining Operational Resiliency: A Process Improvement Approach to Security Management
• Technical Note
By Richard A. Caralli
In this 2006 report, Richard Caralli describes the fundamental elements and benefits of a process approach to security and operational resiliency.
DOWNLOAD -
Common Elements of Risk
• Technical Note
By Christopher J. Alberts
This technical note begins to define a foundation for effective risk management by identifying the basic elements of risk and exploring how these elements can affect the potential for mission …
DOWNLOAD -
Model Problems in Technologies for Interoperability: OWL Web Ontology Language for Services (OWL-S)
• Technical Note
By Chris Metcalf C., Grace Lewis
This 2006 report presents the results of applying the model problem approach to examine the feasibility of using OWL-S to allow applications to automatically discover, compose, and invoke services in …
DOWNLOAD -
System-of-Systems Navigator: An Approach for Managing System-of-Systems Interoperability
• Technical Note
By Patrick Kirwan, Edwin J. Morris, Lisa Brownsword, James Smith, David Fisher
This technical note introduces the System-of-Systems Navigator (SoS Navigator), the collection and codification of essential practices for building large-scale systems of systems.
DOWNLOAD -
Detecting Scans at the ISP Level
• Technical Report
By Josh McNutt, Marc I. Kellner, Joseph B. Kadane, Carrie Gates
In this 2006 report, the authors present an approach to detecting scans against, or passing through, very large networks.
DOWNLOAD -
R2PL 2005 Proceedings of the First International Workshop on Reengineering Towards Product Lines
• Special Report
By Barbara Graaf, Rafael Capilla
This 2006 report contains the proceedings from the First International Workshop on Reengineering Towards Product Lines (R2PL) 2005, which was held in November 2005.
DOWNLOAD -
On System Scalability
• Technical Note
By Charles Weinstock, John B. Goodenough
This 2006 report presents an analysis of what is meant by scalability and a description of factors to be considered when assessing the potential for system scalability.
DOWNLOAD -
Toward Measures for Software Architectures
• Technical Note
By Robert Ferguson, Gary Chastek
In this 2006 report, the authors describe the results of a preliminary investigation into measures for software architecture.
DOWNLOAD -
Requirements Management in a System-of-Systems Context: A Workshop
• Technical Note
By Patrick R. Place, B. Craig Meyers, James Smith, Peter Capell
This 2006 report summarizes the results of a workshop focused on requirements management in a system of systems.
DOWNLOAD -
Product Line Acquisition in a DoD Organizational Guidance for Decision Makers
• Technical Note
By John K. Bergey, Sholom G. Cohen
This 2006 report chronicles the decisions a program manager might face in considering the adoption of a product line approach.
DOWNLOAD -
An Emergent Perspective on Interoperation in Systems of Systems
• Technical Report
By David Fisher
This 2006 report facilitates discussion and reasoning about interoperation within systems of systems by showing some of the interdependencies among systems, emergence, and interoperation.
DOWNLOAD -
The Influence of System Properties on Software Assurance and Project Management
• White Paper
By Robert J. Ellison
In this paper, Robert Ellison discusses characteristics of software and how they influence how software assurance should be managed.
DOWNLOAD -
The Architecture Analysis & Design Language (AADL): An Introduction
• Technical Note
By Peter H. Feiler, John J. Hudak, David P. Gluch
This 2006 report provides an introduction to the AADL, a modeling language that supports early and repeated analyses of a system's architecture with respect to performance-critical properties.
DOWNLOAD -
Acquiring Evolving Technologies: Web Services Standards
• Technical Note
By Liam O'Brien, Harry L. Levinson
This technical note discusses some of the challenges of using Web services standards and presents the results generated by an assessment tool used to track the appropriateness of using this …
DOWNLOAD -
SAT-Based Software Certification
• Technical Note
By Sagar Chaki
This 2006 report presents a technique that uses proofs to certify software.
DOWNLOAD -
2006 Tech Tip: UNIX Configuration Guidelines
• White Paper
By None
This tech tip contains information about UNIX configuration guidelines.
DOWNLOAD -
Proceedings of the First International Research Workshop for Process Improvement in Small Settings, 2005
• Special Report
By Suzanne Miller, Keith Kost, Caroline Graettinger
This 2006 report includes papers from the Proceedings of the First International Research Workshop for Process Improvement in Small Settings workshop, and presents conclusions and next steps for process improvement …
DOWNLOAD -
Incident Management
• White Paper
By Georgia Killcrece
In this paper, the author describes incident management capability and what it implies for controlling security events and incidents.
DOWNLOAD -
Botnets as a Vehicle for Online Crime
• White Paper
By Aaron Hackworth, Nicholas Ianelli
In this paper, the authors describe the capabilities present in bot malware and the motivations for operating botnets.
DOWNLOAD -
Precise Buffer Overflow Detection via Model Checking
• White Paper
By Scott Hissam, Sagar Chaki
In this paper, the authors present an automated overflow detection technique based on model checking and iterative refinement.
DOWNLOAD -
Case Study: Accelerating Process Improvement by Integrating the TSP and CMMI
• Special Report
By Marsha Pomeroy-Huff, Jim McHale, Daniel S. Wall
This report describes how two NAVAIR organizations integrated the use of the Team Software Process methodology and the CMM framework to progress from Maturity Level 1 to Maturity Level 4 …
DOWNLOAD -
Relationships Between CMMI and Six Sigma
• Technical Note
By Mary Lynn Penn, Erin Harper, Jeannine Siviy
This 2005 report focuses on the joint use of two popular improvement initiatives: Capability Maturity Model Integration (CMMI) and Six Sigma.
DOWNLOAD -
Secure Software Development Life Cycle Processes: A Technology Scouting Report
• Technical Note
By Noopur Davis
The purpose of this 2005 technical note is to present overview information about existing processes, standards, life cycle models, frameworks, and methodologies that support or could support secure software development.
DOWNLOAD -
The CERT Function Extraction Experiment: Quantifying FX Impact on Software Comprehension and Verification
• Technical Note
By Richard C. Linger (Oak Ridge National Laboratory), Rosann W. Collins, Alan R. Hevner (University of South Florida), Gwendolyn H. Walton
In this report, the authors describe an experiment comparing traditional methods of comprehension with automated behavior computation using an FX prototype.
DOWNLOAD -
Verification of Evolving Software via Component Substitutability Analysis
• Technical Report
By Natasha Sharygina, Sagar Chaki, Edmund Clarke, Nishant Sinha
This 2005 report describes the application of the SEI Architecture Tradeoff Analysis Method (ATAM) to the U.S. Army's Warfighter Information Network-Tactical (WIN-T) system.
DOWNLOAD -
Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends (FY2005)
• Technical Report
By Charles Weinstock, Kurt C. Wallnau, Natasha Sharygina, John J. Hudak, Alan R. Hevner (University of South Florida), Jörgen Hansson (University of Skovde), Aaron Greenhouse, John B. Goodenough, Peter H. Feiler, Sagar Chaki, Lutz Wrage, Gwendolyn H. Walton, Rosann W. Collins, Rick Kazman, Richard C. Linger (Oak Ridge National Laboratory), Mark Pleszkoch, Stacy J. Prowell, Angel Jordan
This report describes the IR&D projects that were conducted during fiscal year 2005 (October 2004 through September 2005). In addition, this report provides information on what the SEI has learned …
DOWNLOAD -
Categorizing Business Goals for Software Architectures
• Technical Report
By Len Bass, Rick Kazman
This report provides a categorization of possible business goals for software-intensive systems, so that individuals have some guidance in the elicitation, expression, and documentation of business goals.
DOWNLOAD -
Survivability and Information Assurance Curriculum Lab Overview
• White Paper
By None
The overview provides information about the hardware and the software required for the lab in general and for each specific course. Other topics include configuration management, user identity and privileges, …
DOWNLOAD -
Survivability and Information Assurance Curriculum Overview
• White Paper
By None
The Survivability and Information Assurance (SIA) Curriculum is designed to teach experienced system administrators about security and ways to integrate security into their routine tasks.
DOWNLOAD -
Foundations of the Survivability and Information Assurance Curriculum
• White Paper
By None
This document highlights the foundations of the SIA Curriculum.
DOWNLOAD -
Safety-Critical Systems and the TSP
• Technical Note
By Watts S. Humphrey
This 2005 report provides a brief overview of recent work in software safety, discusses the problems and implications of using the TSP for developing safety-critical systems, and presents some conclusions.
DOWNLOAD -
Topics in Interoperability: Infrastructure Replacement in a System of Systems
• Technical Note
By David J. Carney, James Smith, Patrick R. Place
This technical note examines the Common Operations System (COS), a large aggregation of independently developed systems, and the risks posed to it by an infrastructure upgrade.
DOWNLOAD -
Topics in Interoperability: Concepts of Ownership and Their Significance in Systems of Systems
• Technical Note
By Patrick R. Place, David J. Carney, William Anderson
This technical note is a brief examination of the concept of ownership and the ways in which it might apply to systems of systems.
DOWNLOAD -
Security Quality Requirements Engineering Technical Report
• Technical Report
By Nancy R. Mead, Eric Hough, Ted Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
DOWNLOAD -
Software Product Lines: Experience from the Eighth DoD Software Product Line Workshop
• Technical Report
By John K. Bergey, Sholom G. Cohen, Patrick Donohoe, Lawrence G. Jones
This 2005 report summarizes the discussions from a 2005 PLP workshop in which participants shared DoD product line practices, experiences, and issues and discussed ways in which specific product line …
DOWNLOAD -
Software Vulnerabilities in Java
• Technical Note
By Fred Long
In this report, Fred Long briefly describes potential software vulnerabilities in Java version 5.
DOWNLOAD -
U.S. Army Acquisition: The Program Office Perspective
• Special Report
By None
This report documents the results of the interviews conducted during BFI engagements. These results are of interest to Program Executive Office staffs, Program Management Office staffs, and Department of Army …
DOWNLOAD -
VisFlowConnet-IP: An Animated Link Analysis Tool for Visualizing Netflows
• White Paper
By Xiaoxin Yin (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that allows operators to detect and investigate network traffic.
DOWNLOAD -
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (White Paper)
• White Paper
By None
In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
DOWNLOAD -
Identifying P2P Heavy-Hitters from Network-Flow Data
• White Paper
By Lukas Hammerle (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Thomas Dubendorfer (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Bernhard Plattner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this September 2005 paper, the authors present measurements done on a medium-sized internet backbone and discuss accuracy issues.
DOWNLOAD -
Flow-Data Compressibility Changes During Internet Worm Outbreaks
• White Paper
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this paper, Arno Wagner presents measurements and analysis done on a Swiss internet backbone during the Blaster and Witty internet worm outbreak.
DOWNLOAD -
A Proposed Translation Data Model for Flow Format Interoperability
• White Paper
By Brian Trammell
In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.
DOWNLOAD -
R: A Proposed Analysis and Visualization Environment for Network Security Data (White Paper)
• White Paper
By Josh McNutt
In this paper, Josh McNutt discusses the R statistical language as an analysis and visualization interface to SiLK flow analysis tools.
DOWNLOAD -
Correlations Between Quiescent Ports in Network Flows (White Paper)
• White Paper
By Markus Deshon, Josh McNutt
In this paper, the authors introduce a method for detecting the onset of anomalous port-specific activity by recognizing deviation from correlated activity.
DOWNLOAD -
CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)
• White Paper
By Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.
DOWNLOAD -
Detecting Distributed Attacks using Network-Wide Flow Traffic
• White Paper
By Anukool Lakhina (Boston University), Mark Crovella (Boston University), Chrisophe Diot (Intel)
In this paper, the authors present their methods for detecting distributed attacks in backbone networks using sampled flow traffic data.
DOWNLOAD -
IP Flow Information Export (IPFIX): Applicability and Future Suggestions for Network Security
• White Paper
By Tanja Zseby (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus), Thomas Hirsch (Fraunhofer Fokus), Elisa Boschi (Hitachi)
In this paper, the authors present the IPFIX protocol and discuss its applicability with a special focus on network security.
DOWNLOAD -
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (White Paper)
• White Paper
By None
In this paper, the authors describe NVisionIP, a NetFlow visualization tool.
DOWNLOAD -
Using the OPEN Process Framework to Produce a Situation-Specific Requirements Engineering Method
• White Paper
By Donald Firesmith, D. Zowghi, B. Henderson-Sellers
The OPEN Process Framework (or OPF) is an appropriate focused requirements engineering method (REM) that facilitates the search for a mechanism that will support the flexible creation of a number …
DOWNLOAD -
Covert Channel Detection Using Process Query Systems (White Paper)
• White Paper
By Vincent Berk (Dartmouth College)
In this FloCon 2005 presentation, the author uses traffic analysis to investigate a stealthy form of data exfiltration.
DOWNLOAD -
Building Information Assurance Educational Capacity: Pilot Efforts to Date
• Special Report
By Carol Sledge
In this report, Carol Sledge describes work to increase the capacity of educational institutions to offer and expand IA and IS topics and courses.
DOWNLOAD -
Quality Attributes and Service-Oriented Architectures
• Technical Note
By Liam O'Brien, Len Bass, Paulo Merson
This report examines the relationship between service-oriented architectures (SOAs) and quality attributes.
DOWNLOAD -
Using the SEI Architecture Tradeoff Analysis Method to Evaluate WIN-T: A Case Study
• Technical Note
By John K. Bergey, Paul C. Clements, Dave Mason
This report describes the application of the SEI ATAM (Architecture Tradeoff Analysis Method) to the U.S. Army's Warfighter Information Network-Tactical (WIN-T) system.
DOWNLOAD -
SMART: The Service-Oriented Migration and Reuse Technique
• Technical Note
By Liam O'Brien, Lutz Wrage, Dennis B. Smith, Grace Lewis, Edwin J. Morris
This document has been superseded by CMU/SEI-2008-TN-008, SMART: Analyzing the Reuse Potential of Legacy Components in a Service-Oriented Architecture Environment.
DOWNLOAD -
Elements of a Usability Reasoning Framework
• Technical Note
By Jinhee Lee, Len Bass
This note describes an ARL implementation of two usability scenarios: displaying progress feedback and allowing cancel.
DOWNLOAD -
Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments
• Technical Note
By Audrey J. Dorofee, Christopher J. Alberts
In this 2005 report, the authors present concepts and theories underlying the Mission Assurance Analysis Protocol.
DOWNLOAD -
Integrated Diagnostics: Operational Missions, Diagnostic Types, Characteristics, and Capability Gaps
• Technical Note
By Theodore F. Marz
This 2005 report attempts to fill in these gaps in knowledge and experience by presenting an overview of the operational diagnostic life cycle of a system.
DOWNLOAD -
A Taxonomy of Operational Risks
• Technical Note
By Ray C. Williams, Susan Kushner, Brian P. Gallagher, Pamela J. Case, Rita C. Creel
This report presents a taxonomy-based method for identifying and classifying risks to operational aspects of an enterprise.
DOWNLOAD -
Proceedings of the First Software Architecture Technology User Network (SATURN) Workshop
• Technical Note
By Linda M. Northrop, Len Bass, Paul C. Clements, Robert Nord, James E. Tomayko
This report describes the format, discussion, and results of the first SATURN workshop, and outlines the plans for future SATURN workshops.
DOWNLOAD -
Lessons Learned Model Checking an Industrial Communications Library
• Technical Note
By James Ivers
This 2005 report describes the application of a reasoning framework to the design of an industrial communications library and the problems that were found.
DOWNLOAD -
Experience Using the Web-Based Tool Wiki for Architecture Documentation
• Technical Note
By Felix Bachmann, Paulo Merson
This 2005 report discusses the benefits and challenges of using a wiki-based collaborative environment to create software architecture documentation.
DOWNLOAD -
Exploring Programmatic Interoperability: Army Future Force Workshop
• Technical Note
By B. Craig Meyers
This report documents the proceedings of the Future Force Workshop held at the SEI in 2004.
DOWNLOAD -
SAT-Based Predicate Abstraction of Programs
• Technical Report
By Karen Yorav (IBM), Edmund Clarke, Daniel Kroening, Natasha Sharygina
This note presents technical details of a SAT-based predicate abstraction technique used in ComFoRT (component formal reasoning technology).
DOWNLOAD -
Variability in Software Product Lines
• Technical Report
By Felix Bachmann, Paul C. Clements
This 2005 report describes the concepts needed when creating core assets with included variability. These concepts provide guidelines to core asset creators on how to model the variability explicitly, so …
DOWNLOAD -
QuARS: A Tool for Analyzing Requirement
• Technical Report
By Giuseppe Lami
This 2005 report describes a disciplined method and a related automated tool that can be used for the analysis of natural language requirements documents.
DOWNLOAD -
Preparing for Automated Derivation of Products in a Software Product Line
• Technical Report
By John McGregor
This 2005 report provides an end-to-end view of the activities that are needed to support the automatic derivation of products within a software product line.
DOWNLOAD -
The U.S. Army's Common Avionics Architecture System (CAAS) Product Line: A Case Study
• Technical Report
By Paul C. Clements, John K. Bergey
This report offers a case study of organizations that have adopted a software product line approach for developing a family of software-intensive systems.
DOWNLOAD -
Limits to Effectiveness in Computer Security Incident Response Teams
• White Paper
By Jose J. Gonzalez (Agder University College Norway), Johannes Wiik (Agder University College Norway)
In this paper, the authors present an attempt to gain a better understanding of how a CSIRT can handle a growing work load with limited resources.
DOWNLOAD -
Information Technology: Programming Languages, Their Environments and System Software Interfaces: Specification for Managed Strings
• White Paper
By Fred Long, Robert C. Seacord
In this paper, the authors present a standard specification for managed strings.
DOWNLOAD -
Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
• White Paper
By Thomas R. Stewart (University at Albany State University of New York), Timothy J. Shimeall, Robert J. Ellison, Jose J. Gonzalez (Agder University College Norway), Andrew P. Moore, Eliot Rich (University at Albany State University of New York), Howard F. Lipson, Dave Mundie, Jose M. Sarriegui (University of Navarra Spain), Agata Sawicka (Agder University College Norway), Jose M. Torres (University of Navarra Spain), Elise A. Weaver (Worcester Polytechnic Institute), Johannes Wiik (Agder University College Norway), Ignacio J. Martinez-Moyano (University at Albany State University of New York), Paul Conrad, Dawn Cappelli, David F. Andersen (University at Albany State University of New York)
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.
DOWNLOAD -
Obtaining the Benefits of Predictable Assembly from Certifiable Components (PACC)
• White Paper
By Kurt C. Wallnau
PACC combines the complementary features of software architecture technology and software component technology to improve both engineering productivity and product quality in the design and implementation of quality-critical software systems.
DOWNLOAD -
The Personal Software Process (PSP) Body of Knowledge, Version 1.0
• Special Report
By Marsha Pomeroy-Huff, Julia L. Mullaney, Mark Sebern, Robert Cannon, Watts S. Humphrey
The body of knowledge contained in this report is designed to complement the IEEE Computer Society's Software Engineering Body of Knowledge (SWEBOK) by delineating the key skills and concepts that …
DOWNLOAD -
Self-Assessment and the CMMI-AM—A Guide for Government Program Managers
• Technical Note
By Stephen Blanchette, Jr., Kristi Keeler
This 2005 report provides program managers with general information about the CMMI-AM, details about the self-assessment technique, and the questions used in a self-assessment.
DOWNLOAD -
Some Current Approaches to Interoperability
• Technical Note
By Patrick R. Place, David J. Carney, Edwin J. Morris, David Fisher
This 2005 report examines some of the complexities of interoperability and some recent research approaches to achieving it.
DOWNLOAD -
Using Containers to Enforce Smart Constraints for Performance in Industrial Systems
• Technical Note
By Scott Hissam, Gabriel Moreno, Kurt C. Wallnau
This technical note shows how smart constraints can be embedded in software infrastructure, so that systems conforming to those constraints are predictable by construction.
DOWNLOAD -
The ComFoRT Reasoning Framework
• White Paper
By James Ivers, Sagar Chaki, Kurt C. Wallnau, Natasha Sharygina
Model checking is a promising technology for verifying critical behavior of software. However, software model checking is hamstrung by scalability issues and is difficult for software engineers to use directly. …
DOWNLOAD -
Comparing the SEI's Views and Beyond Approach for Documenting Software Architectures with ANSI-IEEE 1471-2000
• Technical Note
By Paul C. Clements
This report summarizes the V&B and 1471 approaches to architecture description, and shows how a software architecture document prepared using V&B can be made compliant with 1471.
DOWNLOAD -
Product Line Adoption in a CMMI Environment
• Technical Note
By Lawrence G. Jones, Linda M. Northrop
This 2005 technical note addresses product line adoption in the context of an organization that is using the CMMI models to guide its process improvement effort.
DOWNLOAD -
Reasoning Frameworks
• Technical Report
By Mark H. Klein, Len Bass, Paulo Merson, James Ivers
This report describes a vehicle for encapsulating the quality attribute knowledge needed to understand a system's quality behavior as a reasoning framework that can be used by nonexperts.
DOWNLOAD -
The Impact of Function Extraction Technology on Next-Generation Software Engineering
• Technical Report
By Stacy J. Prowell, Alan R. Hevner (University of South Florida), Richard C. Linger (Oak Ridge National Laboratory), Rosann W. Collins, Mark Pleszkoch, Gwendolyn H. Walton
In this 2005 report, the authors summarize FX research and development and investigates the impact of FX on software engineering.
DOWNLOAD -
Designing for Reuse of Configurable Logic
• Technical Report
By Joseph P. Elm
This 2005 report provides an overview of a generic FPGA firmware design process and identifies the resulting work products that may be suitable for reuse in future development efforts.
DOWNLOAD -
Word Level Predicate Abstraction and Refinement for Verifying RTL Verilog
• White Paper
By Daniel Kroening, Natasha Sharygina, Edmund Clarke
This paper proposes to use predicate abstraction for verifying RTL Verilog, a technique successfully used for software verification.
DOWNLOAD -
Advanced Security Reporting Systems for Large Network Situational Awareness
• White Paper
By Greg Virgin (Redjack), Michael Collins
In this paper, the authors describe the technologies that support an asset inventory system and enable a flexible, ad-hoc intrusion detection capability.
DOWNLOAD -
The CENTAUR System: Helping to Protect the NIPRNet
• White Paper
By Marc I. Kellner, Jeffrey Jaime (Applied Technology Unit, Joint Task Force - Global Network Operations, United States Strategic Command)
In this paper, the authors describe the CENTAUR system, which was developed to help DoD security analysts better understand and defend the NIPRNet.
DOWNLOAD -
Spyware
• White Paper
By Aaron Hackworth
In this 2005 paper, the authors give an overview of spyware, provide examples of common threats, and describe how to defend against spyware.
DOWNLOAD -
Report on Annual Regional Information Assurance Symposia
• Special Report
By Carol Sledge
In this report, Carol Sledge explains why the annual Regional Information Assurance Symposia is a key transition component of Regional Collaborative Clusters.
DOWNLOAD -
Using Earned Value Management (EVM) in Spiral Development
• Technical Note
By James Smith, Lisa Brownsword
This report explores the fundamental challenges in using Earned Value Management (EVM) with spiral development processes and proposes adaptations to some EVM principles to render it more suitable for today's …
DOWNLOAD -
Information Asset Profiling
• Technical Note
By Bradford J. Willke, James F. Stevens, Richard A. Caralli
In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
DOWNLOAD -
Governing for Enterprise Security
• Technical Note
By Julia H. Allen
In this 2005 report, Julia Allen examines governance thinking, principles, and approaches and applies them to the subject of enterprise security.
DOWNLOAD -
A Process for Context-Based Technology Evaluation
• Technical Note
By Lutz Wrage, Grace Lewis
This report describes a process called context-based evaluation that determines the fitness of a technology within a specific context.
DOWNLOAD -
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector
• Technical Report
By Dawn Cappelli, Michelle Keeney (United States Secret Service), Marissa R. Randazzo (United States Secret Service), Andrew P. Moore, Eileen Kowalski (United States Secret Service)
In this 2005 report, the authors outline the ITS, a study of insider incidents identified by public reporting or in fraud cases from the Secret Service.
DOWNLOAD -
Secret Service and CERT Release Report Analyzing Acts of Insider Sabotage via Computer Systems in Critical Infrastructure Sectors
• White Paper
By None
This press release is the second in a series of reports focusing on insider threats to information systems and data in critical infrastructure sectors.
DOWNLOAD -
2005 E-Crime Watch Survey Findings
• White Paper
By None
In this 2005 report, the authors summarize the results of the 2005 E-Crime Watch Survey, conducted to unearth electronic crime fighting trends and techniques.
DOWNLOAD -
Model Problems in Technologies for Interoperability: Model-Driven Architecture
• Technical Note
By Lutz Wrage, Grace Lewis
This 2005 report looks at Model-Driven Architecture (MDA) as one of many technologies for accomplishing interoperability.
DOWNLOAD -
A Taxonomy of Security-Related Requirements
• White Paper
By Donald Firesmith
This paper addresses the problems associated with a lack of a clear security taxonomy by identifying four different types of security-related requirements, providing them with clear definitions, and placing them …
DOWNLOAD -
Reflections on Software Agility and Agile Methods: Challenges, Dilemmas, and the Way Ahead
• White Paper
By Linda Levine
This 2005 whitepaper argues for that the shift toward agile models and methods signals a larger transformation in the workplace toward the organization of the 21st century. The transition is …
DOWNLOAD -
Method Engineering and COTS Evaluation
• White Paper
By B. Henderson-Sellers, Donald Firesmith, M. K. Serour, C. Gonzalez-Perez
This position paper argues that a successful COTS evaluation process should be based on the principles of method engineering (ME).
DOWNLOAD -
2005 E-Crime Watch Survey Results
• White Paper
By None
This paper summarizes the results of a survey conducted to gauge the current state of cybercrime.
DOWNLOAD -
Technical Trends in Phishing Attacks
• White Paper
By Jason Milletary
In this paper, Jason Milletary identifies technical capabilities used to conduct phishing scams, reviews trends, and discusses countermeasures.
DOWNLOAD -
System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II
• Special Report
By Ted Stehney II, Nancy R. Mead, Neha Wattas, Eugene Yu, Dan Gordon
In this report, the authors describe the second phase of an application of the SQUARE Methodology on an asset management system.
DOWNLOAD -
CMMI Acquisition Module (CMMI-AM), Version 1.1
• Technical Report
By Brian P. Gallagher, Hal Wilson, Roger Bate, Thomas Bernard
This report documents acquisition practices that should be performed by government acquisition projects acquiring systems or services.
DOWNLOAD -
Industry Best Practices in Achieving Service Oriented Architecture
• White Paper
By None
This document represents the first iteration of a conversation and is neither a complete nor exhaustive coverage of the evolving subject of SOA.
DOWNLOAD -
Pin Component Technology (V1.0) and Its C Interface
• Technical Note
By Scott Hissam, Kurt C. Wallnau, James Ivers, Daniel Plakosh
This 2005 report describes the main concepts of Pin and documents the C-language interface to Pin V1.0.
DOWNLOAD -
Robustness Testing of Software-Intensive Systems: Explanation and Guide
• Technical Note
By Kristi Keeler, Julie B. Cohen, Daniel Plakosh
This 2005 technical note provides guidance and procedures for performing robustness testing as part of DoD or federal acquisition programs that have a software component.
DOWNLOAD -
Mapping TSP to CMMI
• Technical Report
By Michael D. Konrad, Watts S. Humphrey, Daniel S. Wall, Jim McHale
This 2005 report provides an essential element to facilitate the adoption of the TSP in organizations using CMMI, namely, a mapping of ideal TSP practices into the specific and generic …
DOWNLOAD -
U.S. Army Acquisition: The Program Executive Officer Perspective
• Special Report
By Stephen Blanchette, Jr.
The U.S. Army Strategic Software Improvement Program (ASSIP) is a multi-year effort to improve the way the Army acquires software-intensive systems. As part of the ASSIP, the Carnegie Mellon Software …
DOWNLOAD -
Topics in Interoperability: System-of-Systems Evolution
• Technical Note
By Patrick R. Place, David J. Carney, David Fisher
This report - the first in a series of reports on interoperability - examines how interoperable systems of systems evolve.
DOWNLOAD -
Eliciting and Analyzing Quality Requirements: Management Influences on Software Quality Requirements
• Technical Note
By Carol Woody
In this 2005 report, Carol Woody documents how environments for system development can support or reject improved quality requirements elicitation mechanisms.
DOWNLOAD -
Software Product Lines: Experiences from the Seventh DoD Software Product Line Workshop
• Technical Report
By Sholom G. Cohen, Lawrence G. Jones, Patrick Donohoe, John K. Bergey
This 2005 report summarizes discussions and presentations from the Seventh Department of Defense (DoD) Product Line Practice Workshop.
DOWNLOAD -
Software Process Improvement Journey: IBM Australia Application Management Services
• Technical Report
By Colin Connaughton, Robyn Nichols
This report describes the work of the 2004 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
Including Interoperability in the Acquisition Process
• Technical Report
By Linda Levine, James Smith, B. Craig Meyers, Ira Monarch
This 2005 report explores achieving interoperability in the acquisition process.
DOWNLOAD -
Interpreting SCAMPI for a People CMM Appraisal at Tata Consultancy Services
• Special Report
By Will Hayes, Gian Wemyss, Sally Miller, Jack R. Ferguson, Bill Curtis (CAST Research Labs), William E. Hefley, Ron Radice
This 2005 report includes the draft interpretation guide used for four mini-appraisal pilots and the final enterprise-wide Class A appraisal at Tata Consultancy Services (TCS).
DOWNLOAD -
Software Architecture in DoD Acquisition: An Approach and Language for a Software Development Plan
• Technical Note
By John K. Bergey, Paul C. Clements
This report discusses the Software Development Plan (SDP), providing an example approach and corresponding SDP language that enable software architecture to play a central role in the technical and organizational …
DOWNLOAD -
Software Architecture in DoD Acquisition: A Reference Standard for a Software Architecture Document
• Technical Note
By John K. Bergey, Paul C. Clements
This report provides a reference standard for a Software Architecture Document (SAD). Acquisition organizations can use this to acquire documentation needed for communicating the architecture design and conducting software architecture …
DOWNLOAD -
The Structured Intuitive Model for Product Line Economics (SIMPLE)
• Technical Report
By John McGregor, Paul C. Clements, Sholom G. Cohen
This 2005 report presents SIMPLE, a general-purpose business model that supports the estimation of the costs and benefits in a product line development organization.
DOWNLOAD -
Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem
• White Paper
By Mohammad Mojtahedzadeh (Attune Group, Inc.), Timothy J. Shimeall, Jose J. Gonzalez (Agder University College Norway), Dawn Cappelli, Aldo Zagonel (University at Albany, Rockefeller College of Public Affairs and Policy), Andrew P. Moore, David F. Andersen (University at Albany State University of New York), Jeffrey M. Stanton (Syracuse University, School of Information Studies), Elise A. Weaver (Worcester Polytechnic Institute), Eliot Rich (University at Albany State University of New York), Jose M. Sarriegui (University of Navarra Spain)
This paper discusses the preliminary system dynamic maps of the insider cyber-threat and describes the main ideas behind the research proposal.
DOWNLOAD -
MAAP Information Sheet
• White Paper
By None
Information sheet on MAAP, a technique for assuring completion of defined missions by identifying and analyzing operational risks affecting mission-critical processes.
DOWNLOAD -
A Structured Approach to Classifying Security Vulnerabilities
• Technical Note
By Allen D. Householder, Robert C. Seacord
In this 2005 report, the authors propose a classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities.
DOWNLOAD -
2004 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 2004.
DOWNLOAD -
2004 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 2004.
DOWNLOAD -
CMMI-Based Professional Certifications: The Competency Lifecycle Framework
• Special Report
By Sandra Behrens, Steve Masters, Judah Mogilensky
This report describes how a competency life-cycle framework can be used as the basis for the CMMI-based professional certifications.
DOWNLOAD -
Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System
• Special Report
By Don Ojoko-Adams, Hassan Osman, Lilian Lopez, Marjon Dean, Nick Xie, Nancy R. Mead, Peter Chen
In this 2004 report, the authors describe the first case study that applied the SQUARE methodology to an organization.
DOWNLOAD -
Promising Technologies for Future Systems
• Technical Note
By Grace Lewis, Lutz Wrage, Edwin J. Morris
This 2004 report presents of a few of the many programs, technologies, and research efforts that are addressing the challenges faced by future systems.
DOWNLOAD -
Managing for Enterprise Security
• Technical Note
By William R. Wilson, Bradford J. Willke, James F. Stevens, Richard A. Caralli, Julia H. Allen
In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
DOWNLOAD -
Discovering Architectures from Running Systems: Lessons Learned
• Technical Report
By Hong Yan, Bradley Schmerl, Rick Kazman, David Garlan, Jonathan Aldrich
This report describes a technique that uses automatically generated runtime observations of an executing system to construct an architectural view of the system.
DOWNLOAD -
Approaches to Constructive Interoperability
• Technical Report
By Grace Lewis, Lutz Wrage
This report outlines several approaches to constructing systems of systems that have interoperability requirements, with respect to syntactic and semantic interoperability.
DOWNLOAD -
Rapid Integration Tools for Rapid Application Development A Case Study on Legacy Integration
• Technical Report
By Lakshimi P. Hari, Patrick R. Place, Amit Midha, Ravindra Singh
This 2004 report investigates the rapid integration tools available in the current market. The report presents a generic evaluation framework for identifying and evaluating rapid integration tools and an evaluation …
DOWNLOAD -
The Incident Object Description Exchange Format (IODEF) Implementation Guide
• White Paper
By Roman Danyliw
This document provides implementation guidelines for CSIRTs adopting the IODEF.
DOWNLOAD -
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies
• Technical Note
By Nancy R. Mead, Nick Xie, Hassan Osman, Lilian Lopez, Marjon Dean, Peter Chen, Don Ojoko-Adams
In this 2004 report, the authors describe a cost/benefit analysis for estimations in small companies' information security improvement projects.
DOWNLOAD -
Predicate Abstraction with Minimum Predicates
• White Paper
By Edmund Clarke, Sagar Chaki
Experiments show that predicate minimization can significantly reduce verification time and memory usage compared to earlier methods.
DOWNLOAD -
Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends (FY 2004)
• Technical Report
By Edwin J. Morris, Nancy R. Mead, Howard F. Lipson, Grace Lewis, Rick Kazman, Angel Jordan, Eileen C. Forrester, Donald Firesmith, Sven Dietrich, Carol Woody, William O'Brien, Dennis B. Smith, Jeannine Siviy, John K. Bergey, Charles Weinstock
This report describes the IR&D projects that were conducted during fiscal year 2004 (October 2003 through September 2004).
DOWNLOAD -
CMMI Interpretive Guidance Project: What We Learned
• Special Report
By Sandra Shrum, Gian Wemyss, Kenneth Smith, Mary Beth Chrissis, Michael D. Konrad
This report summarizes the results of the Capability Maturity Model Integration (CMMI) Interpretive Guidance Project, and summarizes and analyzes 7500 comments received regarding CMMI adoption that were reported by CMMI …
DOWNLOAD -
Illuminating Patterns of Perception: An Overview of Q Methodology
• Technical Note
By Mary M. Brown
This 2004 technical note describes ways for applying Q methodology, a research method with a proven history for illuminating agreement and differences among individual and group perceptions, to assist software …
DOWNLOAD -
Defining Incident Management Processes for CSIRTs: A Work in Progress
• Technical Report
By Robin Ruefle, Audrey J. Dorofee, Christopher J. Alberts, Mark Zajicek, Georgia Killcrece
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
DOWNLOAD -
Measurement and Analysis: What Can and Does Go Wrong?
• White Paper
By Maureen Brown (University of North Carolina), Dennis Goldenson
Analyses of more than 1350 findings drawn from 663 Software CMM appraisals suggest several areas where both managers and engineers would benefit from better guidance about the proper use of …
DOWNLOAD -
A Taxonomy of Safety-Related Requirements
• White Paper
By Donald Firesmith
This paper describes a taxonomy of different kinds of safety-related requirements, and clearly and briefly defines and describes each of them.
DOWNLOAD -
A Roadmap of Risk Diagnostic Methods: Developing an Integrated View of Risk Identification and Analysis Techniques
• Technical Note
By Kate Ambrose, Ray C. Williams, Laura Bentrem
This technical note describes the characteristics that determine whether a risk diagnostic method qualifies for the roadmap. It also describes the characteristics of diagnostic methods that do not qualify for …
DOWNLOAD -
Code of Professional Conduct for SEI Services, Version 1.0
• Special Report
By Richard Cox
This report provides a set of expectations and practices for those operating under license or other applicable agreement with Carnegie Mellon University, acting through its Software Engineering Institute.
DOWNLOAD -
Benefits of Improvement Efforts
• Special Report
By Peter Capell
This special report surveys the process improvement efforts undertaken by programs and projects that incorporate software-intensive systems.
DOWNLOAD -
Risk Based Diagnostics
• Technical Note
By Ray C. Williams, Tom Merendino, Laura Bentrem, Kate Ambrose
The SEI has constructed a tentative "roadmap" for personnel involved in the systems and software acquisition community. This report describes the characteristics that determine whether a risk diagnostic method qualifies …
DOWNLOAD -
Security and Survivability Reasoning Frameworks and Architectural Design Tactics
• Technical Note
By Andrew P. Moore, Felix Bachmann, Mark H. Klein, Len Bass, Robert J. Ellison
In this report, the authors describe an approach to disciplined software architecture design for the related quality attributes of security and survivability.
DOWNLOAD -
Applications of the Indicator Template for Measurement and Analysis
• Technical Note
By Wolfhart B. Goethert, Jeannine Siviy
This report presents guidance for adapting and completing an indicator template--an SEI-developed tool to describe an indicator's construction, interpretation, and how it can be best utilized.
DOWNLOAD -
Software Component Certification: 10 Useful Distinctions
• Technical Note
By Kurt C. Wallnau
This 2004 report discusses 10 useful distinctions that can help in understanding different aspects of certification in the context of software components.
DOWNLOAD -
Integrating Software-Architecture-Centric Methods into Extreme Programming (XP)
• Technical Note
By Robert Nord, Robert Wojcik, James E. Tomayko
The report presents a summary of XP (Extreme Programming) and examines the potential uses of the SEI's architecture-centric methods.
DOWNLOAD -
Creating and Using Software Architecture Documentation Using Web-Based Tool Support
• Technical Note
By Judith A. Stafford
This report describes a design prototype that demonstrates a web-based approach to creating, communicating, and using software architecture throughout the life of the system.
DOWNLOAD -
Software Process Improvement and Product Line Practice: Building on Your Process Improvement Infrastructure
• Technical Note
By Lawrence G. Jones
This 2004 report describes how a process improvement infrastructure can provide a foundation for product line adoption.
DOWNLOAD -
Performance Property Theories for Predictable Assembly from Certifiable Components (PACC)
• Technical Report
By Paulo Merson, Gabriel Moreno, Kurt C. Wallnau, John Lehoczky (Carnegie Mellon University), Scott Hissam, Mark H. Klein
This report develops a queueing-theoretic solution to predict, for a real-time system, the average-case latency of aperiodic tasks managed by a sporadic server.
DOWNLOAD -
Software Product Line Adoption Roadmap
• Technical Report
By Linda M. Northrop
This 2004 report introduces a variant of the Factory Pattern called the Adoption Factory pattern that provides a generic roadmap to guide a manageable, phased product line adoption strategy.
DOWNLOAD -
Steps for Creating National CSIRTs
• White Paper
By Georgia Killcrece
In this paper, Georgia Killcrece provides a high-level description of a National Computer Security Incident Response Team (NatCSIRT), its problems, and challenges.
DOWNLOAD -
Assumptions Management in Software Development
• Technical Note
By Grace Lewis, Teeraphong Mahatham, Lutz Wrage
This technical note explores assumptions management as a method for improving software quality.
DOWNLOAD -
Statistical Methods for Flow Data
• White Paper
By Joseph B. Kadane
In this presentation, Joseph B. Kadane discusses how Bayesian methods help make the logistic regression approach to scan data stable and operationally feasible.
DOWNLOAD -
Integrating the Quality Attribute Workshop (QAW) and the Attribute-Driven Design (ADD) Method
• Technical Note
By William Wood, Robert Nord, Paul C. Clements
This technical note reports on a proposal to integrate the SEI Quality Attribute Workshop (QAW) and the SEI Attribute-Driven Design (ADD) method.
DOWNLOAD -
A Model Problem for an Open Robotics Controller
• Technical Note
By Scott Hissam, Mark H. Klein
This report describes the model problem created to support the continued enhancement and development of the PECT reasoning frameworks for an industrial trial in the domain of industrial robotics.
DOWNLOAD -
A Process for COTS Software Product Evaluation
• Technical Report
By Edwin J. Morris, Tricia Oberndorf, Grace Lewis, Erin Harper, John Dean, Santiago Comella-Dorda
This 2004 report focuses on COTS product evaluations conducted for the purpose of selecting products to meet a known need in a system.
DOWNLOAD -
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management
• Technical Report
By Bradford J. Willke, Richard A. Caralli, James F. Stevens, William R. Wilson
In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
DOWNLOAD -
Integrating Software-Architecture-Centric Methods into the Rational Unified Process
• Technical Report
By Rick Kazman, James E. Tomayko, Robert Nord, Philippe Kruchten
This report presents a summary of the RUP (Rational Unified Process) and examines the potential uses of the SEI's architecture-centric methods.
DOWNLOAD -
Acquisition Overview: The Challenges
• White Paper
By Robert J. Ellison, Rita C. Creel
In this paper, the authors raise issues involving how systems are integrated to provide required capabilities.
DOWNLOAD -
Embedded Systems Architecture Analysis Using SAE AADL
• Technical Note
By Bruce Lewis (U.S. Army AMCOM), Peter H. Feiler, David P. Gluch, John J. Hudak
This 2004 report discusses the role and benefits of using the AADL in the process of analyzing an existing avionics system.
DOWNLOAD -
2004 E-Crime Watch Survey Findings
• White Paper
By None
In this report, the authors summarize the results of the 2004 E-Crime Watch Survey, conducted to unearth e-crime fighting trends and techniques.
DOWNLOAD -
An Empirical Analysis of Target-Resident DoS Filters
• White Paper
By Michael Collins, Michael K. Reiter
In this paper, the authors provide an empirical analysis of proposed techniques for filtering network traffic.
DOWNLOAD -
Software Patents: Innovation or Litigation?
• White Paper
By Linda Levine, Kurt M. Saunders
This paper summarizes the scope of patent protection in the European Union, the United States, and Japan. In doing so, it examines the patentability of computer software as inventions allowed …
DOWNLOAD -
Networked Technologies: The Role of Networks in the Diffusion and Adoption of Software Process Improvement (SPI) Approaches
• White Paper
By William E. Hefley, Karlheinz Kautz, Peter A. Nielsen, Jorn Johansen, Linda Levine
Social networks play a key role in the adoption and diffusion of software process improvement as a networked technology. This panel addressed actual examples of SPI networks and identified key …
DOWNLOAD -
Selecting Advanced Software Technology in Two Small Manufacturing Enterprises
• Technical Note
By William Anderson, Charles Buhman, Len Estrin
This 2004 report documents two small manufacturing enterprises' (SMEs') efforts to select advanced software technologies for their business operations.
DOWNLOAD -
Survivable Functional Units: Balancing an Enterprise's Mission and Technology
• Technical Note
By Larry Rogers
In this 2004 report, Larry Rogers describes enterprise networks in a way that helps system administrators see how technology supports the enterprise's mission.
DOWNLOAD -
Dependability Cases
• Technical Note
By John J. Hudak, John B. Goodenough, Charles Weinstock
In this 2004 report, the authors explain how to create a dependability case for a system that helps identify and keep track of details of large systems.
DOWNLOAD -
Case Study: A Measurement Program for Product Lines
• Technical Note
By Ed Dunn (Naval Undersea Warfare Center), David Zubrow, Sholom G. Cohen
This report documents NUWC's approach for measurement by describing the Goal-Driven Software Measurement approach and providing early results of the measurement program.
DOWNLOAD -
Advanced Engineering Environments for Small Manufacturing Enterprises: Volume II
• Technical Report
By Young Choi (Chung-Ang University), Ram D. Sriram (National Institute of Standards and Technology), Steven J. Fenves (National Institute of Standards and Technology), John E. Robert, Joseph P. Elm
This report documents the Self-Assessment Tool for Engineering Environments (SAT-EE) and the Self-Assessment Tool for Engineering Tool Capabilities (SAT-ETC).
DOWNLOAD -
Standard Systems Group (SSG) Technology Adoption Planning Workshop
• Special Report
By Jan Vargas, Lorraine Nemeth-Adams, Suzanne Miller
This 2004 report presents the results of the SSG Technology Adoption Planning Workshop, which was held in October 2003 in Alabama.
DOWNLOAD -
Measuring Systems Interoperability: Challenges and Opportunities
• Technical Note
By William Anderson, Mark Kasunic
This 2004 report presents best practices for measuring systems interoperability and assisting military planners in the acquisition, development, and implementation of interoperable C4I systems.
DOWNLOAD -
Overview of ComFoRT: A Model Checking Reasoning Framework
• Technical Note
By Natasha Sharygina, James Ivers
This 2004 report describes ComFoRT, a reasoning framework that packages the effectiveness of state-of-the-art model checking in a form that enables users to apply the analysis technique without being experts …
DOWNLOAD -
Systems of Systems Interoperability
• Technical Report
By B. Craig Meyers, Edwin J. Morris, Linda Levine, Patrick R. Place, Daniel Plakosh
This technical report documents the findings of an internal research and development effort on system of systems interoperability (SOSI).
DOWNLOAD -
Documenting Component and Connector Views with UML 2.0
• Technical Report
By Bradley Schmerl, Paul C. Clements, Oviedo Silva (Carnegie Mellon School of Computer Science), James Ivers, Robert Nord, David Garlan
This 2004 report explores how changes in UML 2.0 affect UML's suitability for documenting component and connector views.
DOWNLOAD -
An Alternative to Technology Readiness Levels for Non-Developmental Item (NDI) Software
• Technical Report
By James Smith
This report explores the difficulties in using TRLs as they apply to NDI software technology and products, and explores an alternative set of readiness criteria.
DOWNLOAD -
COTS Usage Risk Evaluation Participant’s Overview
• White Paper
By None
This document provides an overview of the three steps of the COTS Usage Risk Evaluation (CURE) that involve participation by the program's team members. For each step, both the activity …
DOWNLOAD -
Sets, Bags, and Rock and Roll? Analyzing Large Data Sets of Network Data
• White Paper
By John McHugh
In this paper, John McHugh describes problems with monitoring and analyzing traffic on high-speed networks.
DOWNLOAD -
Conflict Patterns: Toward Identifying Suitable Middleware
• White Paper
By None
This whitepaper describes patterns of interoperability conflicts along with their typical resolution in an effort to present reusable solutions for the design of integration architectures.
DOWNLOAD -
Software Product Lines: Experiences from the Sixth DoD Software Product Line Workshop
• Technical Note
By Dennis B. Smith, Lawrence G. Jones, Sholom G. Cohen, John K. Bergey
This 2004 report summarizes the presentations and discussions from the Sixth Department of Defense (DoD) Product Line Practice Workshop in September 2003.
DOWNLOAD -
A Study of Product Production in Software Product Lines
• Technical Note
By Patrick Donohoe, Gary Chastek, John McGregor
This 2004 report presents the results of a study that focused on how product line organizations create products.
DOWNLOAD -
Case Study: IRS Business System Modernization Process Improvement
• Technical Report
By Jon Gross, Matt Fisher, Lloyd Anderson
This report provides an overview of applying the SA-CMM to the IRS modernization effort to establish and implement more effective acquisition management processes and practices.
DOWNLOAD -
Army Strategic Software Improvement Program (ASSIP) Survey of Army Acquisition Managers
• Technical Report
By Mark Kasunic
This report analyzes a survey that covered four areas of the acquisition system: the acquirer's environment, the developer's environment, communication between the acquirer and developer, and external factors that could …
DOWNLOAD -
An Integrated Approach to Software Process Improvement at Wipro Technologies: veloci-Q
• Technical Report
By Rituparna Ghosh (Wipro Technologies), Priya Krishnaswamy (Wipro Technologies), Deb Sambuddha (Wipro Technologies)
This report describes the work of the 2002 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
Current Perspectives on Interoperability
• Technical Report
By Lisa Brownsword, B. Craig Meyers, Lutz Wrage, James Smith, Patrick R. Place, Edwin J. Morris, Grace Lewis, David Fisher, David J. Carney
This 2004 report describes current research within the software engineering community on the topic of interoperability between software systems.
DOWNLOAD -
A-Specification for the CMMI Product Suite, Version 1.6
• White Paper
By None
The A-Specification for the CMMI Product Suite defines the scope, lists applicable documents, and defines the requirements the CMMI Product Suite must meet to be considered acceptable.
DOWNLOAD -
Upgrading from SW-CMM to CMMI
• White Paper
By None
This whitepaper shows how organizations can promptly move from a maturity level of the SW-CMM to the corresponding maturity level of CMMI.
DOWNLOAD -
CMMI Acquisition Module (CMMI-AM) Version 1.0
• Technical Report
By Thomas Bernard, Hal Wilson, Roger Bate, Brian P. Gallagher
This report contains the acquisition practices that should be performed by government acquisition organizations acquiring systems and/or services.
DOWNLOAD -
Working with Small Manufacturing Enterprises: An Analysis of TIDE
• Technical Report
By Len Estrin, Suzanne Miller, Joseph P. Elm, William Anderson, John T. Foreman, Alfred Schenker, John E. Robert
This 2004 paper documents some of the challenges and risks facing programs or organizations trying to help small manufacturing enterprises (SMEs).
DOWNLOAD -
Financial Institution CSIRT Case Study
• White Paper
By None
This case study describes the experiences of a financial institution CSIRT in getting its organization up and running.
DOWNLOAD -
Eight Architecture Lessons from History
• White Paper
By None
This 2004 whitepaper offers eight lessons from history for the software architecture field, drawn from peer fields i.e. Military, Civil, Finance, Mathematics, Astronomy, Social and Medical.
DOWNLOAD -
COTS Acquisition Evaluation Process: Preacher's Practice
• Technical Note
By Vijay Sai
This paper outlines a successful effort to apply COTS-based engineering principles to a software acquisition by various groups at the SEI.
DOWNLOAD -
2003 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 2003.
DOWNLOAD -
CERT Research 2003 Annual Report
• White Paper
By None
This report provides brief abstracts for major research projects, followed by more detailed descriptions of these projects, for all CERT research conducted in the year 2003.
DOWNLOAD -
2003 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 2003.
DOWNLOAD -
Common Concepts Underlying Safety, Security, and Survivability Engineering
• Technical Note
By Donald Firesmith
In this report, Donald Firesmith presents information models that identify and define concepts underlying safety, security, and survivability engineering.
DOWNLOAD -
Integrating the Architecture Tradeoff Analysis Method (ATAM) with the Cost Benefit Analysis Method (CBAM)
• Technical Note
By Paul C. Clements, James E. Tomayko, Liam O'Brien, Mark H. Klein, Rick Kazman, Mario R. Barbacci, Robert Nord
This technical note reports on a proposal to integrate the SEI ATAM (Architecture Tradeoff Analysis Method) and the CBAM (Cost Benefit Analysis Method).
DOWNLOAD -
SACAM: The Software Architecture Comparison Analysis Method
• Technical Report
By Christoph Stoermer, Chris Verhoef, Felix Bachmann
The report describes SACAM, a method that provides rationale for an architecture selection process by comparing the fitness of architecture candidates for required systems.
DOWNLOAD -
Advanced Engineering Environments for Small Manufacturing Enterprises: Volume I
• Technical Report
By Ram D. Sriram (National Institute of Standards and Technology), John E. Robert, Joseph P. Elm, Young Choi (Chung-Ang University), Steven J. Fenves (National Institute of Standards and Technology)
This report provides an overview of AEE technologies, their benefits for subject matter experts, and the technical considerations for AEE adoption.
DOWNLOAD -
Real-Time Application Development with OSEK: A Review of the OSEK Standards
• Technical Note
By Peter H. Feiler
This 2003 report examines the OSEK OS, OSEK COM, and OSEK OIL specifications from the perspective of a real-time application developer.
DOWNLOAD -
Interpreting Capability Maturity Model Integration (CMMI) for Service Organizations' Systems Engineering and Integration Services Example
• Technical Note
By Laura West (SAIC), Mike Phillips, Mary Anne Herndon (SAIC), Julie A. Walker, Robert Moore (SAIC)
This 2003 technical note presents one organization's interpretation of CMMI best practices for organizations that primarily provide services.
DOWNLOAD -
Architecture Reconstruction of J2EE Applications: Generating Views from the Module Viewtype
• Technical Note
By Vorachat Tamarree, Liam O'Brien
This report outlines the application of architecture reconstruction techniques to the Sun Microsystems' Duke's Bank system- Java2 Platform, Enterprise Edition/Enterprise JavaBeans (J2EE/EJB) application implemented mainly in Java.
DOWNLOAD -
Architecture Reconstruction Guidelines, Third Edition
• Technical Report
By Liam O'Brien, Rick Kazman, Chris Verhoef
This report describes the process of architecture reconstruction using the Dali architecture reconstruction workbench.
DOWNLOAD -
Developing a Communication Strategy for a Research Institute
• White Paper
By Bill Pollak, Mike Petock, Anne Humphreys
This 2004 white paper presents a communication strategy that defines products and internal processes for optimizing communication with the Software Engineering Institute's (SEI) most important stakeholders.
DOWNLOAD -
CMMI Interpretive Guidance Project: Preliminary Report
• Special Report
By Michael D. Konrad, Kenneth Smith, Agapi Svolou, Gian Wemyss, Dennis Goldenson, Mary Beth Chrissis
The SEI collected data to learn more about how CMMI is being accepted by various organizations. This report describes those activities and includes summaries of the data collected.
DOWNLOAD -
Demonstrating the Impact and Benefits of CMMI: An Update and Preliminary Results
• Special Report
By Diane Gibson, Dennis Goldenson
This 2003 report demonstrates credible quantitative evidence that CMMI-based process improvement can result in better project performance and higher quality products.
DOWNLOAD -
Deriving Enterprise-Based Measures Using the Balanced Scorecard and Goal-Driven Measurement Techniques
• Technical Note
By Wolfhart B. Goethert, Matt Fisher
This 2003 report describes the application of the balanced scorecard and goal-driven measurement methodologies to ways to measure an organization's health and performance.
DOWNLOAD -
A Template for Documenting Prediction-Enabled Component Technologies
• Technical Note
By Paulo Merson
This report proposes a template for documenting a PECT, and provides guidelines and a few examples to help PECT developers consolidate the broad range of information produced into the PECT …
DOWNLOAD -
Measures for Software Product Lines
• Technical Note
By David Zubrow, Gary Chastek
This 2003 report characterizes the status of measurement associated with the operation of a software product line, suggests a small set of measures to support its management, and provides guidance …
DOWNLOAD -
State of the Practice of Computer Security Incident Response Teams (CSIRTs)
• Technical Report
By Mark Zajicek, Klaus-Peter Kossakowski, Robin Ruefle, Georgia Killcrece
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.
DOWNLOAD -
Quality Attribute Workshops (QAWs), Third Edition
• Technical Report
By Robert J. Ellison, Mario R. Barbacci, Anthony J. Lattanze, Judith A. Stafford, Charles Weinstock, William Wood
This report describes the newly revised QAW (Quality Attribute Workshop) and describes potential uses of the refined scenarios generated during it.
DOWNLOAD -
Analyzing and Specifying Reusable Security Requirements
• White Paper
By Donald Firesmith
A system cannot have high assurance if it has poor security, and thus, requirements for high assurance systems will logically include security requirement as well as availability, reliability, and robustness …
DOWNLOAD -
Requirements Engineering for Survivable Systems
• Technical Note
By Nancy R. Mead
In this 2003 report, Nancy Mead describes the state of requirements engineering for survivable systems.
DOWNLOAD -
A Life-Cycle View of Architecture Analysis and Design Methods
• Technical Note
By Mark H. Klein, Rick Kazman, Robert Nord
This report examines the architecture-centric analysis and design methods that were created at the SEI between 1993 and 2003.
DOWNLOAD -
DoD Experience with the C4ISR Architecture Framework
• Technical Note
By William Wood, Sholom G. Cohen
This report discusses the context for using the C4ISRAF, the observations made during the interviews about its use, and the strengths and challenges of using it.
DOWNLOAD -
Predictable Assembly of Substation Automation Systems: An Experiment Report, Second Edition
• Technical Report
By Kurt C. Wallnau, William Wood, John J. Hudak, James Ivers, Mark H. Klein, Gabriel Moreno, Magnus Larsson, Judith A. Stafford, Daniel Plakosh, Linda M. Northrop, Scott Hissam
This 2003 report describes the results of an exploratory PECT prototype for substation automation, an application area in the domain of power generation, transmission, and management.
DOWNLOAD -
Product Line Analysis for Practitioners
• Technical Report
By Gary Chastek, Patrick Donohoe
This 2003 technical report describes the addition of development requirements to product line analysis.
DOWNLOAD -
The Team Software Process (TSP) in Practice: A Summary of Recent Results
• Technical Report
By Noopur Davis, Julia L. Mullaney
This 2003 report provides results and implementation data from projects and individuals that have adopted the TSP.
DOWNLOAD -
SEI Independent Research and Development Projects (FY 2003)
• Technical Report
By Anthony J. Lattanze, Len Bass, Sven Dietrich, Peter H. Feiler, Suzanne Miller, Mark H. Klein, Edwin J. Morris, Patrick R. Place, Daniel Plakosh, John McHugh, B. Craig Meyers, Robert C. Seacord, Felix Bachmann, David J. Carney
This report describes the IR&D projects that were conducted during fiscal year 2003 (October 2002 through September 2003).
DOWNLOAD -
A Model Problem Approach to Measurement-to-Track Association
• Technical Report
By B. Craig Meyers, Grace Lewis
This report illustrates the use of model problems in the design of a system.
DOWNLOAD -
Preliminary Design of ArchE: A Software Architecture Design Assistant
• Technical Report
By Len Bass, Felix Bachmann, Mark H. Klein
This 2003 report presents a procedure for moving from a set of quality attribute scenarios to an architecture design that satisfies those scenarios.
DOWNLOAD -
Interpreting Capability Maturity Model Integration (CMMI) for COTS-Based Systems
• Technical Report
By Lisa Brownsword, Cecilia Albert, Barbara Tyson
This 2003 report shows that developing and maintaining COTS-based systems is more than selecting products and managing vendor relationships.
DOWNLOAD -
Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation
• Technical Report
By Patrick R. Place, Edwin J. Morris, David J. Carney
This 2003 report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE).
DOWNLOAD -
Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat
• White Paper
By John McHugh, Carrie Gates
In this paper, the authors describe how locality appears in many dimensions and applies to diverse mechanisms.
DOWNLOAD -
Building Relationships between Small Manufacturing Enterprises and Vendors: Findings from the TIDE Program
• Technical Note
By Len Estrin, John T. Foreman
This report presents findings to help vendors, VARs, and SMEs develop mutually beneficial and successful relationships.
DOWNLOAD -
Preserving Real Concurrency
• White Paper
By James Ivers, Kurt C. Wallnau
In this 2003 whitepaper, the authors make use of information provided by components and extracted from static assembly topologies to faithfully model real concurrency. The result is more effective analysis.
DOWNLOAD -
Measurement and Analysis in Capability Maturity Model Integration Models and Software Process Improvement
• White Paper
By Joe Jarzombek (OSD-NII), Terry Rout (Griffith University), Dennis Goldenson
This article reviews the content and rationale behind the new process area and describes how the ideas introduced there are further elaborated and evolved throughout capability maturity model integration models.
DOWNLOAD -
Organizational Interoperability Maturity Model for C2
• White Paper
By None
A model of organizational interoperability is proposed in this paper, which extends the LISI model into the more abstract layers of C2 Support, that is, the C2 Frameworks, C2 Processes, …
DOWNLOAD -
Gobus Toolkit 3 Core - A Grid Service Container Framework
• White Paper
By Derek Gabbard
The core infrastructure of Globus Toolkit 3 (GT3 Core) is based on the OGSI primitives and protocols. The main design goal has been to make the OGSI technology easy to …
DOWNLOAD -
International Liability Issues for Software Quality
• Special Report
By Nancy R. Mead
In this 2003 report, Nancy Mead focuses on international liability as it relates to information security for critical infrastructure applications.
DOWNLOAD -
Using the Architecture Tradeoff Analysis Method (ATAM) to Evaluate the Software Architecture for a Product Line of Avionics Systems: A Case Study
• Technical Note
By Paul C. Clements, William Wood, Linda M. Northrop, Anthony J. Lattanze, Mario R. Barbacci
This 2003 technical note describes an ATAM evaluation of the software architecture for an avionics system developed for the Technology Applications Program Office (TAPO) of the U.S. Army Special Operations …
DOWNLOAD -
CMM-Based Process Improvement and Schedule Deviation in Software Maintenance
• Technical Note
By Ho-Won Jung, Dennis Goldenson
This study evaluates the predictive validity of the Capability Maturity Model (CMM) for Software (SW-CMM) as applied to software maintenance.
DOWNLOAD -
Predicting When Product Line Investment Pays
• Technical Note
By Sholom G. Cohen
This 2003 report defines key factors to consider in taking an incremental approach to fielding a product line.
DOWNLOAD -
What About Ada? The State of the Technology in 2003
• Technical Note
By James Smith
This 2003 report documents a recent investigation which characterized the technical and programmatic risks in reusing significant quantities of legacy Ada code in a new system.
DOWNLOAD -
Documenting Software Architectures in an Agile World
• Technical Note
By Judith A. Stafford, Paul C. Clements, James Ivers, Reed Little, Robert Nord
This report compares the Software Engineering Institute's Views and Beyond approach for documenting software architectures with the documentation philosophy embodied in agile software-development methods.
DOWNLOAD -
Third International Workshop on Adoption-Centric Software Engineering
• Special Report
By Jens-Holger Jahnke (University of Victoria), Robert Balzer (TeKnowledge Corporation), Anke Weber (University of Victoria), Kenny Wong (University of Alberta), Scott R. Tilley (Florida Institute of Technology), Margaret-Anne Storey (University of Victoria), Dennis B. Smith, Hausi A. Muller (University of Victoria), Marin Litoiu (IBM Canada Ltd.)
This report contains a set of papers that focus on overcoming barriers to adopting research tools. The papers were presented at the Third International Workshop on Adoption-centric Software Engineering (ACSE).
DOWNLOAD -
Proceedings of the System of Systems Interoperability Workshop (February 2003)
• Technical Note
By Linda Levine, B. Craig Meyers, Daniel Plakosh, Patrick R. Place, Edwin J. Morris
This report documents the model of interoperability presented and the findings from the System of Systems Interoperability Workshop, held in February 2003.
DOWNLOAD -
Snapshot of CCL: A Language for Predictable Assembly
• Technical Note
By James Ivers, Kurt C. Wallnau
This 2003 report presents a snapshot of the construction and composition language (CCL) by examining a small example CCL specification.
DOWNLOAD -
The Software Engineering Institute's Second Workshop on Predictable Assembly: Landscape of Compositional Predictability
• Technical Note
By Judith A. Stafford, Scott Hissam
To further its work in predictable assembly focusing on compositional reasoning techniques, the Software Engineering Institute (SEI) held its second Predictable Assembly from Certifiable Components (PACC) Workshop on January 10-11, …
DOWNLOAD -
Interactions Among Techniques Addressing Quality Attributes
• Technical Report
By Hernan R. Eguiluz, Mario R. Barbacci
This report provides software architects a chart for determining the relationships among techniques that promote different architectural qualities.
DOWNLOAD -
The Evolution of Product Line Assets
• Technical Report
By John McGregor
The focus of this 2003 technical report is how evolutionary changes affect the various types of assets in a software product line.
DOWNLOAD -
Fifth DoD Product Line Practice Workshop Report
• Technical Report
By John K. Bergey, William O'Brien, Linda M. Northrop, Lawrence G. Jones, Matt Fisher, Sholom G. Cohen
This 2003 document summarizes the presentations and discussions from the Fifth Department of Defense (DoD) Product Line Practice Workshop, held in August 2002.
DOWNLOAD -
Overcoming Barriers to Technology Adoption in Small Manufacturing Enterprises (SMEs)
• Technical Report
By Suzanne Miller, Len Estrin, John T. Foreman
This 2003 report summarizes technology demonstrations, workforce development activities, and technology development efforts of the SEI's TIDE Program.
DOWNLOAD -
Integration of Computer-Aided Design and Finite Element Analysis Tools in a Small Manufacturing Enterprise
• Technical Report
By John E. Robert, Joseph P. Elm
This 2003 report summarizes two case studies of tool integration activities at one small manufacturer.
DOWNLOAD -
Architecture, Design, Implementation
• White Paper
By Rick Kazman
Architecture, design, and implementation are used informally in partitioning software specifications into three coarse strata of abstraction. These strata are not well-defined in either research or practice, causing miscommunication and …
DOWNLOAD -
The SAE Avionics Architecture Description Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering
• White Paper
By Steve Vestal (Honeywell Technology Center), Peter H. Feiler
The AADL standard will include a UML profile useful for avionics, space, automotive, robotics and other real-time concurrent processing domains including safety critical applications.
DOWNLOAD -
A Basis for an Assembly Process for COTS-Based Systems (APCS)
• Technical Report
By Tricia Oberndorf, David J. Carney, Patrick R. Place
This paper describes a generic process framework for developing software systems based on commercial off-the-shelf (COTS) products.
DOWNLOAD -
Case Study: Computer Supplier Evaluation Practices of the Parenteral Drug Association
• Technical Report
By Grigonis Grigonis, David J. Carney, Tricia Oberndorf, Harvey Greenawalt
This case study describes the development of a method for evaluating computer and software suppliers for the pharmaceutical industry.
DOWNLOAD -
Architecture Reconstruction Case Study
• Technical Note
By None
This report outlines an architecture reconstruction carried out at the SEI on a software system called VANISH, which was developed for prototyping visualizations.
DOWNLOAD -
Volume III: A Technology for Predictable Assembly from Certifiable Components
• Technical Report
By Kurt C. Wallnau
This 2003 report, the final in a three-volume series on CBSE, identifies the key technical concepts of PACC, with an emphasis on the theory of prediction-enabled component technology (PECT).
DOWNLOAD -
DoD Architecture Framework and Software Architecture Workshop Report
• Technical Note
By Steve Palmquist, William Wood, Lyn Uzzle, John Weiler, Art Krummenoehl, Mario R. Barbacci, Paul C. Clements, Huei-Wan Ang, Loring Bernhardt, Fatma Dandashi, David Emery, Sarah Sheard
This report summarizes the activities of the Workshop on the Department of the 2003 Defense Architecture Framework and Software Architecture workshop.
DOWNLOAD -
A Federation Object Model (FOM) Flexible Federate Framework
• Technical Note
By Reed Little, Regis Dumond
This 2003 report describes an approach to designing a domain framework that encapsulates expertise in developing an HLA federate by hiding RTI internal operations from the developer.
DOWNLOAD -
Application of Options Analysis for Reengineering in a Lead System Integrator Environment
• Technical Note
By None
This note describes the use of OAR to guide decision making on mining assets within an LSI (lead system integrator) context.
DOWNLOAD -
Relating the Team Software Process (TSP) to the Capability Maturity Model for Software (SW-CMM)
• Technical Report
By Watts S. Humphrey, Jim McHale, Noopur Davis
This 2003 report helps process professionals, process managers, project leaders, and organizational managers establish process improvement strategies and plans.
DOWNLOAD -
Deriving Architectural Tactics: A Step Toward Methodical Architectural Design
• Technical Report
By Felix Bachmann, Mark H. Klein, Len Bass
This 2003 technical report provides the status on the work being done by the SEI to understand the relationship between quality requirements and architectural design.
DOWNLOAD -
On the Suitability of Tcl/Tk for SYS
• Technical Note
By Fred Hansen
This 2003 report reviews various websites and considers other factors that should influence the choice of Tcl/Tk as a tool for further development of SYS.
DOWNLOAD -
Rendering Tcl/Tk Windows as HTML
• Technical Note
By Fred Hansen
Tcl is a programming language having a Toolkit library that provides a standard set of GUI widgets. Since these are aimed at direct presentation via a window manager, Tcl/Tk applications …
DOWNLOAD -
Applying FSQ Engineering Foundations to Automated Calculation of Program Behavior
• Technical Note
By Richard C. Linger (Oak Ridge National Laboratory)
In this report, Richard Linger describes the application of function-theoretic mathematical foundations to the problem of program behavior calculation.
DOWNLOAD -
Quantifying the Value of Architecture Design Decisions: Lessons from the Field
• White Paper
By Jai Asundi, Rick Kazman, Mark H. Klein, Mike Moore (NASA Goddard Space Flight Center)
This paper outlines experiences with using economic criteria to make architecture design decisions.
DOWNLOAD -
Simple Network Management Protocol (SNMP) Vulnerabilities Frequently Asked Questions (FAQ)
• White Paper
By None
This tech tip provides advice about the Simple Network Management Protocol (SNMP).
DOWNLOAD -
2003 Tech Tip: W32/Blaster Recovery Tips
• White Paper
By None
This tech tip contains information about recovery from W32/Blaster.
DOWNLOAD -
2002 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 2002.
DOWNLOAD -
2002 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 2002.
DOWNLOAD -
Supporting the CANCEL Command Through Software Architecture
• Technical Note
By Bonnie E. John, Len Bass
This report, published in 2002, details the responsibilities that a system must implement to support command cancellation.
DOWNLOAD -
PECT Infrastructure: A Rough Sketch
• Technical Note
By Scott Hissam, James Ivers
This 2002 paper investigates the nature of PECT infrastructures, summarizes the activities that a PECT infrastructure should support, and proposes a design for the tools that make up a PECT …
DOWNLOAD -
Rules of Thumb for the Use of COTS Products
• Technical Report
By James Smith, Ellen-Jane Pairo, Michele Motsko, Tricia Oberndorf
This 2002 report provides information to help guide decisions about when COTS products are an appropriate solution,and when they are not.
DOWNLOAD -
The Internal Consistency of Key Process Areas in the Capability Maturity Model (CMM) for Software (SW-CMM)
• Technical Report
By Ho-Won Jung, Dennis Goldenson
This report examines the dimensions underlying the maturity construct in the Capability Maturity Model (CMM) for Software (SW-CMM) and then estimates the internal consistency (reliability) of each dimension.
DOWNLOAD -
Network Survivability Analysis Using Easel
• Technical Report
By Alan M. Christie
In this 2002 report, Alan Christie describes the results of exploring the use of simulation in examining internet survivability.
DOWNLOAD -
CSIRT Services
• White Paper
By None
In this paper, the authors define computer security incident response team (CSIRT) services.
DOWNLOAD -
Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues
• Special Report
By Howard F. Lipson
In this report, Howard Lipson describes the technical challenges and global policy issues related to cyber attacks.
DOWNLOAD -
Evolutionary Process for Integrating COTS-Based Systems (EPIC) Building, Fielding, and Supporting Commercial-off-the-Shelf (COTS) Based Solutions
• Technical Report
By David Bentley (U.S. Air Force), Lisa Brownsword, Thomas Bono (MITRE), Cecilia Albert, Edwin J. Morris, Deborah Pruitt (MITRE)
This 2002 document is the first release of a full description of the EPIC framework along with its activities and artifacts.
DOWNLOAD -
Salion, Inc.: A Software Product Line Case Study
• Technical Report
By Paul C. Clements, Linda M. Northrop
This 2002 case study outlines the efforts of Salion, Inc., an enterprise software company providing Revenue Acquisition Management solutions tailored to the unique needs of automotive suppliers.
DOWNLOAD -
2002 Tech Tip: Problems With The FTP PORT Command or Why You Don't Want Just Any Port in a Storm
• White Paper
By None
This tech tip contains discussion about problems with the FTP PORT command.
DOWNLOAD -
SEI Architecture Analysis Techniques and When to Use Them
• Technical Note
By Mario R. Barbacci
When analyzing system and software architectures, the Quality Attribute Workshop (QAW) and the Architecture Tradeoff Analysis Method (ATAM) can be used in combination to obtain early and continuous benefits.
DOWNLOAD -
Model-Based Verification: Abstraction Guidelines
• Technical Note
By David P. Gluch, Grace Lewis, Charles Weinstock, John J. Hudak, Santiago Comella-Dorda
This 2002 report presents abstraction techniques that can be used to build essential models of system behavior in the context of MBV and details a methodology for creating state machine …
DOWNLOAD -
Using CMMI to Improve Earned Value Management
• Technical Note
By Paul Solomon
For organizations using Earned Value Management (EVM) or that plan to implement EVM during Capability Maturity Model Integration (CMMI) implementation, this technical note provides guidance for cost-effective process improvement and …
DOWNLOAD -
SEI Independent Research and Development Projects
• Technical Report
By Ira Monarch, Dennis B. Smith, Steve Cross, Kurt C. Wallnau, Eileen C. Forrester, Scott Hissam, Rick Kazman, Linda Levine, Richard C. Linger (Oak Ridge National Laboratory), Thomas A. Longstaff
This report describes the IR&D projects that were conducted during fiscal year 2002 (October 2001 through September 2002).
DOWNLOAD -
Life-Cycle Models for Survivable Systems
• Technical Report
By Carol Sledge, John McHugh, Howard F. Lipson, Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead
In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
DOWNLOAD -
Trustworthy Refinement Through Intrusion-Aware Design
• Technical Report
By Robert J. Ellison, Andrew P. Moore
This document has been superseded by CMU/SEI-2003-TR-002.
DOWNLOAD -
Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)
• Technical Report
By Andrew P. Moore, Robert J. Ellison
In this report, the authors demonstrate the application of TRIAD to refining a survivability strategy for a business that sells products on the internet.
DOWNLOAD -
Using the Technology Readiness Levels Scale to Support Technology Management in the DoD's ATD/STO Environments (A Findings and Recommendations Report Conducted for Army CECOM)
• Special Report
By Suzanne Miller, Peter J. Van Syckle, Robert J. Schenk, Caroline Graettinger, Jeannine Siviy
This report describes the results of the SEI study of the feasibility of (a) using TRLs in STO technology screening, (b) developing or acquiring a TRL tool, and (c) implementing …
DOWNLOAD -
Product Line State of the Practice Report
• Technical Note
By Sholom G. Cohen
This 2002 report outlines the state of software product line practice in industry. The report blends a case study with the results of a product line questionnaire that was sent …
DOWNLOAD -
Successful Product Line Development and Sustainment: A DoD Case Study
• Technical Note
By Albert Soule, Ed Dunn (Naval Undersea Warfare Center), Sholom G. Cohen
This case study describes the Naval Undersea Warfare Center's (NWUC) efforts to sustain and support the evolution of RangeWare, a software product line asset base used to test range operations.
DOWNLOAD -
A Basis for Composition Language CL
• Technical Note
By Nishant Sinha, James Ivers, Kurt C. Wallnau
This report describes the composition language CL and its rudimentary graphical syntax, and defines and illustrates the compositional semantics for CL using Hoare's CSP.
DOWNLOAD -
An Application of an Iterative Approach to DoD Software Migration Planning
• Technical Note
By Dennis B. Smith, John K. Bergey, Liam O'Brien
This 2002 report outlines the early results of an approach to support software migration planning that focused on deriving actionable plans for focus areas that were identified in an initial …
DOWNLOAD -
Product Line Production Planning for the Home Integration System Example
• Technical Note
By Gary Chastek, John McGregor, Patrick Donohoe
This 2002 technical note examines the significant characteristics of the production plans of three hypothetical organizations that create product lines of home integration systems.
DOWNLOAD -
Discovery Colloquium: Quality Software Development @ Internet Speed
• Technical Report
By Richard Baskerville, Sandra Slaughter, Balasubramaniam Ramesh, Jan Pries-Heje, Linda Levine
This report presents the data collected during a 2001 colloquium to explore issues associated with developing quality software at Internet speed.
DOWNLOAD -
Making Architecture Design Decisions: An Economic Approach
• Technical Report
By Rick Kazman, Jai Asundi, Mark H. Klein
This report describes the improvements to the CBAM (Cost Benefit Analysis Method) and provides a pilot case study conducted with NASA.
DOWNLOAD -
2002 Tech Tip: Securing an Internet Name Server
• White Paper
By Allen D. Householder, Brian King
This document discusses name server security and focuses on BIND, which is the most commonly used software for DNS servers.
DOWNLOAD -
A Report on the May 2002 CMMI Workshop
• Special Report
By Michael D. Konrad, Bill Curtis (CAST Research Labs), Mary Beth Chrissis, Mark C. Paulk
This report summarizes the results of the CMMI Workshop held on May 7-8, 2002.
DOWNLOAD -
PAMD: Developing a Plug-In Architecture for Palm OS-Powered Devices Using Software Engineering
• Technical Note
By Adrian Sia, You Jung Kim, Venkat Govi, Hernan R. Eguiluz
This 2002 technical note describes a plug-in architecture for Palm Operating System devices developed by the authors, a team of graduate students from the CMU Master of Software Engineering program.
DOWNLOAD -
Plug-In Architecture for Mobile Devices
• Technical Note
By Madhu Keshavamurthy, Mona Li, Vichaya Sagetong, Jung Soo Kim
This 2002 report describes plug-in architecture for mobile devices (PAMD), an architectural specification that extends the function of applications in mobile devices.
DOWNLOAD -
Model-Based Verification: An Engineering Practice
• Technical Report
By David Zubrow, David P. Gluch, Santiago Comella-Dorda, John J. Hudak, Grace Lewis, Julie A. Walker, Charles Weinstock
This 2002 report summarizes MBV and outlines the responsibilities of engineers engaged in Model-Based Verification.
DOWNLOAD -
Software Architecture Reconstruction: Practice Needs and Current Approaches
• Technical Report
By Chris Verhoef, Christoph Stoermer, Liam O'Brien
This report presents the concept of practice scenarios for architecture reconstruction.
DOWNLOAD -
Illuminating the Fundamental Contributors to Software Architecture Quality
• Technical Report
By Mark H. Klein, Len Bass, Felix Bachmann
This 2002 report presents the basic concepts of analysis models for two quality attributes-modifiability and performance, identifies a collection of tactics that can be used to control responses within those …
DOWNLOAD -
CMMI for Software Engineering, Version 1.1, Continuous Representation (CMMI-SW, V1.1, Continuous)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
CMMI for Software Engineering, Version 1.1, Staged Representation (CMMI-SW, V1.1, Staged)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
Home Computer Security
• White Paper
By None
This 2002 document provides tips for securing your home computer.
DOWNLOAD -
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations
• Special Report
By Ana M. Moreno (Universidad Politecnica de Madrid), Nancy R. Mead, Stephen B. Seidman, Heidi J. Ellis
In this 2002 report, the authors describe a study of reeducating non-software professionals and practitioners to become software engineers.
DOWNLOAD -
Replaceable Components and the Service Provider Interface
• Technical Note
By Robert C. Seacord, Lutz Wrage
This 2002 report considers the motivation for using replaceable components and defines the requirements of replaceable component models.
DOWNLOAD -
Software Process Improvement and Product Line Practice: CMMI and the Framework for Software Product Line Practice
• Technical Note
By Albert Soule, Lawrence G. Jones
This 2002 report explores the relationship between software product line practice, as defined by the Framework for Software Product Line Practice, and software engineering process discipline, as defined by the …
DOWNLOAD -
Evolutionary Process for Integrating COTS-Based Systems (EPIC): An Overview
• Technical Report
By David Bentley (U.S. Air Force), Edwin J. Morris, Deborah Pruitt (MITRE), Cecilia Albert, Lisa Brownsword, Thomas Bono (MITRE)
This document is the first release of an overview of the EPIC framework along with its activities and artifacts.
DOWNLOAD -
Distributed Software: From Component Model to Software Architecture
• White Paper
By None
This 2002 whitepaper presents a component model for redeveloping software.
DOWNLOAD -
A Software Product Line Vision for Defense Acquisition
• Technical Note
By Grady Campbell
This report presents a vision for software product lines as an acquisition focus and suggests extensions to current Department of Defense policy and practices to increase the awareness of and …
DOWNLOAD -
Use of the Architecture Tradeoff Analysis Method (ATAM) in Source Selection of Software-Intensive Systems
• Technical Note
By John K. Bergey, Lawrence G. Jones, Matt Fisher
This report explains the role of software architecture evaluation in a source selection and describes the contractual elements that are needed to support its use.
DOWNLOAD -
Use of Quality Attribute Workshops (QAWs) in Source Selection for a DoD System Acquisition: A Case Study
• Technical Note
By William Wood, John K. Bergey
This case study outlines how a DoD organization used architecture analysis and evaluation in a major system acquisition to reduce program risk.
DOWNLOAD -
Documenting Software Architecture: Documenting Interfaces
• Technical Note
By Paul C. Clements, Judith A. Stafford, Robert Nord, Reed Little, James Ivers, Felix Bachmann, Len Bass, David Garlan
This report provides guidance for documenting the interfaces to software elements.
DOWNLOAD -
Flow-Service-Quality (FSQ) Engineering: Foundations for Network System Analysis and Development
• Technical Note
By Gwendolyn H. Walton, Alan R. Hevner (University of South Florida), Mark Pleszkoch, Richard C. Linger (Oak Ridge National Laboratory)
In this 2002 report, the authors describe Flow-Service-Quality engineering, an emerging technology for management, acquisition, and more.
DOWNLOAD -
Guidelines for Developing a Product Line Production Plan
• Technical Report
By Gary Chastek, John McGregor
This 2002 technical report provides guidance for creating, using, and evaluating a production plan, which is a description of how core assets are to be used to develop a product …
DOWNLOAD -
Quality Attribute Workshops, 2nd Edition
• Technical Report
By Judith A. Stafford, Anthony J. Lattanze, Robert J. Ellison, Mario R. Barbacci, Charles Weinstock, William Wood
This report clarifies the context in which a QAW (Quality Attribute Workshop) is applicable, provides a rationale for developing the process and describes it in detail, and concludes with a …
DOWNLOAD -
Using EVMS with COTS-Based Systems
• Technical Report
By Tricia Oberndorf, Carol Sledge, Mary Jo Staley
This 2002 report focuses is on the use of Earned Value in the context of a COTS-Based System (CBS).
DOWNLOAD -
Packaging and Deploying Predictable Assembly
• White Paper
By Scott Hissam, Kurt C. Wallnau, Judith A. Stafford, Gabriel Moreno
This paper describes prediction-enabled component technology (PECT), which integrates component technology with analysis models.
DOWNLOAD -
Foundations for Survivable Systems Engineering
• White Paper
By Nancy R. Mead, Richard C. Linger (Oak Ridge National Laboratory), Andrew P. Moore, Robert J. Ellison
In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
DOWNLOAD -
Issues in Predicting the Reliability of Components
• White Paper
By Judith A. Stafford, John McGregor
This whitepaper presents the design of an experiment that forms the basis of a reliability prediction-enabled component technology (PECT). It also discusses aspects of models that need to be adapted …
DOWNLOAD -
Statistical Models for Empirical Component Properties and Assembly-Level Property Predictions: Toward Standard Labeling
• White Paper
By Gabriel Moreno, Scott Hissam, Kurt C. Wallnau
This paper identifies statistical models that could form a basis for standard industry labels for component properties and prediction theories.
DOWNLOAD -
Is Third Party Certification Necessary?
• White Paper
By Judith A. Stafford, Kurt C. Wallnau
This paper describes a model for the component marketplace, along with two possible forms that the model may take in order to establish trust among participants in component-based design.
DOWNLOAD -
The Potential for Synergy Between Certification and Insurance
• White Paper
By Kurt C. Wallnau, Mary Shaw, Kevin Stolarick, P. Luo Li
Because of their affordability and availability, reusable software components have long been a tantalizing IT investment, but they are not without their risks. Certification and insurance are potential approaches to …
DOWNLOAD -
Interpreting Capability Maturity Model Integration (CMMI) for Operational Organizations
• Technical Note
By Brian P. Gallagher
This 2002 report details how operational organizations that perform a variety of missions can benefit from the concepts in CMMI to improve the processes and effectiveness of mission operations.
DOWNLOAD -
MAP and OAR Methods: Techniques for Developing Core Assets for Software Product Lines from Existing Assets
• Technical Note
By Liam O'Brien, Dennis B. Smith
This 2002 report describes the MAP and OAR methods, the activities that each involves, and examples of applying them.
DOWNLOAD -
SCAMPI V1.1 Use in Supplier Selection and Contract Process Monitoring
• Technical Note
By Thomas Bernard, Rick Barbour
A newer document covers this topic in more detail. If you want to see the newer document, see Standard CMMI Appraisal Method for Process Improvement (SCAMPI) A, Version 1.3: Method …
DOWNLOAD -
Experiences in Architecture Reconstruction at Nokia
• Technical Note
By Liam O'Brien
This 2002 report outlines details of past and current architecture reconstruction work on several systems at Nokia.
DOWNLOAD -
Software Acquisition Capability Maturity Model (SA-CMM) Version 1.03
• Technical Report
By Jack Cooper, Matt Fisher
This 2002 version of the SA-CMM incorporates change requests that have been received, as well as the results of lessons learned from conducting appraisals and from the use of Version …
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering/Integrated Product and Process Development/Supplier Sourcing, Version 1.1, Continuous Representation (CMMI-SE/SW/IPPD/SS, V1.1, Continuous)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering/Integrated Product and Process Development/Supplier Sourcing, Version 1.1, Staged Representation (CMMI-SE/SW/IPPD/SS, V1.1, Staged)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
The Road to CMMI: Results of the First Technology Transition Workshop
• Technical Report
By Mac Patrick, Gian Wemyss, Lynn Carter, Caroline Graettinger, Shelly Zasadni
This 2002 paper reports the findings of the First Technology Transition Workshop, held in November 2001.
DOWNLOAD -
2002 Tech Tip: A Brief Tour of the Simple Network Management Protocol
• White Paper
By None
In this 2002 tech tip, the authors provide a brief overview of the Simple Network Management Protocol (SNMP).
DOWNLOAD -
2002 Tech Tip: Email Bombing and Spamming
• White Paper
By None
This CERT Division tech tip describes email bombing and spamming.
DOWNLOAD -
2002 Tech Tip: Spoofed/Forged Email
• White Paper
By None
This tech tip contains information about spoofed and forged email.
DOWNLOAD -
2002 Tech Tip: Securing Your Web Browser
• White Paper
By None
This tech tip contains ways to secure your web browser.
DOWNLOAD -
The 2001 High Maturity Workshop
• Special Report
By Mary Beth Chrissis, Mark C. Paulk
This report contains overviews of more than 30 high maturity organizations and the various working group reports from the workshop.
DOWNLOAD -
Documenting Software Architecture: Documenting Behavior
• Technical Note
By James Ivers, Len Bass, Felix Bachmann, Reed Little, Judith A. Stafford, Robert Nord, Paul C. Clements, David Garlan
This report describes ways to document the behavior of systems, subsystems, and components of software architecture.
DOWNLOAD -
Model-Based Verification: Guidelines for Generating Expected Properties
• Technical Note
By Santiago Comella-Dorda, John J. Hudak, David P. Gluch, Grace Lewis, Charles Weinstock
This report presents a basic set of guidelines to facilitate the generation of expected properties in the context of Model-Based Verification.
DOWNLOAD -
2001 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 2001.
DOWNLOAD -
2001 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 2001.
DOWNLOAD -
Using the Architecture Tradeoff Analysis Method to Evaluate a Wargame Simulation System: A Case Study
• Technical Note
By Lawrence G. Jones, Anthony J. Lattanze
This report describes the application of the ATAM (Architecture Tradeoff Analysis Method) to a major wargaming simulation system.
DOWNLOAD -
Model-Based Verification: Analysis Guidelines
• Technical Note
By David P. Gluch, Grace Lewis, Santiago Comella-Dorda, John J. Hudak, Charles Weinstock
This technical note provides guidance for the analysis activity that occurs during the interpretation of results produced by model-checking tools.
DOWNLOAD -
Can We Ever Build Survivable Systems from COTS Components?
• Technical Note
By Howard F. Lipson, Nancy R. Mead, Andrew P. Moore
In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.
DOWNLOAD -
A Framework for the Specification of Acquisition Models
• Technical Report
By Tricia Oberndorf, B. Craig Meyers
This special report provides a bibliography of books, articles, and other literature concerning the PSP and TSP methodologies.
DOWNLOAD -
OCTAVE Criteria, Version 2.0
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee
This 2001 report defines a general approach for evaluating and managing information security risks.
DOWNLOAD -
Testing a Software Product Line
• Technical Report
By John McGregor
This report expands on the testing practice area described by Clements and Northrop. Test-related activities that can be used to form the test process for a product line organization are …
DOWNLOAD -
Appraisal Requirements for CMMI, Version 1.1 (ARC, V1.1)
• Technical Report
By The CMMI Product Team
This report defines the ARC V1.1 requirements that are considered to be essential to appraisal methods intended for use with CMMI models ARC, V1.1.
DOWNLOAD -
Using Economic Considerations to Choose Among Architecture Design Alternatives
• Technical Report
By Rick Kazman, Jai Asundi, Mark H. Klein
The SEI developed the CBAM (Cost Benefit Analysis Method), which incorporates the costs and benefits of architectural design decisions and provides an effective means of making such decisions. This paper …
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering, Version 1.1, Continuous Representation (CMMI-SE/SW, V1.1, Continuous)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering, Version 1.1, Staged Representation (CMMI-SE/SW, V1.1, Staged)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering/Integrated Product and Process Development, Version 1.1, Continuous Representation (CMMI-SE/SW/IPPD, V1.1, Continuous)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering/Integrated Product and Process Development, Version 1.1, Staged Representation (CMMI-SE/SW/IPPD, V1.1, Staged)
• Technical Report
By The CMMI Product Team
This CMMI model is designed to help organizations improve their product and service development, acquisition, and maintenance processes.
DOWNLOAD -
Army Workshop on Lessons Learned from Software Upgrade Programs
• Special Report
By Halbert Stevens, William Anderson, Matt Fisher, Caroline Graettinger, Fred Hansen, Ray Obenza, Dennis B. Smith, John K. Bergey
This report summarizes the results of the SEI-sponsored Software Upgrade Workshop for Legacy Systems at the Redstone Arsenal on June 5-7, 2001.
DOWNLOAD -
Experiences in Implementing Measurement Programs
• Technical Note
By Will Hayes, Wolfhart B. Goethert
This 2001 report describes lessons learned at several organizations that have implemented measurement programs using the Goal-Driven Software Measurement methodology.
DOWNLOAD -
Perspectives on Open Source Software
• Technical Report
By Jai Asundi, Scott Hissam, Charles Weinstock, Daniel Plakosh
This 2001 report summarizes the results of a study of the benefits of pitfalls of using open source software.
DOWNLOAD -
Analysis of CMM-Based Appraisal for Internal Process Improvement (CBA IPI) Assessment Feedback
• Technical Report
By Marie Baker, Donna K. Dunaway, Michele Falce
This report updates the analysis of feedback from users of the CMM-Based Appraisal for Internal Process Improvement (CBA IPI) method.
DOWNLOAD -
Packaging Predictable Assembly with Prediction-Enabled Component Technology
• Technical Report
By Gabriel Moreno, Scott Hissam, Judith A. Stafford, Kurt C. Wallnau
This report describes the major structures of a PECT. It then discusses the means of validating the predictive powers of a PECT so that consumers may obtain measurably bounded trust …
DOWNLOAD -
CMM-Based Appraisal for Internal Process Improvement (CBA IPI) Version 1.2 Method Description
• Technical Report
By Donna K. Dunaway, Steve Masters
This report provides a high-level overview of the CBA IPI V1.2 assessment method and is an update to the CBA IPI V1.1 .
DOWNLOAD -
2001 Tech Tip: Trends in Denial of Service Attack Technology
• White Paper
By George Weaver, Kevin Houle
In this 2001 paper, the authors highlight trends in the deployment, use, and impact of DoS attack technology based on intruder activity and attack tools.
DOWNLOAD -
2001 Tech Tip: Managing the Threat of Denial-of-Service Attacks
• White Paper
By Allen D. Householder, Linda Pesante, Art Manion
In this 2001 paper, the authors describe the then-current situation regarding denial-of-service (DOS) attacks and ways of addressing the problem.
DOWNLOAD -
Quality Attribute Design Primitives and the Attribute Driven Design Method
• White Paper
By Mark H. Klein, Felix Bachmann, Len Bass
This paper discusses the understanding of quality attributes and their application to the design of a software architecture.
DOWNLOAD -
Framework Document: Model-Based Verification Pilot Study
• Special Report
By David P. Gluch, Julie A. Walker, Robert Janousek, John J. Hudak, Charles Weinstock, David Zubrow
This 2001 document describes the processes, activities, artifacts, and deliverables associated with an Engineering Practice Investigation of MBV.
DOWNLOAD -
Architectural Refinement for the Design of Survivable Systems
• Technical Note
By Robert J. Ellison, Andrew P. Moore
This paper describes a process for systematically refining an enterprise system architecture to resist, recognize, and recover from deliberate, malicious attacks by applying reusable design primitives that help ensure the …
DOWNLOAD -
Model-Based Verification: Claim Creation Guidelines
• Technical Note
By Charles Weinstock, John J. Hudak, David P. Gluch, Santiago Comella-Dorda, Grace Lewis
This 2001 report describes a pattern-based approach to facilitate claim generation.
DOWNLOAD -
Model-Based Verification: Scope, Formalism, and Perspective Guidelines
• Technical Note
By Santiago Comella-Dorda, Charles Weinstock, Julie A. Walker, Grace Lewis, John J. Hudak, David P. Gluch
This report provides guidance for defining the scope, formalism, and perspective for applying MBV, a systematic approach to finding defects in software requirements, designs, or code.
DOWNLOAD -
Analyzing Enterprise JavaBeans Systems Using Quality Attribute Design Primitives
• Technical Note
By Anna Liu, Len Bass, Mark H. Klein
This report introduces the notion of quality attribute design primitives, which are architectural building blocks that target the achievement of one or sometimes several quality attribute requirements.
DOWNLOAD -
Applicability of General Scenarios to the Architecture Tradeoff Analysis Method
• Technical Report
By Gabriel Moreno, Len Bass, Mark H. Klein
In this report, we compare the scenarios elicited from five ATAM (Architecture Tradeoff Analysis Method) evaluations with the scenarios used to characterize the quality attributes.
DOWNLOAD -
Fourth DoD Product Line Practice Workshop Report
• Technical Report
By Matt Fisher, Sholom G. Cohen, Albert Soule, Linda M. Northrop, John K. Bergey, William O'Brien, Dennis B. Smith, Robert W. Krut, Jr., Lawrence G. Jones, Grady Campbell
The report summarizes the workshop presentations and discussions from the Fourth Department of Defense (DoD) Software Product Line Practice Workshop, held in March 2001.
DOWNLOAD -
An Enterprise Information System Data Architecture Guide
• Technical Report
By Grace Lewis, Santiago Comella-Dorda, Patrick R. Place, Daniel Plakosh, Robert C. Seacord
This report describes a sample data architecture in terms of a collection of generic architectural patterns that define and constrain how data is managed in a system that uses the …
DOWNLOAD -
OCTAVE Catalog of Practices, Version 2.0
• Technical Report
By Julia H. Allen, Christopher J. Alberts, Audrey J. Dorofee
In this report, the authors describe OCTAVE practices, which enable organizations to identify risks and mitigate them.
DOWNLOAD -
Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models
• Technical Report
By Richard C. Linger (Oak Ridge National Laboratory), Andrew P. Moore
This 2001 paper describes initial work in the foundations stage for survivability specification and intrusion specification, as well as survivability evaluation models that draw upon both of these areas.
DOWNLOAD -
Control Channel Toolkit: A Software Product Line Case Study
• Technical Report
By Sholom G. Cohen, Linda M. Northrop, Paul C. Clements, Patrick Donohoe
This 2001 report is a case study of the Control Channel Toolkit (CCT), a software asset base for a software product line of ground-based spacecraft command and control systems built …
DOWNLOAD -
Use of the ATAM in the Acquisition of Software-Intensive Systems
• Technical Note
By Matt Fisher, John K. Bergey
This report discusses the role of software architecture evaluations in a system acquisition and describes the contractual elements that are needed to accommodate architecture evaluations in an acquisition. The report …
DOWNLOAD -
Fifth Product Line Practice Workshop Report
• Technical Report
By Paul C. Clements, Patrick Donohoe, Kyo C. Kang (Pohang University of Science and Technology), John McGregor, Linda M. Northrop
This report synthesizes the workshop presentations and discussions from the Fifth Software Engineering Institute Product Line Practice Workshop, held in December 2000.
DOWNLOAD -
Proceedings of the Real-Time Systems Engineering Workshop
• Special Report
By Peter H. Feiler, Theodore F. Marz, B. Craig Meyers
This report presents the results of a workshop on real-time systems engineering. The workshop was held as part of the SEI Symposium in Washington, DC, during September 2000.
DOWNLOAD -
Documenting Software Architectures: Organization of Documentation Package
• Technical Note
By Robert Nord, Reed Little, Felix Bachmann, Len Bass, Judith A. Stafford, James Ivers, David Garlan, Paul C. Clements
This comprehensive handbook outlines how to produce high-quality documentation for software architectures.
DOWNLOAD -
DoD Software Migration Planning
• Technical Note
By John K. Bergey, Liam O'Brien, Dennis B. Smith
This 2001 report describes migration planning, identifies influencing factors, outlines a set of migration planning activities, and offers a set of guidelines for the migration planning process.
DOWNLOAD -
Beyond the Black Box: A Case Study in C to Java Conversion and Product Extensibility
• Technical Note
By Grace Lewis, Pisey Huy, Ming-hsun Liu
This case study describes the experience of converting and enhancing NDBS 1.0, a programmatic library to extract private keys and digital certificates from a Netscape database written in C and …
DOWNLOAD -
Maintaining Transactional Context: A Model Problem
• Technical Report
By Santiago Comella-Dorda, Grace Lewis, Daniel Plakosh, Patrick R. Place, Robert C. Seacord
This 2001 report outlines a model problem constructed to verify the feasibility of building a mechanism to modernize a legacy system.
DOWNLOAD -
Architecture Reconstruction Guidelines
• Technical Report
By Chris Verhoef, Rick Kazman, Liam O'Brien
This report describes the process of architecture reconstruction using the Dali architecture reconstruction workbench.
DOWNLOAD -
Incremental Modernization for Legacy Systems
• Technical Note
By Patrick R. Place, Grace Lewis, Santiago Comella-Dorda, Robert C. Seacord, Daniel Plakosh
This 2001 report shows an objective technique for developing an incremental code-migration strategy for large legacy Common Business-Oriented Language (COBOL) systems.
DOWNLOAD -
Architecture Reconstruction to Support a Product Line Effort: Case Study
• Technical Note
By Liam O'Brien
This report describes the architecture reconstruction process that was followed when the SEI performed architecture reconstructions on three small automotive motor systems.
DOWNLOAD -
Legacy System Modernization Strategies
• Technical Report
By Santiago Comella-Dorda, Patrick R. Place, Daniel Plakosh, Robert C. Seacord, Grace Lewis
This 2001 report discusses alternative development approaches for incrementally modernizing legacy systems.
DOWNLOAD -
Real-Time Systems Engineering: Lessons Learned from Independent Technical Assessments
• Technical Note
By Theodore F. Marz, Daniel Plakosh
This 2001 paper contains observations, recurring themes, trends, and lessons learned about systems development as derived from real-time/mission-critical programs that have been reviewed over the last three years.
DOWNLOAD -
Options Analysis for Reengineering (OAR): A Method for Mining Legacy Assets
• Technical Note
By John K. Bergey, Liam O'Brien, Dennis B. Smith
OAR is a systematic, architecture-centric, decision-making method for mining existing components for a product line or new software architecture.
DOWNLOAD -
Managing Variability in Software Architectures
• White Paper
By Len Bass, Felix Bachmann
This paper presents experience with explicitly managing variability within a software architecture.
DOWNLOAD -
Quality Attribute Workshops
• Technical Report
By William Wood, Mario R. Barbacci, Robert J. Ellison, Judith A. Stafford, Charles Weinstock
This report describes the QAW (Quality Attribute Workshop) approach, which is a method for evaluating a software-intensive system architecture during the acquisition phase of major programs.
DOWNLOAD -
Spiral Development and Evolutionary Acquisition
• Special Report
By None
DoD Instruction 5000.2 introduced innovations throughout the acquisition cycle. To address this, a workshop was held September 2000. This 2001 report summarizes the workshop and presents its recommendations.
DOWNLOAD -
SEI Workshop on Software Architecture Representation, 16-17 January 2001
• Special Report
By None
This report summarizes the discussions from the 2001 Architecture Representation Workshop, where five leading software architects and practitioners were invited to discuss aspects of the architecture representation with senior members …
DOWNLOAD -
Case Study: Building and Communicating a Business Case for a DoD Product Line
• Technical Note
By Sholom G. Cohen
This case study describes a DoD weapon system development effort and compares the current way of developing software systems to the product line approach.
DOWNLOAD -
Developing a Product Line Acquisition Strategy for a DoD Organization: A Case Study
• Technical Note
By John K. Bergey, Wolfhart B. Goethert
This 2001 report describes the approach a DoD organization used to develop alternative acquisition strategies and analyzes the pros and cons of each.
DOWNLOAD -
Product Line Analysis: A Practical Introduction
• Technical Report
By Kyo C. Kang (Pohang University of Science and Technology), Patrick Donohoe, Gary Chastek, Steffen Thiel (Robert Bosch GmbH)
This 2001 report provides a practical introduction to product line requirements modeling. The report describes product line analysis in the context of product line development and shows how a requirements …
DOWNLOAD -
Guidance on Commercial-Based and Open Systems for Program Managers
• Special Report
By None
This 2001 document discusses various risks and provides guidance that may be used to mitigate those risks.
DOWNLOAD -
Attack Modeling for Information Security and Survivability
• Technical Note
By Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Andrew P. Moore
This technical note describes and illustrates an approach for documenting attack information in a structured and reusable form.
DOWNLOAD -
Achieving Usability Through Software Architecture
• Technical Report
By Len Bass, Bonnie E. John, Jesse Kates
This paper outlines an approach to improving the usability of software systems by means of software architectural decisions.
DOWNLOAD -
K-BACEE: A Knowledge-Based Automated Component Ensemble Evaluation Tool
• Technical Note
By Dave Mundie, Somjai Boonsiri, Robert C. Seacord
This 2001 report describes an automated approach to evaluating ensembles of components within the context of a system requirements specification.
DOWNLOAD -
2001 Tech Tip: Using PGP to Verify Digital Signatures
• White Paper
By Shawn Hernan, Linda Pesante
This white paper discusses how to use Pretty Good Privacy (PGP) to verify digital signatures.
DOWNLOAD -
2001 Tech Tip: Cross-Site Scripting Vulnerabilities
• White Paper
By Jason Rafail
In this paper, Jason Rafail discusses cross-site scripting vulnerabilities.
DOWNLOAD -
Before You Connect a New Computer to the Internet
• White Paper
By None
This tech tip provides advice about connecting a new computer to the Internet.
DOWNLOAD -
Defining and Understanding Software Measurement Data
• White Paper
By James A. Rozum
The following describes a measurement process and provides some basic concepts that managers can use to help integrate measurement into the process for managing software development.
DOWNLOAD -
2001 Tech Tip: Home Network Security
• White Paper
By None
This tech tip contains a discussion about home network security.
DOWNLOAD -
2000 Tech Tip: Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites
• White Paper
By None
This 2000 tech tip discusses malicious web scripts.
DOWNLOAD -
2000 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from the year 2000.
DOWNLOAD -
2000 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 2000.
DOWNLOAD -
Results of the Security in ActiveX Workshop
• White Paper
By None
In this paper, the authors present a summary of the Security in ActiveX Workshop, which was held in December 2000.
DOWNLOAD -
Quality Attribute Design Primitives
• Technical Note
By Mark H. Klein, Felix Bachmann, Len Bass
This report addresses mechanisms that significantly affect quality attribute behavior and have sufficient content for analysis.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering, Version 1.02, Staged Representation (CMMI-SE/SW, V1.02, Staged)
• Technical Report
By The CMMI Product Development Team
CMMI Product Development Team Integration provides guidance for improving your organization's processes and ability to manage the development, acquisition, and maintenance of products and services.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering, Version 1.02, Continuous Representation (CMMI-SE/SW, V1.02, Continuous)
• Technical Report
By The CMMI Product Development Team
The continuous representation of the CMMI-SE/SW, V1.02 uses six capability levels, capability profiles, target staging, and equivalent staging as organizing principles for the model components.
DOWNLOAD -
A Simulation Model for Managing Survivability of Networked Information Systems
• Technical Report
By Soumyo D. Moitra, Suresh Konda
In this 2000 report, we develop a model to evaluate the tradeoffs between the cost of defense mechanisms for networked systems and the resulting expected survivability after a network attack.
DOWNLOAD -
The Survivability of Network Systems: An Empirical Analysis
• Technical Report
By Soumyo D. Moitra, Suresh Konda
This report, published in 2000, presents an extended analysis of CERT Coordination Center incidents data (from 1988 to 1995) and applies the results to simulate attacks and their impacts on …
DOWNLOAD -
Third DoD Product Line Practice Workshop Report
• Technical Report
By Robert W. Krut, Jr., Sholom G. Cohen, Tricia Oberndorf, Brian P. Gallagher, Matt Fisher, Lawrence G. Jones, Linda M. Northrop, William O'Brien, Dennis B. Smith, Albert Soule
This report synthesizes the presentations and discussions of the Third Department of Defense Product Line Practice Workshop held in March 2000.
DOWNLOAD -
Improving Predictability in Embedded Real-Time Systems
• Special Report
By None
This 2000 paper discusses a model-based architectural approach for improving predictability of performance in embedded real-time systems.
DOWNLOAD -
Guidance on Commercial-Based and Open Systems for Coast Guard Program Managers
• Special Report
By None
This 2000 report is intended for Coast Guard program and assistant program managers who will acquire systems containing commercial software products while adopting an open system strategy.
DOWNLOAD -
The Team Software Process: An Overview and Preliminary Results of Using Disciplined Practices
• Technical Report
By Donald R. McAndrews
This report describes the TSP technology as an implementation strategy for teams that are attempting to apply disciplined software process methods.
DOWNLOAD -
The Personal Software Process (PSP)
• Technical Report
By Watts S. Humphrey
This report describes in detail what the PSP is and how it works. Starting with a brief discussion of the relationship of the PSP to general quality principles, the report …
DOWNLOAD -
The Team Software Process (TSP)
• Technical Report
By Watts S. Humphrey
This report describes the TSP and how it was developed. Starting with a brief background discussion of software quality, the report provides an overview of the basic elements of teamwork.
DOWNLOAD -
CMMI for Systems Engineering/Software Engineering/Integrated Product and Process Development, Version 1.02, Continuous Representation (CMMI-SE/SW/IPPD, V1.02, Continuous)
• Technical Report
By The CMMI Product Development Team
This report presents a CMMI model with a continuous representation, which focuses on measuring process improvement using capability levels.
DOWNLOAD -
An Activity Framework for COTS-Based Systems
• Technical Report
By Tricia Oberndorf, Carol Sledge, Lisa Brownsword
This 2000 document provides an introduction to COTS activities and practices.
DOWNLOAD -
An Application of the Architecture-Based Design Method to the Electronic House
• Special Report
By None
This report elaborates an example of the application of the ABD (Architecture-Based Design) method to designing software architecture.
DOWNLOAD -
Simplex Architecture Performance and Cost
• Technical Report
By Julie A. Walker, Michael J. Gagliardi, Theodore F. Marz, Neal Altman
The Simplex Architecture facilitates the building of dependable and upgradable real-time systems. This paper examines Simplex performance and the costs associated with its use.
DOWNLOAD -
An Evaluation Theory Perspective of the Architecture Tradeoff Analysis Method (ATAM)
• Technical Report
By Marta Lopez
This report analyzes and identifies the Architecture Tradeoff Analysis Method (ATAM)'s evaluation process and criteria, as well as its data-gathering and synthesis techniques, and more.
DOWNLOAD -
Survivable Network Analysis Method
• Technical Report
By Nancy R. Mead, John McHugh, Thomas A. Longstaff, Richard C. Linger (Oak Ridge National Laboratory), Robert J. Ellison
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability …
DOWNLOAD -
Software Process Achievement at Tinker Air Force Base
• Technical Report
By Walter Lipke, Kelley Butler
This report describes the work of the 1999 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
Active Reviews for Intermediate Designs
• Technical Note
By Paul C. Clements
This 2000 technical note describes Active Review for Intermediate Designs (ARID), a piloted software design review technique.
DOWNLOAD -
Improving the Acquisition of Software Intensive Systems
• Technical Report
By Matt Fisher, Dennis Goldenson
The SEI surveyed senior acquisition managers about the performance of their organizations, especially on skills and competencies, and issues surrounding the training needed to develop them. The results of the …
DOWNLOAD -
ATAM: Method for Architecture Evaluation
• Technical Report
By Mark H. Klein, Paul C. Clements, Rick Kazman
This report presents technical and organizational foundations for performing architectural analysis, and presents the SEI's ATAM, a technique for analyzing software architectures.
DOWNLOAD -
ARC, V1.0 Assessment Requirements for CMMI, Version 1.0
• Technical Report
By The CMMI Product Development Team
ARC, V1.0 Assessment Requirements for CMMI, Version 1.0
DOWNLOAD -
Using Quality Attribute Workshops to Evaluate Architectural Design Approaches in a Major System Acquisition: A Case Study
• Technical Note
By Mario R. Barbacci, William Wood, John K. Bergey
This report describes a series of Quality Attribute Workshops (QAWs) that were conducted on behalf of a government agency during its competitive acquisition of a complex, tactical, integrated command and …
DOWNLOAD -
Spiral Development - Building the Culture: A Report on the CSE-SEI Workshop, February, 2000
• Special Report
By None
This report summarizes the CSE/SEI February 2000 SDM workshop and presents its recommendations.
DOWNLOAD -
Spiral Development: Experience, Principles, and Refinements Spiral Development Workshop February 9, 2000
• Special Report
By None
This 2000 report characterizes spiral development by enumerating a few invariant properties that any such process must exhibit.
DOWNLOAD -
Using the Architecture Tradeoff Analysis Method to Evaluate a Reference Architecture: A Case Study
• Technical Note
By Brian P. Gallagher
This report describes the application of the ATAM (Architecture Tradeoff Analysis Method) to evaluate a reference architecture for ground-based command and control systems.
DOWNLOAD -
Lessons Learned Applying Commercial Off-the-Shelf Products Manufacturing Resource Planning II Program
• Technical Note
By Patrick R. Place, Lisa Brownsword
This report is part of a series of case studies that seek to identify important acquisition, business, and engineering issues surrounding the use of COTS-based systems.
DOWNLOAD -
Modeling the Space Shuttle Liquid Hydrogen Subsystem
• Technical Note
By Bemina Atanacio
This 2000 report describes experiences with modeling the liquid hydrogen subsystem of the space shuttle.
DOWNLOAD -
Mining Existing Assets for Software Product Lines
• Technical Note
By Dennis B. Smith, John K. Bergey
This 2000 report outlines four basic steps that are required to successfully mine assets.
DOWNLOAD -
Volume I: Market Assessment of Component-Based Software Engineering Assessments
• Technical Note
By Robert C. Seacord, John E. Robert, Kurt C. Wallnau, Santiago Comella-Dorda, Len Bass, Fred Long, Charles Buhman
This 2001 report examines software component technology from a business perspective.
DOWNLOAD -
Volume II: Technical Concepts of Component-Based Software Engineering, 2nd Edition
• Technical Report
By Len Bass, Kurt C. Wallnau, Felix Bachmann, Robert C. Seacord, John E. Robert, Fred Long, Santiago Comella-Dorda, Charles Buhman
The objective of this study is to determine whether CBSE has the potential to advance the state of software engineering practice and, if so, whether the SEI can contribute to …
DOWNLOAD -
Case Study: Development of a Baseline Controller for Automatic Landing of an F-16 Aircraft Using Linear Matrix Inequalities (LMIs)
• Technical Report
By Enrique Ferriera, Theodore F. Marz, Danbing Seto
This report presents preliminary results on the design of the baseline controller for an F-16 aircraft automatic landing system using linear matrix inequalities (LMI)-based approaches.
DOWNLOAD -
A Survey of Legacy System Modernization Approaches
• Technical Note
By John E. Robert, Robert C. Seacord, Kurt C. Wallnau, Santiago Comella-Dorda
This report, published in 2000, provides a survey of modernization techniques including screen scraping, database gateway, XML integration, database replication, CGI integration, object-oriented wrapping, and "componentization" of legacy systems.
DOWNLOAD -
Analysis of Lead Assessor Feedback for CBA IPI Assessments Conducted July 1998-October 1999
• Technical Report
By Michele Falce, Mui Leng Seow, Marie Baker, Donna K. Dunaway
This document consolidates and analyzes information from Lead Assessor Requirements.
DOWNLOAD -
The November 1999 High Maturity Workshop
• Special Report
By Mary Beth Chrissis, Mark C. Paulk
This report contains brief summaries of the high maturity organizations participating in the 1999 High Maturity Workshop and the various working group reports.
DOWNLOAD -
Guidelines for Using OAR Concepts in a DoD Product Line Acquisition Environment
• Technical Note
By Dennis B. Smith, John K. Bergey
This 2000 report provides guidance for DoD organizations for mining legacy systems to obtain core assets that will fit into a previously defined software architecture for a product line.
DOWNLOAD -
Software Architecture Documentation in Practice: Documenting Architectural Layers
• Special Report
By None
The 2000 report lays out our approach and organization for the book-in-planning titled Software Architecture Documentation in Practice, and provides guidance for the layer diagram.
DOWNLOAD -
The 1999 Survey of High Maturity Organizations
• Special Report
By Dennis Goldenson, Mark C. Paulk, David M. White
This report summarizes the observations from the 1999 survey of high maturity organizations.
DOWNLOAD -
Basic Concepts of Product Line Practice for the DoD
• Technical Note
By Matt Fisher, John K. Bergey, Brian P. Gallagher, Lawrence G. Jones, Linda M. Northrop
This 2000 report provides background information to inform other reports in an SEI-published series of reports designed to provide concise and usable information about product line acquisition practices.
DOWNLOAD -
Fourth Product Line Practice Workshop Report
• Technical Report
By John McGregor, Linda M. Northrop, Len Bass, Paul C. Clements, Patrick Donohoe
This report synthesizes the presentations and discussions from the 1999 Product Line Practice Workshop, which described practices and issues associated with tool support for software product lines.
DOWNLOAD -
Frequently Asked Questions About the Melissa Virus
• White Paper
By None
This tech tip provides advice about the Melissa virus.
DOWNLOAD -
2000 Tech Tip: Steps for Recovering from a UNIX or NT System Compromise
• White Paper
By None
This 2000 tech tip contains discussion about recovering from a UNIX or NT system compromise.
DOWNLOAD -
2000 Tech Tip: Finding Site Contacts
• White Paper
By None
This tech tip describes contact methods, converting between domain names and IP numbers, finding contact information based on domain names and also IP numbers.
DOWNLOAD -
2000 Tech Tip: Understanding Malicious Content Mitigation for Web Developers
• White Paper
By None
This 2000 tech tip contains discussion about malicious content mitigation.
DOWNLOAD -
The Architecture Based Design Method
• Technical Report
By Gary Chastek, Fabio Peruzzi, Patrick Donohoe, Len Bass, Felix Bachmann
This paper presents the Architecture Based Design (ABD) method for designing the high-level software architecture for a product line or long-lived system.
DOWNLOAD -
SCAMPI, V1.0 Standard CMMI Assessment Method for Process Improvement: Method Description, Version 1.0
• Technical Report
By The CMMI Product Development Team
SCAMPI, V1.0 Standard CMMI Assessment Method for Process Improvement: Method Description, Version 1.0
DOWNLOAD -
CMMI-SE/SW/IPPD, V1.02, Staged
• Technical Report
By The CMMI Product Development Team
This document has been updated to a new version: Capability Maturity Model Integration (CMMI) for Systems Engineering/Software Engineering/Integrated Product and Process Development, Version 1.1, Staged Representation (CMU/SEI-2002-TR-004).
DOWNLOAD -
Software Engineering Education Directory
• Technical Report
By Mark Schmick, Bill McSteen, Brian Gottier
This report provides information about software engineering courses and software engineering degree programs offered by universities, primarily in the United States.
DOWNLOAD -
Construction and Deployment Scripts for COTS-Based, Open Source Systems
• Technical Report
By Fred Hansen
This report details the construction/deployment scripts for GEE (generic enterprise ensemble), a prototypical three-tier information system incorporating a number of commercial off-the-shelf (COTS) products.
DOWNLOAD -
State of the Practice of Intrusion Detection Technologies
• Technical Report
By John McHugh, Ed Stoner, Jed Pickel, William L. Fithen, Alan M. Christie, Julia H. Allen
This report provides an unbiased assessment of publicly available ID technology. The report also outlines relevant issues for the research community as they formulate research directions and allocate funds.
DOWNLOAD -
Quality Attribute Workshop Participants Handbook
• Special Report
By Charles Weinstock
This report describes the 1) process we use to conduct QAW (Quality Attribute Workshop), 2) information required, 3) suggested tools, and 4) expected outcomes of QAWs.
DOWNLOAD -
1999 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 1999.
DOWNLOAD -
1999 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1999.
DOWNLOAD -
1990 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1990.
DOWNLOAD -
Results of the Distributed-Systems Intruder Tools Workshop
• White Paper
By None
In this paper, the authors summarize the Distributed-Systems Intruder Tools Workshop, which was held in November 1999.
DOWNLOAD -
Study of the Interdependencies Within the Banking and Finance Infrastructure for Survivability Research
• White Paper
By Yen-Ming Chen
To preserve the public's confidence in the banking and finance infrastructures, its survivability needs to be examined. One approach to investigating the survivability of the banking and finance system is …
DOWNLOAD -
Product Line Acquisition in the DoD: The Promise, The Challenges
• Technical Note
By Lawrence G. Jones
This 1999 paper presents the basics of product line practices and reports the results of two DoD product line workshops in which important issues and successful practices were shared.
DOWNLOAD -
Lessons Learned Collaborating on a Process for SPI at Xerox
• Technical Report
By Brian Middlecoat, Sung Yo, Priscilla Fowler
This 1999 report describes a collaborative effort to develop a more systematic and detailed approach to SPI through use and evaluation of prototype versions of the PCM and guidebook.
DOWNLOAD -
Rollout and Installation of Risk Management at the IMINT Directorate, National Reconnaissance Office
• Technical Report
By Jo Lee Loveland Link, Rick Barbour, Al Krum, August C. Neitzel
This 1999 report provides a knowledge asset repository for the National Reconnaissance Office that can be leveraged in support of Risk Management efforts.
DOWNLOAD -
Builder's Guide for WaterBeans Components
• Technical Report
By Dennis B. Smith, Daniel Plakosh, Kurt C. Wallnau
This paper describes WaterBeans, a proof-of-feasibility system for building software applications through a process of assembling prefabricated software components.
DOWNLOAD -
SRE Method Description (Version 2.0) & SRE Team Members Notebook (Version 2.0)
• Technical Report
By George Pandelios, Ray C. Williams, Sandra Behrens
This report describes the SRE Method Description, a process for identifying, analyzing, and developing mitigation strategies for risks in a software-intensive system while it is in development.
DOWNLOAD -
A Case Study on Analytical Analysis of the Inverted Pendulum Real-Time Control System
• Technical Report
By Danbing Seto, Lui R. Sha
An inverted pendulum has been used as the controlled device in a prototype real-time control system employing the Simplex architecture. In this report, we address the control issues of such …
DOWNLOAD -
Software Process Improvement Works! (Advanced Information Services Inc.)
• Technical Report
By Gloria Leman (Advanced Information Services Inc), Girish Seshagiri (Advanced Information Services Inc), Susan Renner (Advanced Information Services Inc), Prasad Perini (Advanced Information Services Inc), Pat Ferguson (Advanced Information Services Inc)
This report describes the work of the 1998 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
Second DoD Product Line Practice Workshop Report
• Technical Report
By Paul C. Clements, Robert W. Krut, Jr., Linda M. Northrop, Lawrence G. Jones, Grady Campbell, John K. Bergey, Sholom G. Cohen, Dennis B. Smith
This report synthesizes the workshop presentations and discussions of the Second DoD Product Line Practice Workshop, held in March 1999.
DOWNLOAD -
Attribute-Based Architectural Styles
• Technical Report
By Rick Kazman, Mark H. Klein
This report establishes a common format for documenting ABASs in the hope that they will become the foundation for anyone who is doing system design and analysis.
DOWNLOAD -
Architectural Evaluation of Collaborative Agent-Based Systems
• Technical Report
By Steve Woods, Mario R. Barbacci
This report identifies features in agent-based systems that could be used to classify agent-system architectures and to guide the generation of scenarios applicable to these architectures.
DOWNLOAD -
Guidelines for Software Engineering Education Version 1.0
• Technical Report
By Greg Hislop (Drexel University), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Susan Mengel (Texas Tech University), Michael McCracken (Georgia Institute of Technology), Michael Lutz (Rochester Institute of Technology)
This 1999 report offers a description of a software engineering body of knowledge and a curriculum model.
DOWNLOAD -
Software Architecture Evaluation with ATAM in the DoD System Acquisition Context
• Technical Note
By Matt Fisher, Lawrence G. Jones, Rick Kazman, John K. Bergey
This report explains the basics of software architecture and software architecture evaluation in a system acquisition context.
DOWNLOAD -
DoD Legacy System Migration Guidelines
• Technical Note
By Dennis B. Smith, John K. Bergey, Nelson W. Weiderman
This report provides a set of DoD legacy system migration guidelines.
DOWNLOAD -
Options Analysis for Reengineering (OAR): Issues and Conceptual Approach
• Technical Note
By Steve Woods, Nelson W. Weiderman, Dennis B. Smith, John K. Bergey
This 1999 report outlines the foundation of a structured and coherent method, based on the "horseshoe" model, that will help practitioners make appropriate reengineering choices.
DOWNLOAD -
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0
• Technical Report
By Sandra Behrens, Christopher J. Alberts, William R. Wilson, Richard D. Pethia
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.
DOWNLOAD -
Information Assurance Curriculum and Certification: State of the Practice
• Technical Report
By Sandra Behrens, Barbara Laswell, Derek Simmel
This 1999 report describes the state of the practice in information assurance and security curriculum and certification.
DOWNLOAD -
Guidelines for Developing a Product Line Concept of Operations
• Technical Report
By Sholom G. Cohen
This 1999 report provides guidelines for an organization that is developing a CONOPS document.
DOWNLOAD -
Simplex in a Hostile Communications Environment: The Coordinated Prototype
• Technical Report
By Danbing Seto, Lui R. Sha, Charles Weinstock, Neal Altman
This report describes an approach to using Simplex to construct a COTS-based computer system capable of coordinated real-time motion control in a hostile communications environment.
DOWNLOAD -
An Engineering Method for Safety Region Development
• Technical Report
By Danbing Seto, Lui R. Sha
This report studies tolerance of semantic faults, one of the crucial issues in the Simplex architecture.
DOWNLOAD -
Securing Internet Sessions with Sorbet
• Technical Note
By Scott Hissam, John E. Robert, Robert C. Seacord, Fred Long
To secure communications media connections, mechanisms must be built on top of the underlying facilities. This 1999 report discusses one such security mechanism and describes an implementation using CORBA-based interceptors.
DOWNLOAD -
Custom vs. Off-the-Shelf Architecture
• Technical Note
By Scott Hissam, Santiago Comella-Dorda, John E. Robert, Robert C. Seacord, Kurt C. Wallnau
This report compares GEE-based solutions and off-the-shelf solutions based on the EJB specification.
DOWNLOAD -
Why Do Organizations Have Assessments? Do They Pay Off?
• Technical Report
By Donna K. Dunaway, Gilles Des Rochettes, Paul Iredale, Itzhak Lavi, Guy Taylor, Ruth Berggren
In this 1999 report, the authors document their experiences regarding why an organization chooses to have a CBA IPI and what the organization gains from having conducted an assessment.
DOWNLOAD -
Architecture Tradeoff Analyses of C4ISR Products
• Technical Report
By William Wood, Mario R. Barbacci
This report describes how various C4ISR products can be used in the context of an ATAM evaluation and their relative value for generating quality attribute-specific scenarios required for an ATAM …
DOWNLOAD -
Theory and Practice of Enterprise JavaBean Portability
• Technical Note
By John E. Robert, Santiago Comella-Dorda, Robert C. Seacord
This paper presents sources of portability problems in EJB and illustrates them with some real examples.
DOWNLOAD -
Analysis of Courses in Information Management and Network System Security and Survivability
• Special Report
By Peter Capell
This report provides an overview of instructional systems design and its implications for analyzing curricula in the fields of information management and networked systems longevity.
DOWNLOAD -
The DoD Acquisition Environment and Software Product Lines
• Technical Note
By Lawrence G. Jones, Matt Fisher, John K. Bergey
This technical note examines three key DoD acquisition policies and regulations, along with their implications for launching a product line.
DOWNLOAD -
Building Blocks for Achieving Quality of Service with Commercial Off-the-Shelf (COTS) Middleware
• Technical Report
By Andreas Polze (Humboldt University of Berlin)
In this report, the authors discuss building blocks and techniques for fault-tolerant, real-time applications based on CORBA.
DOWNLOAD -
Simulation: An Enabling Technology in Software Engineering
• White Paper
By Alan M. Christie
This 1999 whitepaper suggests three reasons why the software engineering community could exploit simulation to much greater advantage.
DOWNLOAD -
Perceived Control of Software Developers and Its Impact on the Successful Diffusion of Information Technology
• Special Report
By Gina Green (University of South Florida), Alan R. Hevner (University of South Florida)
The purpose of this 1998 study is to better understand the technical and behavioral issues that are important in diffusing innovative software development techniques into practice.
DOWNLOAD -
COTS in the Real World: A Case Study in Risk Discovery and Repair
• Technical Note
By Scott Hissam, Daniel Plakosh
This report describes the investigations that were performed to determine how well selected commercial components met the mission needs of a DoD project.
DOWNLOAD -
Software Acquisition Capability Maturity Model (SA-CMM), Version 1.02
• Technical Report
By Matt Fisher, Jack Cooper, Robert W. Krut, Jr.
This document has been updated to a new version. If you want to see the newer document, see Software Acquisition Capability Maturity Model (SA-CMM), Version 1.03 (CMU/SEI-2002-TR-010).
DOWNLOAD -
A Software Engineering Body of Knowledge Version 1.0
• Technical Report
By Abir Qasem, Richard Turner, Soheil Khajenoori, Iraj Hirmanpour, Thomas B. Hilburn (Embry-Riddle Aeronautical University)
This 1999 report presents an effort to organize and catalog a body of knowledge for software engineering and to provide a systematic, concise, and complete description of the software engineering …
DOWNLOAD -
An Introduction to Software Engineering Practices Using Model-Based Verification
• Technical Report
By David P. Gluch, Jared Brockway
This is an introductory report on the use of model-based verification techniques within software development and upgrade practices.
DOWNLOAD -
Architecture-Based Development
• Technical Report
By Rick Kazman, Len Bass
This report presents a description of architecture-centric system development.
DOWNLOAD -
Why Reengineering Projects Fail
• Technical Report
By Nelson W. Weiderman, Dennis B. Smith, John K. Bergey, Steve Woods, Scott R. Tilley (Florida Institute of Technology)
This 1999 report highlights some of the most important reasons for failures in reengineering efforts despite the best of intentions.
DOWNLOAD -
Into the Black Box: A Case Study in Obtaining Visibility into Commercial Software
• Technical Note
By Daniel Plakosh, Kurt C. Wallnau, Scott Hissam
This 1999 report describes what we did to gain insight into Netscape's Communicator databases, the internal formats of the databases, and the password and encryption schemes used in the key3.db …
DOWNLOAD -
Third Product Line Practice Workshop Report
• Technical Report
By Grady Campbell, Dennis B. Smith, Len Bass, Paul C. Clements, Linda M. Northrop
This report synthesizes the workshop presentations and discussions, which described product line practices and analyzed issues in the areas of software engineering, technical management, and organizational management.
DOWNLOAD -
Quotations from Chairman David (A Little Red Book of Truths to Enlighten and Guide on the Long March Toward the COTS Revolution)
• Special Report
By David J. Carney
This brief and humorous publication examines some issues related to commercial off-the-shelf (COTS) products in DoD and government systems.
DOWNLOAD -
Software Architectural Transformation
• White Paper
By Rick Kazman, Steve Woods
This paper presents a concrete example of an architecturally-motivated reengineering task.
DOWNLOAD -
1998 CERT Incident Notes
• White Paper
By None
This document contains the CERT incident notes from 1998.
DOWNLOAD -
1998 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1998.
DOWNLOAD -
Continuously Improving Software Process
• Technical Report
By Mike D. Scott (Raytheon Systems Company), John F. Ryskowski (Raytheon Systems Company), Jane A. Moon (Raytheon Systems Company), Thomas O. Winfield (Raytheon Systems Company), Ken C. Shumate (Raytheon Systems Company), Ron R. Willis (Raytheon Systems Company), Robert M. Rova (Raytheon Systems Company), Martha J. Johnson (Raytheon Systems Company)
This report describes the work of the 1997 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
A Study of Practice Issues in Model-Based Verification Using the Symbolic Model Verifier (SMV)
• Technical Report
By David P. Gluch, Grama R. Srinivasan
This report presents the results of a study on the practice issues involved in using the Symbolic Model Verifier (SMV) for model checking software systems.
DOWNLOAD -
rlogin(1): The Untold Story
• Technical Report
By Larry Rogers
Members of the CERT/CC have analyzed coding defects with the goal of understanding each well enough to communicate the details to those responsible for fixing them and those responsible for …
DOWNLOAD -
Consistency in Dynamic Reconfiguration
• White Paper
By Peter H. Feiler
This paper examines issues relating to the impact of change in real-time control applications.
DOWNLOAD -
A Summary of DoD COTS-Related Policies
• White Paper
By David J. Carney, Tricia Oberndorf
This monograph examines seven documents that contain official guidance regarding the use of COTS products in Government systems.
DOWNLOAD -
DoD Security Needs and COTS-Based Systems
• White Paper
By Daniel Plakosh, Scott Hissam, David J. Carney
This monograph offers a "heads-up" to decision makers who are building information systems that have security constraints, who feel the market imperatives, and who want to make opportunistic use of …
DOWNLOAD -
Transition Packages for Expediting Technology Adoption: The Prototype Requirements Management Transition Package
• Technical Report
By Priscilla Fowler, Mac Patrick
This 1998 report describes the experience of building and evaluating a prototype transition package for organizations implementing processes in support of the Requirements Management key process area of the SEI's …
DOWNLOAD -
Model-Based Verification: A Technology for Dependable Upgrade
• Technical Report
By Charles Weinstock, David P. Gluch
This 1998 report outlines the technological foundations of model-based verification for engineering software system upgrades.
DOWNLOAD -
Case Study in Survivable Network System Analysis
• Technical Report
By Thomas A. Longstaff, Richard C. Linger (Oak Ridge National Laboratory), Robert J. Ellison, Nancy R. Mead
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
DOWNLOAD -
Browsers for Distributed Systems: Universal Paradigm or Siren's Song?
• Technical Report
By Scott Hissam, Robert C. Seacord
This report examines the technical issues relevant to incorporating web browsers as a component of a commercial off-the-shelf (COTS) -based solution.
DOWNLOAD -
Agora: A Search Engine for Software Components
• Technical Report
By Scott Hissam, Kurt C. Wallnau, Robert C. Seacord
This 1998 report documents Agora, a software prototype that was developed by the SEI to create an automatically generated and indexed database of software products classified by component model.
DOWNLOAD -
People CMM-Based Assessment Method Description
• Technical Report
By Bill Curtis (CAST Research Labs), William E. Hefley
This 1998 document provides a high-level overview of the People Capability Maturity Model (CMM)-Based Assessment Method.
DOWNLOAD -
Mapping MetaH into ACME
• Special Report
By Charles Weinstock, Mario R. Barbacci
This 1998 report explores the translation of MetaH into ACME.
DOWNLOAD -
An Approach for Selecting and Specifying Tools for Information Survivability
• Technical Report
By Derek Simmel, Robert Firth, Barbara Fraser, Suresh Konda
This paper proposes a lexicon of functionalities to characterize survivable systems activities, and an approach to analyze networked systems environments.
DOWNLOAD -
Software Acquisition Improvement Framework (SAIF) Definition
• Technical Report
By Matt Fisher, Reed Little, Rick Barbour, Ron Damer
This 1998 document discusses rationale behind the need for the Software Acquisition Improvement Framework (SAIF), the elements constituting the SAIF, and the intended operational usage of the SAIF.
DOWNLOAD -
The Architecture Tradeoff Analysis Method
• Technical Report
By Howard F. Lipson, Jeromy Carriere, Mario R. Barbacci, Rick Kazman, Mark H. Klein, Thomas A. Longstaff
This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in the architectures of software-intensive systems.
DOWNLOAD -
Case Study: Significant Schedule Delays in a Complex NDI-Based System
• White Paper
By David J. Carney
The expected audience for this monograph is a general audience, and the major issues tend to be more programmatic and managerial rather than purely technical.
DOWNLOAD -
Case Study: Evaluating COTS Products for DoD Information Systems
• White Paper
By David J. Carney, Carol Sledge
This monograph reports on a DoD program that undertook a detailed evaluation effort that examined several commercial products as candidates for a large information system.
DOWNLOAD -
View Extraction and View Fusion in Architectural Understanding
• White Paper
By Rick Kazman, Jeromy Carriere
This paper presents a workbench for architectural extraction called Dali, and shows how Dali supports flexible extraction and fusion of architectural information. Its use is described through two extended examples …
DOWNLOAD -
Steps in an Architecture Tradeoff Analysis Method: Quality Attribute Models and Analysis
• Technical Report
By Peter H. Feiler, Howard F. Lipson, Mark H. Klein, Thomas A. Longstaff, Charles Weinstock, Jeromy Carriere, Mario R. Barbacci
This paper presents some of the steps in an emerging architecture tradeoff analysis method (ATAM).
DOWNLOAD -
DoD Product Line Practice Workshop Report
• Technical Report
By Paul C. Clements, James Withey, Dennis B. Smith, Scott R. Tilley (Florida Institute of Technology), Linda M. Northrop, Lawrence G. Jones, Patrick Donohoe, Sholom G. Cohen, Robert W. Krut, Jr., John K. Bergey
This report synthesizes the 1998 product line workshop presentations and discussions that described selected product line practices and identified barriers and enablers to achieving these practices within the DoD.
DOWNLOAD -
The Architecture Tradeoff Analysis Method
• White Paper
By Rick Kazman, Thomas A. Longstaff, Jeromy Carriere, Mario R. Barbacci, Mark H. Klein, Howard F. Lipson
This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in design.
DOWNLOAD -
A Reverse-Engineering Environment Framework
• Technical Report
By Scott R. Tilley (Florida Institute of Technology)
This 1998 report describes a framework for reverse-engineering environments used to aid program understanding.
DOWNLOAD -
Second Product Line Practice Workshop Report
• Technical Report
By Len Bass, James Withey, Linda M. Northrop, Paul C. Clements, Gary Chastek, Dennis B. Smith
This report synthesizes the presentations and discussions from the Second SEI Product Line Practice Workshop, held in November 1997. Workshop participants identified factors involved in product line practices and analyzed …
DOWNLOAD -
Assessing Architectural Complexity
• White Paper
By Marcus Burth (University of Mannheim), Rick Kazman
This paper describes a system, called IAPR, that aids in architectural exploration and measurement by attempting to match patterns to an architecture.
DOWNLOAD -
COTS and Open Systems (Monograph)
• White Paper
By Tricia Oberndorf
This monograph offers a practical rather than theoretical approach to the issues of COTS and open systems.
DOWNLOAD -
Isolating Faults in Complex COTS-Based Systems
• White Paper
By David J. Carney, Scott Hissam
This monograph provides an overview of a method for isolating and overcoming faults in COTS-based systems.
DOWNLOAD -
Coming Attractions in Program Understanding II: Highlights of 1997 and Opportunities in 1998
• Technical Report
By Scott R. Tilley (Florida Institute of Technology)
This report highlights important developments in program-understanding work in 1997 and outlines some of the opportunities in the field in 1998.
DOWNLOAD -
Requirements for Integrating Software Architecture
• White Paper
By Jeromy Carriere, Steve Woods, Rick Kazman
This paper discusses the requirements and a generic framework for the integration of architectural and code-based reengineering tools.
DOWNLOAD -
A Study in the Use of CORBA in Real-Time Settings: Model Problems for the Manufacturing Domain
• Technical Report
By Kurt C. Wallnau, Andreas Polze (Humboldt University of Berlin), Daniel Plakosh
In this report, we describe the application of an off-the-shelf ORB to two real-time model problems.
DOWNLOAD -
1997 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1997.
DOWNLOAD -
The Personal Software Process (PSP): An Empirical Study of the Impact of PSP on Individual Engineers
• Technical Report
By Will Hayes, James W. Over
This 1997 report documents the results of a study that is important to everyone who manages or develops software. The study examines the impact of the Personal Software Process (PSP) …
DOWNLOAD -
Approaches to Legacy System Evolution
• Technical Report
By Scott R. Tilley (Florida Institute of Technology), Dennis B. Smith, Nelson W. Weiderman
This report outlines a comprehensive system evolution approach that incorporates an enterprise framework for the application of the promising technologies in the context of legacy systems.
DOWNLOAD -
An Approach to Software Architecture Analysis for Evolution and Reusability
• White Paper
By Chung-Horng Lung (Nortel), Sonia Bot (Nortel), Rick Kazman, Kalai Kalaichelvan (Nortel)
This paper presents an approach to capturing and assessing software architectures for evolution and reuse.
DOWNLOAD -
Directory of Industry and University Collaborations with a Focus on Software Engineering Education and Training, Version 6
• Special Report
By Kathy Beckman (Abacus Technology Corporation)
This 1997 directory describes 24 formal collaborative efforts to promote software engineering education and training activities among industry organizations and universities in the United States, Canada, and Australia.
DOWNLOAD -
Survivable Network Systems: An Emerging Discipline
• Technical Report
By Howard F. Lipson, Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead, Thomas A. Longstaff, David Fisher, Robert J. Ellison
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive …
DOWNLOAD -
Assessing Design Quality From a Software Architectural Perspective
• White Paper
By Rick Kazman, Jeromy Carriere
This whitepaper argues that good object oriented designs accrue from attention to both the design of objects and classes and to the architectural framework which defines how instances of those …
DOWNLOAD -
How to Use the Software Process Framework
• Special Report
By Linda Parker Gates
This 1997 report is intended to provide guidance on how to use the SPF for reviewing, analyzing, and designing software process documents that are consistent with the CMM for Software, …
DOWNLOAD -
Report of the STEP '97 Workshop on Net-Centric Computing
• Special Report
By Margaret-Anne Storey (University of Victoria), Scott R. Tilley (Florida Institute of Technology)
This 1997 report describes the STEP '97 conference, overviews the Net-Centric Computing workshop, and provides a summary of the invited presentations.
DOWNLOAD -
Enterprise Framework for the Disciplined Evolution of Legacy Systems
• Technical Report
By Linda M. Northrop, John K. Bergey, Dennis B. Smith
This 1997 report describes an enterprise framework that characterizes the global environment in which system evolution takes place and provides insight into the activities, processes, and work products that shape …
DOWNLOAD -
Software Process Automation: Interviews, Survey, and Workshop Results
• Technical Report
By Denis Cordelle (Cap Gemini Segoti), Linda Levine, Teresa Belton (Nolan Norton and Company), Edwin J. Morris, David Zubrow, Jean-Philippe Solvay (Cap Gemini Segoti), Bill Riddle, Larry Proctor (Nolan Norton and Company), Alan M. Christie, Jean-Eloi Ferotin (Cap Gemini Segoti)
This 1997 report describes the results of a two-year study of experiences with the adoption and use of software process automation.
DOWNLOAD -
Playing Detective: Reconstructing Software Architecture from Available Evidence
• Technical Report
By Rick Kazman, Jeromy Carriere
This paper presents Dali, an open, lightweight workbench that aids an analyst in extracting, manipulating, and interpreting architectural information.
DOWNLOAD -
Discovering DISCOVER
• Technical Report
By Scott R. Tilley (Florida Institute of Technology)
This 1997 report describes investigations into DISCOVER, a modern software development and maintenance environment.
DOWNLOAD -
Case Study: Correcting System Failure in a COTS Information System (Monograph)
• White Paper
By Scott Hissam
This monograph provides an in-depth technical study about a COTS-based information system made up of several commercial components.
DOWNLOAD -
Workshop on the State of the Practice in Dependably Upgrading Critical Systems
• Special Report
By Charles Weinstock, David P. Gluch
This report describes the results of the Workshop on the State of the Practice in Dependably Upgrading Critical Systems held April 16-17, 1997, at the Software Engineering Institute.
DOWNLOAD -
A Perspective on the State of Research in Fault-Tolerant Systems
• Special Report
By David P. Gluch, Charles Weinstock
This 1997 report presents a perspective on research in fault tolerance as it relates to dependability in software-based systems and attempts to describe the current state of and outline future …
DOWNLOAD -
Assembling Large Systems from COTS Components (Monograph)
• White Paper
By David J. Carney
This monograph, the first in a series, illuminates some general issues that can arise when pursuing a COTS-based approach in complex, heterogeneous systems.
DOWNLOAD -
Radical Improvements Require Radical Actions: Simulating a High-Maturity Software Organization
• Technical Report
By Steven Burke (Computer Sciences Corporation)
This 1997 report describes the methodology used to create a simulation of a high-maturity software organization and the results of that simulation.
DOWNLOAD -
Product Line Practice Workshop Report
• Technical Report
By Sholom G. Cohen, James Withey, Paul C. Clements, Len Bass, Linda M. Northrop
This 1997 report synthesizes the presentations and discussions from the 1996 SEI Product Line Practice Workshop. In this workshop, participants identified factors involved in product line practices and analyzed issues …
DOWNLOAD -
Distributed Object Technology with CORBA and Java: Key Concepts and Implications
• Technical Report
By Nelson W. Weiderman, Kurt C. Wallnau, Linda M. Northrop
This 1997 report analyzes the impact of distributed object technology (DOT) on software engineering practice.
DOWNLOAD -
Implications of Distributed Object Technology for Reengineering
• Technical Report
By Linda M. Northrop, Scott R. Tilley (Florida Institute of Technology), Dennis B. Smith, Nelson W. Weiderman, Kurt C. Wallnau
This 1997 report provides definitions of various software evolution concepts and a taxonomy of activities.
DOWNLOAD -
Proceedings of the Introducing Requirements Management into Organizations Workshop: Requirements Management Transition Packages (November 11-13, 1996)
• Special Report
By Mac Patrick, Priscilla Fowler
This 1997 report summarizes the findings and presents the raw data from the Introducing Requirements Management into Organizations workshop, hosted by the SEI in November 1996.
DOWNLOAD -
Estimating With Objects - Part XI
• White Paper
By Watts S. Humphrey
This column is the last in a series about estimating. This column describes some data on how the PROBE method that is described in these articles has helped engineers make …
DOWNLOAD -
Principles for Evaluating the Quality Attributes of a Software Architecture
• Technical Report
By Mark H. Klein, Mario R. Barbacci, Charles Weinstock
This report describes a few principles for analyzing a software architecture to determine if it exhibits certain quality attributes.
DOWNLOAD -
An Analysis of Security Incidents on the Internet
• White Paper
By John Howard, George Weaver
In this dissertation, John D. Howard reviews an analysis of security incidents on the Internet from between 1989 and 1995.
DOWNLOAD -
Estimating With Objects - Part X
• White Paper
By Watts S. Humphrey
This column is the tenth in a series about estimating. This column concludes the discussion of how object-oriented techniques can help you estimate and plan your work.
DOWNLOAD -
The Year 2000 Problem: Issues and Implications
• Technical Report
By Scott R. Tilley (Florida Institute of Technology), Hausi A. Muller (University of Victoria), Dennis B. Smith
This report outlines the basic issues of the so-called "Year 2000" (Y2K) problem and discusses some of its implications.
DOWNLOAD -
Estimating With Objects - Part IX
• White Paper
By Watts S. Humphrey
This column is the ninth in a series about estimating. This column continues the discussion of how object-oriented techniques can help you to estimate and plan your work.
DOWNLOAD -
Estimating With Objects - Part VIII
• White Paper
By Watts S. Humphrey
This column is the eighth in a series about estimating. This column continues the discussion of how to make software estimates.
DOWNLOAD -
Recommended Best Industrial Practice for Software Architecture Evaluation
• Technical Report
By Len Bass, Gregory Abowd, Amy Zaremski, Linda M. Northrop, Rick Kazman, Paul C. Clements
This report details the results of two workshops on software architecture evaluation, held at the SEI in 1996.
DOWNLOAD -
Estimating With Objects - Part VII
• White Paper
By Watts S. Humphrey
This column is the seventh in a series about estimating. This column continues the discussion of how to make software estimates.
DOWNLOAD -
1997 Tech Tip: Denial of Service Attacks
• White Paper
By None
This 1997 CERT Division tech tip describes denial-of-service attacks.
DOWNLOAD -
Report to the President's Commission on Critical Infrastructure Protection
• Special Report
By Thomas A. Longstaff, Linda Pesante, Richard D. Pethia, David Fisher, James Ellis
This 1997 report identifies threats to and vulnerabilities of the Internet and estimates the cascade effect that a successful, sustained attack on the Internet would have on the critical national …
DOWNLOAD -
Security of the Internet
• Special Report
By None
This report describes the status of cybersecurity in 1996.
DOWNLOAD -
1996 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1996.
DOWNLOAD -
Estimating With Objects - Part VI
• White Paper
By Watts S. Humphrey
This column is the sixth in a series about estimating. It continues the discussion of how to make size estimates.
DOWNLOAD -
Coming Attractions in Program Understanding
• Technical Report
By Scott R. Tilley (Florida Institute of Technology), Dennis B. Smith
This report identifies some of the emerging technologies in program understanding, which is the process of acquiring knowledge about a software artifact through analysis, abstraction,and generalization.
DOWNLOAD -
Software Acquisition Capability Maturity Model
• Technical Report
By John Marciniak, Jordan Matejceck, Anthony Guido, Matt Fisher, Michael Falat, Jack Cooper, Jack R. Ferguson
This 1996 version of the SA-CMM incorporates the results of lessons learned from the use of Version 1.0.
DOWNLOAD -
Cleanroom Software Engineering Implementation of the Capability Maturity Model (CMM) for Software
• Technical Report
By Richard C. Linger (Oak Ridge National Laboratory), Mark C. Paulk, Carmen J. Trammell
This report defines the Cleanroom software engineering implementation of the Capability Maturity Model for Software.
DOWNLOAD -
A Case Study in Structural Modeling
• Technical Report
By Lisa Brownsword, Gary Chastek
This report describes structural modeling, a technique for creating software architectures based on a small set of design elements called structural types.
DOWNLOAD -
Scenario-Based Analysis of Software Architecture
• White Paper
By Rick Kazman, Paul C. Clements, Gregory Abowd, Len Bass
This paper presents an experiential case study illustrating the methodological use of scenarios to gain architecture-level understanding and predictive insight into large, real-world systems in various domains.
DOWNLOAD -
Estimating With Objects - Part V
• White Paper
By Watts S. Humphrey
This column is the fifth in a series about estimating. It continues the discussion of how to make size estimates.
DOWNLOAD -
Investment Analysis of Software Assets for Product Lines
• Technical Report
By James Withey
This 1996 report introduces an approach that will help managers make resource allocation decisions.
DOWNLOAD -
Cleanroom Software Engineering Reference
• Technical Report
By Richard C. Linger (Oak Ridge National Laboratory), Carmen J. Trammell
This report defines the Cleanroom Software Engineering Reference Model (CRM), which is intended as a guide for Cleanroom project management and performance, process assessment and improvement, and technology transfer and …
DOWNLOAD -
Best Training Practices Within the Software Engineering Industry
• Technical Report
By Nancy R. Mead, Lawrence Tobin, Suzanne D. Couturiaux
This report provides the results of a benchmarking study to identify the best training practices within the software engineering community.
DOWNLOAD -
Estimating With Objects - Part IV
• White Paper
By Watts S. Humphrey
This column is the fourth in a series about estimating. It continues the discussion of how to make size estimates.
DOWNLOAD -
Directory of Industry and University Collaborations with a Focus on Software Engineering Education, Version 5
• Special Report
By Kathy Beckman (Abacus Technology Corporation)
This 1996 directory describes collaborative efforts to promote software engineering education among organizations in the United States and Canada.
DOWNLOAD -
A Case Study in Successful Product Line Development
• Technical Report
By Lisa Brownsword, Paul C. Clements
This report describes the experience of a company that builds large, complex, embedded, real-time shipboard command-and-control systems as a product line.
DOWNLOAD -
Estimating With Objects - Part III
• White Paper
By Watts S. Humphrey
This column is the third in a series about estimating. It starts the discussion of how to make size estimates.
DOWNLOAD -
Concept of Operations for ESC's Product Line Approach
• Technical Report
By Tom Royer (MITRE), Seymour Friedman (MITRE), Lorraine Martin (CARDS), Sholom G. Cohen, Nancy Solderitsch (CARDS)
This report describes ConOps and transition strategy for the product line approach to software systems development at the Air Force ESC.
DOWNLOAD -
Estimating With Objects - Part II
• White Paper
By Watts S. Humphrey
This is the second of a series of columns on software project estimating. It discusses program size and it provides a general background for all the columns to follow.
DOWNLOAD -
Transitioning a Model-Based Software Engineering Architectural Style to Ada 95
• Technical Report
By Anthony B. Gargaro, A. Spencer Peterson
This report describes the transition of a model-based software engineering architectural style to Ada 95, along with recommendations for the proposed software architecture map
DOWNLOAD -
Estimating With Objects - Part I
• White Paper
By Watts S. Humphrey
This column starts a series on estimating. In this first column, Watts Humphrey talks about why one should make estimates and then briefly discusses the elements of estimating.
DOWNLOAD -
Software Process Automation: Experiences from the Trenches
• Technical Report
By Larry Proctor (Nolan Norton and Company), Linda Levine, Alan M. Christie, Denis Cordelle (Cap Gemini Segoti), Jean-Eloi Ferotin (Cap Gemini Segoti), David Zubrow, Edwin J. Morris, Teresa Belton (Nolan Norton and Company), Jean-Philippe Solvay (Cap Gemini Segoti)
This 1996 report documents an empirical study that documented practical experiences related to software process automation and to identify what works and what does not.
DOWNLOAD -
Software Risk Management
• Technical Report
By Michael Christel, Kyo C. Kang (Pohang University of Science and Technology)
This 1996 report studies problems with requirements engineering that are not adequately addressed by specification techniques, with an elicitation method being proposed to handle these issues.
DOWNLOAD -
Transitioning Domain Analysis: An Industry Experience
• Technical Report
By Nathan Zalman, Karen Schnell, A. Bhatt
This report provides an industry example in the planning and execution of a research project using feature-oriented domain analysis (FODA).
DOWNLOAD -
A Controlled Experiment Measuring the Effect of Procedure Argument Type Checking on Programmer Productivity
• Technical Report
By Walter Tichy, Lutz Prechelt
This 1996 report describes an experiment to assess the error-detection capabilities of static intermodule type checking.
DOWNLOAD -
Domain Analysis Workshop Report for the Automated Prompt and Response System Domain
• Special Report
By Robert W. Krut, Jr., Nathan Zalman
This report includes descriptions of the domain analysis methodology used and the products developed at the 1996 BNR/NT workshop.
DOWNLOAD -
Fingertip Access to Software Engineering Information and Learning: SAIL on the Informedia DVLS
• Technical Report
By Harvey K. Hallman
This 1996 report discusses the means to access information into a technical repository so that a software engineering using a support system like Informedia DVLS can access it.
DOWNLOAD -
Software Capability Evaluation, Version 3.0, Implementation Guide for Supplier Selection
• Technical Report
By Rick Barbour
This 1996 report describes implementation guidance for Version 3.0 of the Software Capability Evaluation (SCE) method.
DOWNLOAD -
Software Capability Evaluation Version 3.0 Method Description
• Technical Report
By Paul Byrnes, Mike Phillips
This 1996 report describes Version 3.0 of the Software Capability Evaluation (SCE) Method.
DOWNLOAD -
CMM-Based Appraisal for Internal Process Improvement (CBA IPI): Method Description
• Technical Report
By Donna K. Dunaway, Steve Masters
This document provides a brief history of SEI appraisal methods, as well as establishing appraisals in the context of the IDEAL approach to software process improvement.
DOWNLOAD -
The Gadfly: An Approach to Architectural-Level System Comprehension
• White Paper
By Paul C. Clements, Kurt C. Wallnau, Edwin J. Morris
This paper describes the Gadfly, an approach for developing narrowly-focused, reusable domain models that can be integrated and (re)used to aid in the process of top-down system comprehension.
DOWNLOAD -
The Gadfly: An Approach to Architectural-Level System Comprehension
• White Paper
By Robert W. Krut, Jr., Edwin J. Morris, Paul C. Clements, Kurt C. Wallnau
This paper describes the Gadfly, an approach for developing narrowly-focused, reusable domain models that can be integrated and (re)used to aid in the process of top-down system comprehension.
DOWNLOAD -
Credibility and Commitment
• White Paper
By Watts S. Humphrey
This 1996 whitepaper explores how an organization can gain credibility by realistically planning work based on historical performance.
DOWNLOAD -
A Survey of Architecture Description Languages
• White Paper
By Paul C. Clements
This paper summarizes a taxonomic survey of ADLs that is in progress. Preliminary results allow conclusions to be drawn about what constitutes an ADL, and how contemporary ADLs differ.
DOWNLOAD -
A Collaboration in Implementing Team Risk Management
• Technical Report
By Audrey J. Dorofee, David P. Gluch, J. Travalent, E. Hubbard
This report presents results of a collaborative development effort to transition the Software Engineering Institute (SEI) team risk management process into practice.
DOWNLOAD -
An Evolutionary Perspective of Software Engineering Research Through Co-Word Analysis
• Technical Report
By Neal Coulter, Ira Monarch, Suresh Konda, Marvin Carr
This 1995 study applies various tools, techniques, and methods that the SEI is evaluating for analyzing information being produced at a very rapid rate in the discipline.
DOWNLOAD -
An Architectural Description of the Simplex Architecture
• Technical Report
By Lui R. Sha, Charles Weinstock, Michael J. Gagliardi, Jose German Rivera, Alejandro Andres Danylyszyn
This report describes SEI-developed Simplex, a software architecture for dependable and evolvable process-control systems.
DOWNLOAD -
State of the Practice Report: Problems in the Practice of Performance Engineering
• Technical Report
By Mark H. Klein
As systems have performance requirements, sometimes dominant and explicit, and other times subordinate and implicit. Despite the pervasiveness and importance of performance requirements, performance problems persist. To help us understand …
DOWNLOAD -
Software Architecture: An Executive Overview
• Technical Report
By Paul C. Clements, Linda M. Northrop
This report summarizes software architecture for an intended audience of mid to senior level management.
DOWNLOAD -
Tool Support for Architecture Analysis and Design
• White Paper
By Rick Kazman
This position paper first presents a set of requirements that an ideal tool for architectural design and analysis, and then presents a tool—called SAAMtool—that meets most, but not all, of …
DOWNLOAD -
A Case Study in Requirements for Survivable Systems
• White Paper
By Richard C. Linger (Oak Ridge National Laboratory), Robert J. Ellison, Thomas A. Longstaff, Nancy R. Mead
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
DOWNLOAD -
A Mature Profession of Software Engineering
• Technical Report
By Norman Gibbs, Gary Ford
This 1996 report presents a model that allows the characterization of the maturity of a profession in terms of eight infrastructure components.
DOWNLOAD -
Coming Attractions in Software Architecture
• Technical Report
By Paul C. Clements
This 1996 report identifies a set of promising lines of research related to software architecture and architecture-based system development.
DOWNLOAD -
1995 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1995.
DOWNLOAD -
Training Guidelines: Purchasing Training for a Software Organization
• Technical Report
By Ragunathan Rajkumar, Maribeth Carpenter, Michael J. Gagliardi, Harvey K. Hallman
This 1995 report includes a set of training guidelines that focuses on many of the issues surrounding the purchasing of software engineering training.
DOWNLOAD -
Quality Attributes
• Technical Report
By Mark H. Klein, Thomas A. Longstaff, Charles Weinstock, Mario R. Barbacci
This report describes efforts to develop a unifying approach for reasoning about multiple software quality attributes.
DOWNLOAD -
From Subroutines to Subsystems: Component-Based Software Development
• White Paper
By Paul C. Clements
This whitepaper provides a conceptual overview of component-based software development (CBSD) and discusses how CBSD is changing the way large software systems are developed.
DOWNLOAD -
Process Tailoring and the Software Capability Maturity Model
• Technical Report
By L. Quinn, Mark P. Ginsberg
This report presents a tailoring framework that explores the nature of various kinds of tailoring used in the definition and development of software process descriptions.
DOWNLOAD -
Relationships Between the Systems Engineering Capability Maturity Model and Other Products, Version 1.0
• Technical Report
By Gary Ford
This document is an initial effort at identifying and characterizing the relationships between SE-CMM practices and other products.
DOWNLOAD -
Raytheon Electronic Systems Experience in Software Process Improvement
• Technical Report
By Blake Ireland, Tom Haley, Ray Dion, Dan Nash, Ed Wojtaszek
This report describes the work of the 1995 recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and the IEEE Computer Society to recognize …
DOWNLOAD -
The Changing World of Software
• White Paper
By Watts S. Humphrey
Few expect software to be delivered on time and defect-free. How long will customers tolerate such performance? A closer look at the industry reveals that the software world needs to …
DOWNLOAD -
An Experiment in Software Development Risk Information Analysis
• Technical Report
By David P. Gluch, Ira Monarch
This report summarizes the results of an experiment that uses terminological structures derived from the application of K-SAV technology to textual data from the SERR resident at the SEI.
DOWNLOAD -
The Unified Information Security (INFOSEC) Architecture (UIA) Gadfly Project
• Technical Report
By Robert W. Krut, Jr., Fred Maymir-Ducharme, Kurt C. Wallnau, Paul C. Clements
This 1995 report discusses the results of a collaborative research and development activity between the Comprehensive Approach to Reusable Defense Software (CARDS) Program, the Department of Defense (DoD), and the …
DOWNLOAD -
Assessing the Quality of Large, Software-Intensive Systems: A Case Study
• White Paper
By Nelson W. Weiderman, Alan W. Brown, David J. Carney, Paul C. Clements, B. Craig Meyers, Dennis B. Smith, William Wood
This paper presents a case study in carrying out an audit of a large, software-intensive system.
DOWNLOAD -
Formal Methods in Describing Architectures
• White Paper
By Paul C. Clements
This paper presents Modechart, a specification language for hard-real-time embedded computer systems developed at the University of Texas at Austin. It presents the Modechart paradigm as an example of a …
DOWNLOAD -
Report on Distance Learning Technologies
• Technical Report
By Peter Capell
This 1995 report provides a wide view of the costs, risks, and benefits associated with instructional technology alternatives.
DOWNLOAD -
Training Guidelines: Creating a Training Plan for a Software Organization
• Technical Report
By Maribeth Carpenter, Harvey K. Hallman
Training is an organizational responsibility, but the software projects are responsible for identifying their needed skills and providing the necessary training when the project's needs are unique.
DOWNLOAD -
Distributed System Design Using Generalized Rate Monotonic Theory
• Technical Report
By Shirishq S. Sathaye, Lui R. Sha
This 1995 paper reviews the rate monotonic scheduling theory, examines the architectural requirements for the use of the theory, and provides an application example.
DOWNLOAD -
Moving On Up: Data and Experience Doing CMM-Based Process Improvement
• Technical Report
By Will Hayes, David Zubrow
An analysis of Software Process Assessment results from 48 organizations undertaking 2 or more assessments is presented in this report.
DOWNLOAD -
After the Appraisal: A Systematic Survey of Process Improvement, its Benefits, and Factors that Influence Success
• Technical Report
By James D. Herbsleb, Dennis Goldenson
This survey examines appraisals and process improvement efforts from a broad cross-section of software organizations.
DOWNLOAD -
A Software Architecture for Dependable and Evolvable Industrial Computing Systems
• Technical Report
By Lui R. Sha
This paper gives a brief overview of the underlying technologies of the Simplex architecture, which was developed to support safe and reliable online upgrade of hardware and software components.
DOWNLOAD -
A DoD Software Measurement Pilot: Applying the SEI Core Measures
• Technical Report
By William A. Florac, James A. Rozum
This 1995 report discusses observations, lessons learned, and recommendations from a DISA pilot effort to assess the issues involved in implementing a software measurement program across multiple sites and projects.
DOWNLOAD -
The Subject Matter of Process Improvement: A Topic and Reference Source for Software Engineering Educators and Trainers
• Technical Report
By Iraj Hirmanpour, Rosalind L. Ibrahim
This 1995 report provides a high-level topical overview of what can be taught or learned about process improvement. The aim is to assist software engineering educators and trainers in selecting …
DOWNLOAD -
An Architectural Analysis Case Study: Internet Information Systems
• White Paper
By Len Bass, Rick Kazman, Gregory Abowd, Paul C. Clements
This paper presents a method for analyzing systems for nonfunctional qualities from the perspective of their software architecture and applies this method to the field of Internet information systems (IISs).
DOWNLOAD -
Features of Architecture Description Languages
• White Paper
By Paul C. Clements, Paul Kogut
This 1995 whitepaper provides an overview of Architecture description languages (ADLs), an emerging notation for software architecture models.
DOWNLOAD -
Understanding Architectural Influences and Decisions in Large-System Projects
• White Paper
By Paul C. Clements
This paper discusses the approach taken in a pilot study to uncover the correlation, if any, between architectural influences and architectural decisions in large-scale, software-intensive development projects.
DOWNLOAD -
An Architectural Analysis Case Study:Internet Information Systems
• White Paper
By Gregory Abowd, Len Bass, Rick Kazman, Paul C. Clements
This paper presents a method for analyzing systems for nonfunctional qualities from the perspective of their software architecture and applies this method to the field of Internet information systems (IISs).
DOWNLOAD -
Technology Transition Pull: A Case Study of Rate Monotonic Analysis (Part 2)
• Technical Report
By Priscilla Fowler, Linda Levine
This case study reports on efforts to introduce a software technology, rate monotonic analysis, into several software-intensive programs at one site within a multinational firm.
DOWNLOAD -
Object-Oriented Software Measures
• Technical Report
By Michael Stinson, Clark Archer (Winthrop University)
This 1995 paper provides an overview of the merging of a paradigm and a process, the object-oriented paradigm and the software product measurement process.
DOWNLOAD -
A Case Study in Assessing the Maintainability of Large, Software-Intensive Systems
• White Paper
By Paul C. Clements, David J. Carney, Alan W. Brown
This paper presents a case study in assessing the maintainability of a large, software intensive system. The techniques used are described, and their strengths and weaknesses discussed.
DOWNLOAD -
A Case Study in Assessing the Maintainability of Large, Software-Intensive Systems
• White Paper
By David J. Carney, Alan W. Brown, Paul C. Clements
This paper presents a case study in assessing the maintainability of a large, software intensive system. The techniques used are described, and their strengths and weaknesses discussed.
DOWNLOAD -
CMM Appraisal Framework, Version 1.0
• Technical Report
By Steve Masters, Carol Bothwell
This report describes the common requirements used by the CMM-Based Appraisal (CBA) project in developing appraisal methods based on the Capability Maturity Model (CMM) for Software, Version 1.1.
DOWNLOAD -
A Manager's Checklist for Validating Software Cost and Schedule Estimates
• Special Report
By Robert E. Park
This 1995 report provides a checklist of questions to ask and evidence to look for when assessing the credibility of a software cost and schedule estimate.
DOWNLOAD -
Checklists and Criteria for Evaluating the Cost and Schedule Estimating Capabilities of Software Organizations
• Special Report
By Robert E. Park
This report provides criteria and checklists for evaluating the capability of an organization's software estimating process and the infrastructure that supports it.
DOWNLOAD -
1994 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1994.
DOWNLOAD -
Software Process Improvement in the NASA Software Engineering Laboratory
• Technical Report
By Rose Pajerski (NASA/Goddard Space Flight Center), M. Zelkowitz (University of Maryland), V. Basili (University of Maryland), Sharon Waligora (Computer Sciences Corporation), Gerald Page (Computer Sciences Corporation), Frank McGarry (NASA/Goddard Space Flight Center)
This report describes the work of the first recipient of the IEEE Computer Society Software Process Achievement Award, jointly established by the SEI and IEEE to recognize outstanding achievements in …
DOWNLOAD -
Characteristics of Higher Level Languages for Software Architecture
• Technical Report
By David Garlan, Mary Shaw
System designers use two primary ways of defining software architecture; this paper explains why neither alternative is adequate.
DOWNLOAD -
The Software Architecture Renaissance
• White Paper
By Paul C. Clements, Paul Kogut
The increasing importance of software in systems is also driving the software architecture renaissance. This article provides a brief overview of some important architecture related efforts.
DOWNLOAD -
Spinning a Web: Publishing the SEI Software Configuration Management Research on the World Wide Web
• Technical Report
By Cliff C. Huff
This 1994 report describes the contents of the configuration management research materials that have been published on the SEI World Wide Web (WWW) Server.
DOWNLOAD -
Proceedings of the First Annual Software Engineering Techniques Workshop, September 1994: Software Reengineering
• Special Report
By Dennis B. Smith, Giuseppe Lami, John K. Bergey, L. Green
The 1995 workshop on software reengineering established a foundation for capturing the best practices within reengineering and resulted in a detailed outline for a reengineering best practices handbook.
DOWNLOAD -
Benefits of CMM-Based Software Process Improvement: Executive Summary of Initial Results
• Special Report
By Anita Carleton, David Zubrow, Jane Siegel, James A. Rozum, James D. Herbsleb
This report provides an overview of some initial results of the effects of software process improvement efforts in 13 organizations.
DOWNLOAD -
Artificial Intelligence (AI) and ADA: Integrating AI with Mainstream Software Engineering
• Technical Report
By Jorge Diaz-Herrera
This report presents pragmatic problems posed by the integration of AI with conventional software engineering and within the framework of current ADA technology.
DOWNLOAD -
Replacing the Message Service Component in an Integration Framework
• Technical Report
By Alan W. Brown, Paul Zarrella
This 1994 report describes a task to examine interoperability aspects of the control integration component of the integration framework.
DOWNLOAD -
Toward Deriving Software Architectures from Quality Attributes
• Technical Report
By Len Bass, Rick Kazman
This report presents a method for deriving software architectures from a consideration of the non-functional qualities of a system.
DOWNLOAD -
Benefits of CMM-Based Software Process Improvement: Initial Results
• Technical Report
By Jane Siegel, James A. Rozum, Anita Carleton, James D. Herbsleb, David Zubrow
This 1994 report provides initial results of the effects of software process improvement efforts on organizations.
DOWNLOAD -
Experience with a Course on Architectures for Software Systems, Part II: Educational Materials
• Technical Report
By Mary Shaw, Jose Galmes, David Garlan
This report contains the materials used by the instructors to teach the course CS 15-775: Architectures for Software Systems in the Spring of 1994 in the School of Computer Science …
DOWNLOAD -
A Comparison of ISO 9001 and the Capability Maturity Model for Software
• Technical Report
By Mark C. Paulk
The purpose of this report is to contrast the CMM and ISO 9001, showing both their differences and their similarities.
DOWNLOAD -
A Construct for Describing Software Development Risks
• Technical Report
By David P. Gluch
This 1994 report establishes a representation of software risk wherein the risks associated with software-dependent development programs are defined as distinct, manageable risk entities.
DOWNLOAD -
Maturity Questionnaire
• Special Report
By Will Hayes, Dennis Goldenson, Jane Siegel, David Zubrow
This 1994 report contains the software process maturity questionnaire and is intended for those who are performing and learning about software process appraisals.
DOWNLOAD -
Software Capability Evaluation Version 2.0 Method Description
• Technical Report
By The Members of the CMM-Based Appraisal Project
This 1994 report describes Version 2.0 of the Software Capability Evaluation (SCE) Method, as taught at the SEI in the fourth quarter of 1993.
DOWNLOAD -
An Introduction to Team Risk Management (Version 1.0)
• Special Report
By Julie A. Walker, Ron Higuera, David P. Gluch, Audrey J. Dorofee, Richard L. Murphy, Ray C. Williams
This 1994 report defines the organizational structure and operational activities for managing risks throughout all phases of the life-cycle of a software-dependent development program.
DOWNLOAD -
Mapping a Domain Model and Architecture to a Generic Design
• Technical Report
By A. Spencer Peterson, Jay L. Stanley Jr.
This 1994 report describes a process for mapping domain information in Feature-Oriented Domain Analysis (FODA) into a generic design for a domain.
DOWNLOAD -
A Progress Report on Undergraduate Software Engineering Education
• Technical Report
By Gary Ford
This 1994 report reports on the growth of undergraduate software engineering education.
DOWNLOAD -
Interim Profile Development and Trial of a Method to Rapidly Measure Software Engineering Maturity Status
• Technical Report
By Roselyn Whitney, Elise Nawrocki, Will Hayes, Jane Siegel
This 1994 report provides information about the process used to develop the method for diagnosing software process maturity.
DOWNLOAD -
A Practical Guide to the Technology and Adoption of Software Process Automation
• Technical Report
By Alan M. Christie
This 1994 report identifies how process automation relates to both process improvement and CASE tools.
DOWNLOAD -
Exploring Hypermedia Information Services for Disseminating Software Engineering Information
• Technical Report
By William E. Hefley
This 1994 report describes the accomplishments of a pilot hypermedia information service embodying the conceptual definition of a pilot information base developed by the SEI.
DOWNLOAD -
Software Capability Evaluation (SCE) Version 2.0 Implementation Guide
• Technical Report
By The Members of the CMM-Based Appraisal Project
This 1994 report provides practical information that program managers can use to guide them through the process of using SCE in an acquisition.
DOWNLOAD -
From Domain Models to Architectures
• White Paper
By Paul C. Clements
This whitepaper was presented at the Workshop on Software Architecture, USC Center for Software Engineering, Los Angeles, 1994, by Paul Clements.
DOWNLOAD -
Procedure Calls Are the Assembly Language of Software Interconnection: Connectors Deserve First-Class Status
• Technical Report
By Mary Shaw
This 1994 report elevates the relations among software system components to first-class entities of the system, entitled to their own specifications and abstractions.
DOWNLOAD -
Beyond Objects: A Software Design Paradigm Based on Process Control
• Technical Report
By Mary Shaw
This report explains process control models and derives a software paradigm for control loop organizations.
DOWNLOAD -
An Introduction to Software Architecture
• Technical Report
By Mary Shaw, David Garlan
This paper provides an introduction to the emerging field of software architecture.
DOWNLOAD -
1993 CERT Advisories
• White Paper
By None
This document contains a detailed report of 19 CERT advisories issued in 1993.
DOWNLOAD -
Process Guide for the Domain-Specific Software Architectures (DSSA) Process Life Cycle
• Special Report
By James Armitage
This 1993 report describes the prototype domain-specific software architecture (DSSA) process life cycle developed by GTE as part of the ARPA, formerly DARPA DSAA program.
DOWNLOAD -
The SEI and NAWC: Working Together to Establish a Software Measurement Program
• Technical Report
By James A. Rozum
This 1993 report is meant to help organizations that desire to start a software measurement program or have been struggling with such a program by providing an example of one …
DOWNLOAD -
An ADA Binding to the SAFENET Lightweight Application Services
• Technical Report
By B. Craig Meyers, Gary Chastek
This document describes an ADA binding to the Survivable ADAptable Fiber Optic Embedded Network (SAFENET) lightweight application services.
DOWNLOAD -
Case Studies of Software Process Improvement Methods
• Technical Report
By Daniel J. Paulish
This report describes the case studies approach applied at a number of Siemens software development organizations to observe the impact of software process improvement methods.
DOWNLOAD -
An Acquisition Process for the Management of Risks of Cost Overrun and Time Delay Associated with Software Development
• Technical Report
By Clyde Chittister, Yacov Haimes
This 1993 report proposes a systematic acquisition process that is aimed at assessing and managing the risks of cost overruns and time delays associated with software development.
DOWNLOAD -
Technology Transition Push: A Case Study of Rate Monotonic Analysis (Part 1)
• Technical Report
By Linda Levine, Priscilla Fowler
This case study reports on efforts to transform rate monotonic scheduling theory into a practical analytical technique and to transition that technique into routine practice among developers and maintainers of …
DOWNLOAD -
A Conceptual Framework for Software Technology Transition
• Technical Report
By Linda Levine, Priscilla Fowler
This report presents a conceptual framework that integrates and describes the intersections of three lifecycles of software technology transition: research and development, new product development, and adoption and implementation in …
DOWNLOAD -
A Taxonomy of Coordination Mechanisms Used in Real-Time Software Based on Domain Analysis
• Technical Report
By Jose L. Fernandez
This 1993 report proposes a taxonomy of the coordination mechanisms for the synchronization and communication of concurrent processes.
DOWNLOAD -
Reference Model for Project Support Environments (Version 2.0)
• Technical Report
By Tricia Oberndorf, Alan W. Brown, David J. Carney, M. Zelkowitz (University of Maryland)
The goal of the PSE Standards Working Group is to provide an interface standard that can be used by project managers as an aid in procuring or assembling a PSE …
DOWNLOAD -
The Use of ASN.1 and XDR for Data Representation in Real-Time Distributed Systems
• Technical Report
By B. Craig Meyers, Gary Chastek
This report provides an overview of two standards that are used for data specification and representation in distributed systems.
DOWNLOAD -
Results of a Workshop on Research in Incident Handling
• Special Report
By Thomas A. Longstaff
This document contains the results of the first CERT Invitational Workshop on Research in Incident Handling, held at the Software Engineering Institute in November 1992.
DOWNLOAD -
Software Product Liability
• Technical Report
By Watts S. Humphrey, Jody Armour (School of Law, University of Pittsburgh)
This 1993 Software Engineering Institute (SEI) report explores the effects of software defects.
DOWNLOAD -
Structural Modeling: An Application Framework and Development Process for Flight Simulators
• Technical Report
By Linda M. Northrop, Gregory Abowd, Len Bass, Larry Howard
This paper presents the structural modeling approach, an application framework and development process for the construction of flight simulators.
DOWNLOAD -
An Investigation into the State of the Practice of CASE Tool Integration
• Technical Report
By Edwin J. Morris, Alan W. Brown, Jock Rader
This 1993 report details observations and analyzes the current state of the practice of CASE tool integration.
DOWNLOAD -
Reengineering: An Engineering Problem
• Special Report
By Peter H. Feiler
This 1993 report discusses a plan that addresses how the Software Engineering Institute (SEI) may assist the Department of Defense (DoD) in reengineering its large software-intensive systems.
DOWNLOAD -
Establishing a Software Measurement Process
• Technical Report
By Donald R. McAndrews
This 1993 report presents guidelines for establishing a measurement process as part of an organization's overall software process.
DOWNLOAD -
Software Capability Evaluation (SCE) Version 1.0 Implementation Guide
• Technical Report
By Software Capability Evaluation Project
This 1993 implementation guide provides practical information on how to use Software Capability Evaluation (SCE) in an acquisition.
DOWNLOAD -
Dependable Software Technology Exchange
• Special Report
By Fred Schneider, Charles Weinstock
This report summarizes the discussions at the 1993 Dependable Software Technology Exchange meeting.
DOWNLOAD -
A Software Process Framework for the SEI Capability Maturity Model Repeatable Level
• Special Report
By Linda Parker Gates, Timothy G. Olson, Julia L. Mullaney, James W. Over, Neal R. Reizer, Marc I. Kellner, Richard W. Phillips, Salvatore J. DiGennaro
This 1993 document describes a Software Process Framework (SPF) based on the Software Engineering Institute's (SEI) Capability Maturity Model (CMM).
DOWNLOAD -
Process-Centered Development Environments: An Exploration of Issues
• Technical Report
By Alan M. Christie
This 1993 report addresses process definition and enactment (PCDE) issues which pertain to the specification and design of a PCDE.
DOWNLOAD -
Safety-Critical Software: Status Report and Annotated Bibliography
• Technical Report
By Kyo C. Kang (Pohang University of Science and Technology), Patrick R. Place
The purpose of the report is to bring together concepts necessary for the development of software in safety-critical systems.
DOWNLOAD -
Taxonomy-Based Risk Identification
• Technical Report
By Ira Monarch, Clay F. Walker, Marvin Carr, Suresh Konda, F. Carol Ulrich
This 1993 report describes a method for facilitating the systematic and repeatable identification of risks associated with the development of a software-dependent project.
DOWNLOAD -
A Study in Software Maintenance
• Technical Report
By Alan W. Brown, Alan M. Christie, Susan A. Dart
This report presents the results of interviews between CASE Environments Project team members and personnel in eight software maintenance projects within an agency of the U.S. government. The purpose of …
DOWNLOAD -
Concepts on Measuring the Benefits of Software Process Improvement
• Technical Report
By James A. Rozum
This report describes concepts that organizations can tailor to develop a method for determining the benefits they have received from their software process improvement activities.
DOWNLOAD -
AMORE: The Advanced Multimedia Organizer for Requirements Elicitation
• Technical Report
By David P. Wood, Scott Stevens, Michael Christel
This paper introduces the AMORE, a system that embodies a synthesis of technologies adapted specifically for application to requirements elicitation processes and models.
DOWNLOAD -
Software Capability Evaluation (SCE) Version 1.5 Method Description
• Technical Report
By Michael F. Dedolph, Paul Byrnes, John Maphis, Rajesh Puranik, Elwood H. Mead, Ed Averill
This 1993 report describes Version 1.5 of the Software Capability Evaluation (SCE) method, as taught at the Software Engineering Institute (SEI) from January 1992 to June 1993.
DOWNLOAD -
Integrating 001 Tool Support into the Feature-Oriented Domain Analysis Methodology
• Technical Report
By Robert W. Krut, Jr.
This 1993 report addresses the need for additional tool support for the SEI's FODA methodology.
DOWNLOAD -
An Overview of PCTE: A Basis for a Portable Common Tool Environment
• Technical Report
By Fred Long, Edwin J. Morris
This 1993 report details the history and current status of PCTE and PCTE-based environments.
DOWNLOAD -
Distributed Real-Time System Design: Theoretical Concepts and Applications
• Technical Report
By Shirishq S. Sathaye, Lui R. Sha
This 1993 paper describes the use of generalized rate monotonic scheduling theory for the design and analysis of a distributed real-time system.
DOWNLOAD -
Software Architectures for Shared Information Systems
• Technical Report
By Mary Shaw
This 1993 paper reviews historical examples of shared information systems in three different applications whose requirements share some common features about collecting, manipulating, and preserving large bodies of complex information.
DOWNLOAD -
Capability Maturity Model for Software (Version 1.1)
• Technical Report
By Charlie Weber, Mark C. Paulk, Bill Curtis (CAST Research Labs), Mary Beth Chrissis
This paper provides a technical overview of the CMM for software and reflects version 1.1.
DOWNLOAD -
Key Practices of the Capability Maturity Model Version 1.1
• Technical Report
By Suzanne Miller, Mary Beth Chrissis, Marilyn Bush, Mark C. Paulk, Charlie Weber
This 1993 document provides key practices that correspond to each maturity level of the CMM and information on how to interpret the key practices.
DOWNLOAD -
A Survey of Commonly Applied Methods for Software Process Improvement
• Technical Report
By Robert D. Austin, Daniel J. Paulish
This report, published in 1993, describes a number of commonly applied methods for improving the software development process.
DOWNLOAD -
1992 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1992.
DOWNLOAD -
Report on Senior Executive Seminars on Software Issues
• Special Report
By Frank Sisti, William Sweet
This 1992 report expands on the activities executed by the Software Engineering Institute (SEI) associated with raising the software issue awareness of senior executives in the areas of senior defense …
DOWNLOAD -
Performance and ADA Style for the AN/BSY-2 Submarine Combat System
• Technical Report
By Patrick Donohoe, Neal Altman
This 1992 report describes the effect of Ada coding style on the execution performance of Ada programs.
DOWNLOAD -
Control Integration through Message Passing
• Technical Report
By Alan W. Brown
This paper examines the message passing approach to integration in an SDE, looks at the general principles of the approach, and describes existing implementations.
DOWNLOAD -
Durra: A Task Description Language User's Manual (Version 2)
• Technical Report
By Dennis N. Doubleday, Mario R. Barbacci
This 1992 document describes the use of Durra, a task-level application description language, and its associated toolset.
DOWNLOAD -
Joint Integrated Avionics Working Group (JIAWG) Object-Oriented Domain Analysis Method (JODA)
• Special Report
By Robert R. Holibaugh
This 1992 report presents a case for the investigation and adaptation of structural and dynamic modeling techniques to the engineering of systems of systems.
DOWNLOAD -
Guide to CASE Adoption
• Technical Report
By Edwin J. Morris, Dennis B. Smith, Kimberly Stepien-Oakes
This 1992 guide answers questions organizations may have concerning CASE technology, and provides a strategy for the adoption of CASE tools into an organization.
DOWNLOAD -
Analysis of a Software Maintenance System: A CASE Study
• Technical Report
By Howard Slomer, Alan M. Christie
This paper documents and analyzes an existing, moderate size, software maintenance project.
DOWNLOAD -
Academic Legitimacy of the Software Engineering Discipline
• Technical Report
By Dan Berry
This report examines the academic substance of software engineering and identifies the basic research questions and the methods used to answer them.
DOWNLOAD -
A Classification and Bibliography of Software Prototyping
• Technical Report
By Kyo C. Kang (Pohang University of Science and Technology), David P. Wood
This report presents an overview of technology and literature relating to the creation and use of software system prototypes.
DOWNLOAD -
ADA Adoption Handbook: A Program Manager's Guide, Version 2.0
• Technical Report
By John B. Goodenough, Chuck Engle Jr., John T. Foreman, William E. Hefley
The handbook addresses the advantages and risks in adopting ADA. Significant emphasis has been placed on providing information and suggesting methods that will help program and project managers succeed in …
DOWNLOAD -
Software Process Development and Enactment: Concepts and Definitions
• Technical Report
By Watts S. Humphrey, Peter H. Feiler
This 1992 report defines a core set of concepts about the software process. These concepts are intended to facilitate communications and to provide a framework for further definitions.
DOWNLOAD -
Proceedings of the CASE Management Workshop
• Technical Report
By Cliff C. Huff, Dennis B. Smith, Edwin J. Morris, Paul Zarrella
This report summarizes the proceedings of the 1992 CASE Management Workshop. At this workshop, SEI affiliates discussed management topics such as CASE acquisition policy, the limits of CASE tools, CASE …
DOWNLOAD -
Software Measurement for DoD Systems: Recommendations for Initial Core Measures
• Technical Report
By Elizabeth K. Bailey, Shari Lawrence Pfleeger, William A. Florac, Wolfhart B. Goethert, Robert E. Park, Anita Carleton
This 1992 report presents recommendations for a basic set of software measures that Department of Defense (DoD) organizations can use to help plan and manage the acquisition, development, and support …
DOWNLOAD -
Software Size Measurement: A Framework for Counting Source Statements
• Technical Report
By Robert E. Park
This 1992 report presents guidelines for defining, recording, and reporting frequently used measures of software size: physical source lines and logical source statements.
DOWNLOAD -
Software Effort and Schedule Measurement: A Framework for Counting Staff-Hours and Reporting Schedule Information
• Technical Report
By Mary B. Busby, Elizabeth K. Bailey, Wolfhart B. Goethert
This 1992 report contains guidance for constructing and communicating clear definitions for important measures that can help us plan, manage, and improve our software projects and processes.
DOWNLOAD -
Software Quality Measurement: A Framework for Counting Problems and Defects
• Technical Report
By William A. Florac
This 1992 report presents mechanisms for describing and specifying software problems and defects--two software measures used to understand and predict software product quality and software process efficacy.
DOWNLOAD -
Software Measures and the Capability Maturity Model
• Technical Report
By Mark S. McWhinney, John H. Baumert (Computer Sciences Corporation)
This 1992 document describes a set of software measures that are compatible with the measurement practices described in the Capability Maturity Model for Software.
DOWNLOAD -
Software Development Risk: Opportunity, Not Problem
• Technical Report
By Roger Van Scoy
This 1992 report examines problems that exist in software development today and present the SEI's approach to turning risk into opportunity.
DOWNLOAD -
Issues in Requirements Elicitation
• Technical Report
By Kyo C. Kang (Pohang University of Science and Technology), Michael Christel
This 1992 report proposes an elicitation methodology to handle problems with requirements engineering that are not adequately addressed by specification techniques.
DOWNLOAD -
Experience with a Course on Architectures for Software Systems Part I: Course Description
• Technical Report
By Mary Shaw, David Garlan, Curtis M. Scott, Roy F. Swonger, Chris Okasaki
The "software architecture" level of software design was the subject of a course taught at the SEI in 1992. This report presents the motivation for the course, the content and …
DOWNLOAD -
The Past, Present, and Future of Configuration Management
• Technical Report
By Susan A. Dart
This 1992 paper outlines future issues affecting solutions to CM problems. To put the future into perspective, it is necessary to discuss the past and present situation for CM.
DOWNLOAD -
A Concept Study for a National Software Engineering Database
• Technical Report
By Patricia B. Van Verth
This report provides information obtained from an informal survey of members of the software engineering community about a national database.
DOWNLOAD -
An Analysis of SEI Software Process Assessment Results 1987-1991
• Technical Report
By Steve Masters, David Kitson
This report focuses on the results of SEI software process assessments conducted over a four year period beginning in 1987.
DOWNLOAD -
Application of Feature-Oriented Domain Analysis to the Army Movement Control Domain and Appendices A-I
• Technical Report
By Jay L. Stanley Jr., A. Spencer Peterson, Robert W. Krut, Jr., Sholom G. Cohen
This report documents an analysis of the army movement control domain performed by the SEI and a team of experts from the army.
DOWNLOAD -
Introduction to Software Process Improvement
• Technical Report
By Watts S. Humphrey
This 1992 report explains why some of software problems have been difficult for organizations to address and outlines the actions required to address them.
DOWNLOAD -
Analysis of Reservation-Based Dual-Link Networks
• Technical Report
By Jay K. Strosnider, Shirishq S. Sathaye, Lui R. Sha
This report outlines a general model of reservation-based dual-link networks to support real-time communication.
DOWNLOAD -
Software Measurement Concepts for Acquisition Program Managers
• Technical Report
By James A. Rozum
This 1992 report provides basic concepts that program managers can use to integrate measurement into the process for managing software development.
DOWNLOAD -
Proceedings of the CASE Adoption Workshop
• Technical Report
By Dennis B. Smith, Edwin J. Morris, Kimberly Stepien-Oakes, Cliff C. Huff
The 1992 report summarizes the results of the SEI-sponsored workshop, held to address key CASE adoption issues.
DOWNLOAD -
Parallels in Computer-Aided Design Framework and Software Development Environment Efforts
• Technical Report
By Susan A. Dart
This 1992 paper raises awareness about the similarities between the efforts of the SDE community and the electronic CAD framework community.
DOWNLOAD -
Issues and Techniques of CASE Integration with Configuration
• Technical Report
By Kurt C. Wallnau
This 1992 report describes key issues of the integration of CASE with CM from a third-party integrator's perspective.
DOWNLOAD -
ADA Validation Tests for Rate Monotonic Scheduling Algorithm
• Technical Report
By Kent Meyer, Keith A. Kohout, John B. Goodenough
This report presents a set of tests for checking whether an ADA runtime system properly supports certain rate monotonic scheduling algorithms, specifically, the basic inheritance and priority ceiling protocols.
DOWNLOAD -
A Conceptual Framework for System Fault Tolerance
• Technical Report
By Charles Weinstock, Walter Heimerdinger (Honeywell)
This document provides vocabulary, discusses system failure, describes mechanisms for making systems fault tolerant, and provides rules for developing fault-tolerant systems.
DOWNLOAD -
Understanding Integration in a Software Development Environment
• Technical Report
By Alan W. Brown, Kurt C. Wallnau, Peter H. Feiler
This 1992 report examines Software Development Environments (SDEs) from an integration perspective, describing the previous work in this area and analyzing the integration issues that must be addressed in an …
DOWNLOAD -
An Analysis Technique for Examining Integration in a Project Support Environment
• Technical Report
By Peter H. Feiler, Alan W. Brown
This report describes the use of a Project Support Environment (PSE) services reference model as an analysis technique that helps in describing, understanding, and comparing aspects of integration in a …
DOWNLOAD -
1991 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1991.
DOWNLOAD -
CASE Studies in Environment Integration
• Technical Report
By Peter H. Feiler, Edwin J. Morris, Dennis B. Smith
This report identifies areas where successful standardization would improve tool and environment integration, as well as to pinpoint areas where successful integration standards exist.
DOWNLOAD -
Durra: A Task-Level Description Language Reference Manual (Version 3)
• Technical Report
By Charles Weinstock, Michael J. Gardner, Dennis N. Doubleday, Mario R. Barbacci, Randall W. Lichota
This 1991 report describes the Durra language and incorporates the language changes introduced as a result of our experiences writing application descriptions in Durra.
DOWNLOAD -
A Description of Cluster Code Generated by the Durra Compiler
• Technical Report
By Charles Weinstock, Michael J. Gardner, Dennis N. Doubleday
This document helps Durra application developers acquire an understanding of the concepts necessary to be effective Durra application debuggers.
DOWNLOAD -
Design Specifications for ADAptive Real-Time Systems
• Technical Report
By Randall W. Lichota
This 1991 report presents a design specification method that treats a software architecture as a set of runtime entities.
DOWNLOAD -
Building Distributed ADA Applications from Specifications and Functional Components
• Technical Report
By Michael J. Gardner, Mario R. Barbacci, Dennis N. Doubleday, Randall W. Lichota, Charles Weinstock
This report describes Durra, a language and support environment for the specification and execution of distributed Ada applications.
DOWNLOAD -
A Comparison of U.S. and Japanese Software Process Maturity
• Technical Report
By Julia Gale, David Kitson, Watts S. Humphrey
This 1991 report characterizes the software processes used by U.S. and Japanese software managers and practitioners.
DOWNLOAD -
Requirements Engineering and Analysis Workshop Proceedings
• Technical Report
By Gregory Zelesnik, Mark H. Graham, Gary Chastek
At the 1991 Requirements Engineering and Analysis Workshop was held to brainstorm ways in which the DoD deal more effectively with the requirements of mission-critical systems.
DOWNLOAD -
Fault Tolerant Systems Practitioner's Workshop June 10-11, 1991
• Special Report
By Walter Heimerdinger (Honeywell), Charles Weinstock
This 1991 report summarizes workshop discussions about the state of the practice in fault-tolerant systems and barriers to the deployment of fault-tolerant systems.
DOWNLOAD -
A Critical Review of the Current State of IPSE Technology
• Technical Report
By Alan W. Brown
This 1991 report evaluates the state of research work in IPSE, suggests reasons for the relative lack of success, and makes proposals for ensuring measured progress in the future.
DOWNLOAD -
Issues in Tool Acquisition
• Technical Report
By Edwin J. Morris, Paul Zarrella, Dennis B. Smith
This 1991 technical report identifies issues involved in the acquisition of CASE tools.
DOWNLOAD -
Durra: An Integrated Approach to Software Specification, Modeling, and Rapid Prototyping
• Technical Report
By Randall W. Lichota, Charles Weinstock, Dennis N. Doubleday, Mario R. Barbacci
This 1991 paper discusses the relationship between software specification, modeling and prototyping activities as part of a real-time system development strategy.
DOWNLOAD -
An Application-Level Implementation of the Sporadic Server
• Technical Report
By Lui R. Sha, Michael Gonzalez Harbour
The purpose of this paper is to introduce a sporadic server algorithm that can be implemented as an application-level task, and that can be used when no runtime or operating …
DOWNLOAD -
Models for Undergraduate Project Courses in Software Engineering
• Technical Report
By Mary Shaw, James E. Tomayko
This 1991 report discusses 1) how software engineering course instructors balance technical and management topics and 2) the relation between the lecture and project components.
DOWNLOAD -
Measurement in Practice
• Technical Report
By Charles Cox, Stan Rifkin
This 1991 report presents the results of site surveys of 11 divisions of 8 organizations that have gained reputations for having excellent4 measurement practices.
DOWNLOAD -
Issues in Real-Time Data Management
• Technical Report
By Mark H. Graham
This 1991 report explores issues related to the use of database management technology in support of real-time systems programming.
DOWNLOAD -
A Context Analysis of the Movement Control Domain for the Army Tactical Command and Control System (ATCCS)
• Special Report
By Sholom G. Cohen, A. Spencer Peterson
This 1991 report describes the results of the first phase of a domain analysis performed by the SEI's Domain Analysis Project.
DOWNLOAD -
Notes on Applications of the SQL ADA Module Description Language (SAMeDL)
• Technical Report
By Gary Chastek, Gregory Zelesnik, Mark H. Graham
This 1991 report shows how the SAMeDL can be adapted and extended to provide services to applications needing advanced features or having other unusual requirements.
DOWNLOAD -
Software Engineering Education Directory (1991)
• Technical Report
By Gary Ford
This 1991 report provides information about software engineering courses and software engineering degree programs offered by colleges and universities, primarily in the United States.
DOWNLOAD -
Tool Integration and Environment Architectures
• Technical Report
By Peter H. Feiler, Kurt C. Wallnau
This paper describes the evolution of environment architectures to support federated CASE integration and outlines the implications of this evolution on the technical issues of CASE tool integration.
DOWNLOAD -
SEI Report on Graduate Software Engineering Education (1991)
• Technical Report
By Gary Ford
This 1991 report on graduate software engineering education presents a variety of information for university educators interested in establishing a software engineering program.
DOWNLOAD -
Evaluation of Process Modeling Improvements
• Technical Report
By Robert W. Krut, Jr., David P. Wood
This 1991 report describes the results of the introduction of certain modifications to the process modeling techniques used at the SEI.
DOWNLOAD -
Rationale for SQL ADA Module Description Language SAMeDL
• Technical Report
By Gary Chastek, Gregory Zelesnik, Mark H. Graham
This document is a companion to the SAMeDL Reference Manual. Whereas the Reference Manual is meant to be precise, the Rationale is meant to be clear.
DOWNLOAD -
Rate Monotonic Analysis for Real-Time Systems
• Technical Report
By Lui R. Sha, John B. Goodenough, Mark H. Klein
In this report, we review important decisions in the development of RMA. Our experience indicates that technology transition considerations should be embedded in the process of technology development from the …
DOWNLOAD -
Configuration Management Models in Commercial Environment
• Technical Report
By Peter H. Feiler
This 1991 report analyzes CM models with respect to their potential impact on the software development process, resulting in several observations.
DOWNLOAD -
Rationale for SQL ADA Module Language Description (SAMeDL)
• Technical Report
By Gregory Zelesnik, Gary Chastek, Mark H. Graham
This 1991 document provides an explanation of the problem solved by the SQL Ada Module Description Language (SAMeDL).
DOWNLOAD -
Formal Development of ADA Programs Using Z and Anna: A Case Study
• Technical Report
By William Wood, Patrick R. Place
This 1991 report describes ANNotated ADA (Anna), a method for the formal development of ADA programs from a formal specification written in Z.
DOWNLOAD -
Generic Avionics Software Specification
• Technical Report
By Lee Lucas (Naval Weapons Center), Doug Locke, John B. Goodenough
This 1990 report informally specifies the general functions, data interactions, and timing constraints for an avionics mission control computer system typical of those found in some existing U.S. Navy/Marine Corps …
DOWNLOAD -
Spectrum of Functionality in Configuration Management Systems
• Technical Report
By Susan A. Dart
This 1990 report highlights a spectrum of features provided by existing CM systems.
DOWNLOAD -
CASE Tool Integration and Standardization
• Technical Report
By Paul Zarrella
This report addresses the issues, problems, and resolution efforts related to CASE tool integration and standardization from the users' perspective.
DOWNLOAD -
STARS/Users Workshop: Final Report: Issues for Discussion Groups
• Technical Report
By Judy Bamberger
This report summarizes the discussions from the 1990 STARS/Users Workshop.
DOWNLOAD -
A Design Space and Design Rules for User Interface Software Architecture
• Technical Report
By Thomas G. Lane
This report describes the architecture of user interface systems using a design space that identifies the key architectural choices and classifies the available alternatives.
DOWNLOAD -
Studying Software Architecture Through Design Spaces and Rules
• Technical Report
By Thomas G. Lane
The 1990 report describes a multi-dimensional design space that classifies system architectures.
DOWNLOAD -
Feature-Oriented Domain Analysis (FODA) Feasibility Study
• Technical Report
By Sholom G. Cohen, William E. Novak, Kyo C. Kang (Pohang University of Science and Technology), A. Spencer Peterson, James A. Hess
This 1990 report establishes methods for performing a domain analysis and describes the products of the domain analysis process.
DOWNLOAD -
Transaction-Oriented Configuration Management: A Case Study
• Technical Report
By Grace Downey, Peter H. Feiler
This report illustrates some of the advances in software configuration management (SCM) concepts by example of a particular commercial system: the Sun Network Software Environment (NSE).
DOWNLOAD -
Tool Version Management Technology: A Case Study
• Technical Report
By Peter H. Feiler, Grace Downey
This report describes a portion of the problem of maintaining tools for the purpose of software development.
DOWNLOAD -
The SQL ADA Module Description Language SAMeDL, Version 3.75
• Technical Report
By Mark H. Graham, Gary Chastek, Gregory Zelesnik
This 1990 manual outlines the SQL ADA Module Description Language (SAMeDL), which is used to describe database services needed by ADA application programs.
DOWNLOAD -
Prospects for an Engineering Discipline of Software
• Technical Report
By Mary Shaw
This 1990 report examines the practice of engineering and the way it has evolved in other disciplines.
DOWNLOAD -
Software Engineering Process Group Guide
• Technical Report
By Priscilla Fowler, Stan Rifkin
This 1990 document offers guidance on how to establish a software engineering process group (SEPG) and related software engineering process improvement functions.
DOWNLOAD -
Informatics for a New Century: Computing Education for 1990s and Beyond
• Technical Report
By Mary Shaw
This 1990 paper outlines the needs for information processing and analyzes the populations that will require informatics education.
DOWNLOAD -
An Analysis of Input/Output Paradigms for Real-Time Systems
• Technical Report
By Tom Ralya, Mark H. Klein
This paper illustrates how to build a mathematical model of the schedulability of a real-time system, taking into consideration such factors as preemption, synchronization, non-preemptibility, interrupts, and process idle time.
DOWNLOAD -
A Domain Analysis Bibliography
• Special Report
By Robert R. Holibaugh, James A. Hess, Sholom G. Cohen, Kyo C. Kyang, A. Spencer Peterson, William E. Novak, Patrick C. Carroll
This 1990 document presents a bibliography of references on domain analysis.
DOWNLOAD -
Hartstone Benchmark Results and Analysis
• Technical Report
By None
This 1990 report describes the results obtained by running Version 1.0 of the Hartstone benchmark, an ADA implementation of one of the requirements, on a number of compiler/target processor combinations.
DOWNLOAD -
Experiences Porting the Distributed ADA Real-Time Kernel
• Technical Report
By James E. Tomayko, Brian Smith
Boeing Military Airplanes and The Wichita State University became co-acceptors of a copy of DARK for the purpose of demonstrating a port to a 68000-based distributed architecture. This report describes …
DOWNLOAD -
Survey of Formal Specification Techniques for Reactive Systems
• Technical Report
By William Wood, Patrick R. Place, Mike Tudball
This report, published in 1990, develops a set of evaluation criteria and evaluates Communicating Sequential Processes (CSP), the Vienna Development Method (VDM), and temporal logic.
DOWNLOAD -
Implementing Sporadic Servers in ADA
• Technical Report
By Lui R. Sha, Brinkley Sprunt
This 1990 paper presents the data structures and algorithms for implementing sporadic servers in real-time systems programmed in ADA.
DOWNLOAD -
National Software Capacity: Near-Term Study
• Technical Report
By Suresh Konda, Patrick D. Larkey, W. Gary Wagner, Jane Siegel, Shelby Stewman
This 1990 study provides an initial assessment of the U.S.'s industrial capacity to produce MCCR software.
DOWNLOAD -
SEI Report on Undergraduate Software Engineering Education, 1990
• Technical Report
By Gary Ford
This report discusses fundamental issues of software engineering education in the context of undergraduate programs. The objectives and content of an undergraduate program are described, as are strategies for its …
DOWNLOAD -
Inertial Navigation System Simulator Program: Top-Level Design
• Technical Report
By Kenneth J. Fowler
This 1990 report presents the design of an embedded hard real-time application and addresses the solution in terms of a concurrency abstraction.
DOWNLOAD -
1989 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1989.
DOWNLOAD -
A Model Solution for C3I Message Translation and Validation
• Special Report
By Judy Bamberger
This 1989 document presents the algorithms and data structures needed to implement the functionality defined in the Kernel Facilities Definition.
DOWNLOAD -
Recommendations from the AIA/SEI Workshop on Research Advances Required for Real-Time Software Systems in the 1990s
• Special Report
By Roger Van Scoy, Reed Little, Charles Weinstock, Robert Veltre, William Sweet, Michael J. Gagliardi, Mark H. Klein
This report summarizes the discussions held at a 1989 workshop to facilitate communication between implementers of future software-critical large systems and those who sponsor or perform software-related research.
DOWNLOAD -
The Role of Assessment in Software Process Improvement
• Technical Report
By Watts S. Humphrey, David Kitson
This 1989 report discusses the role of assessment in improving an organization's software capabilities; specifically, the ability of the organization's projects to consistently meet cost, schedule, and quality objectives.
DOWNLOAD -
Kernel Architecture Manual
• Technical Report
By Judy Bamberger
This document contains the detailed design description of the Kernel. The overall system architecture and the rationale for it are presented as relevant to both the application (i.e., the external …
DOWNLOAD -
Version Description and Installation Guide
• Technical Report
By Dave Stinchcomb, Roger Van Scoy, Judy Bamberger, Timothy Coddington, Robert Firth, Dan Klein
This 1989 document characterizes a specific version of the Distributed ADA Real-Time Kernel (DARK) software artifact and supplies documentation for its installation and use.
DOWNLOAD -
What a Software Engineer Needs to Know: I. Program Vocabulary
• Technical Report
By Mary Shaw, Dario Giuse, Raj Reddy
In this 1989 report, the authors examine the programming language vocabulary of the programmer by gathering statistics on large bodies of code in three languages.
DOWNLOAD -
Comparative Evaluations of Four Specification Methods for Real-Time Systems
• Technical Report
By David P. Wood, William Wood
This report describes the evaluation of four methods for the specification of system and software requirements for time-critical systems.
DOWNLOAD -
Dark Porting and Extension Guide Kernel Version 3.0
• Technical Report
By Dan Klein, Dave Stinchcomb, Robert Firth, Timothy Coddington, Judy Bamberger, Roger Van Scoy
This 1989 document describes the modifications made to DARK software when porting it from its original execution environment to a VAX/VMS system.
DOWNLOAD -
Continuing Education in Software Engineering: Teaching Tricks of the Trade
• Special Report
By Maribeth Carpenter
This document is a transcript of the opening session of the SEI's 1988 Continuing Education Workshop.
DOWNLOAD -
Real-Time Software Engineering in ADA: Observations and Guidelines
• Technical Report
By Robert Veltre, Mark W. Borger, Mark H. Klein
This 1989 report presents techniques for controlling devices with Ada and several Ada tasking paradigms for managing concurrency.
DOWNLOAD -
The Durra Application Debugger/Monitor
• Technical Report
By Dennis N. Doubleday
This report describes the Durra application debugger/monitor, which helps the developer locate errors and/or performance bottlenecks in a Durra application.
DOWNLOAD -
Durra: A Task-Level Description Language User's Manual
• Technical Report
By Dennis N. Doubleday, Mario R. Barbacci, Charles Weinstock
This manual is for users of the Durra compiler, runtime system, and support tools.
DOWNLOAD -
Durra: A Task-Level Description Language Reference Manual (Version 2)
• Technical Report
By Mario R. Barbacci, J. Wing
This 1989 report is a revised version of the original Durra reference manual. This revision describes the syntax and semantics of the language and incorporates several language changes.
DOWNLOAD -
Conformance Criteria for the SAME Approach to Binding Ada Programs to SQL
• Special Report
By James W. Moore (IBM Systems Integration Division)
This 1989 paper outlines the efforts to describe the SAME approach in a manner suitable for standardization.
DOWNLOAD -
Temporal Logic Case Study
• Technical Report
By William Wood
This report is a case study applying temporal logic to specify the operation of a bank of identical elevators servicing a number of floors in a building.
DOWNLOAD -
Classifying Software Design Methods
• Technical Report
By John P. Long, David P. Wood, William Wood
This 1989 paper describes the results of our research into establishing a basis for selecting methods and tools with respect to classifying design methods for Ada-based software.
DOWNLOAD -
Understanding the Adoption of Ada: A Field Study Report
• Technical Report
By W. Cohen, Gordon N. Smith, William E. Hefley, D. Levinthal
This report examines the extent to which the Ada adoption behavior of DoD contractors is influenced by their expectations of the technological opportunity provided by the Ada.
DOWNLOAD -
Inertial Navigation System Simulator: Behavioral Specification (1989)
• Technical Report
By Mark H. Klein, Stefan F. Landherr
This 1989 revision specifies the INS simulator program and clarifies and supplements the functional specification.
DOWNLOAD -
SEI Report on Graduate Software Engineering Education (1989)
• Technical Report
By Gary Ford, Mark A. Ardis (Stevens Institute of Technology)
This 1989 annual report on graduate software engineering education describes recent SEI educational activities, including the 1988 SEI Curriculum Design Workshop.
DOWNLOAD -
Hartstone: Synthetic Benchmark Requirements for Hard Real-Time Applications
• Technical Report
By Nelson W. Weiderman
This 1989 paper defines the operational concept for a series of benchmark requirements to be used to test the ability of a system to handle hard real-time applications.
DOWNLOAD -
Guidelines for the Use of the SAME
• Technical Report
By Mark H. Graham
This 1989 report describes the SAME, a method for constructing ADA applications that access database management systems whose data manipulation language is SQL.
DOWNLOAD -
CASE Planning and the Software Process
• Technical Report
By Watts S. Humphrey
This report discusses software process maturity and its relationship to planning and installing computer-aided software engineering (CASE) systems.
DOWNLOAD -
Scheduling Sporadic and Aperiodic Events in a Hard Real-Time System
• Technical Report
By Brinkley Sprunt, John Lehoczky (Carnegie Mellon University), Lui R. Sha
This 1989 report introduces a new algorithm, the Sporadic Server algorithm, which greatly improves response times for soft-deadline aperiodic tasks and can guarantee hard deadlines for both periodic and aperiodic …
DOWNLOAD -
Real-Time Scheduling Theory and ADA
• Technical Report
By Lui R. Sha, John B. Goodenough
This 1989 report reviews important results of a priority-based scheduling theory and discusses implications for the Ada tasking model.
DOWNLOAD -
Implementing Priority Inheritance Algorithms in an ADA Runtime System
• Technical Report
By Mark W. Borger, Ragunathan Rajkumar
This 1989 paper presents a high-level design for implementing the basic priority inheritance and priority ceiling protocols in an ADA runtime system.
DOWNLOAD -
Adoption of Software Engineering Innovations in Organizations
• Technical Report
By N. Melone, J. Bayer
This 1989 paper examines the adoption of five software engineering innovations of varying degrees of maturity, abstractness, and target users.
DOWNLOAD -
A Real-Time Locking Protocol
• Technical Report
By Lui R. Sha, Ragunathan Rajkumar, Sang Son, Chang Chun-Hyon
This 1989 report examines a priority-driven, two-phase lock protocol called the read- or write-priority ceiling protocol.
DOWNLOAD -
ADA Adoption Handbook: Compiler Evaluation and Selection Version 1.0
• Technical Report
By Nelson W. Weiderman
This report documents the options that are to users available when evaluating and selecting an ADA compilation system.
DOWNLOAD -
The State of Software Engineering Practice: A Preliminary Report
• Technical Report
By David Kitson, Watts S. Humphrey, Timothy Kasse
This 1989 report provides an overview of the process framework and assessment approach, describes assessment results obtained to date, and discusses implications of the current state of the practice for …
DOWNLOAD -
Software Process Modeling: Principles of Entity Process Models
• Technical Report
By Marc I. Kellner, Watts S. Humphrey
This 1989 report outlines the principles of entity process models and suggests ways in which they can help to address some problems with more conventional approaches to modeling software processes.
DOWNLOAD -
Human-Machine Interaction Considerations for Interactive Software
• Technical Report
By J. Coutaz, Len Bass
This 1989 document introduces current concepts and techniques relevant to the design and implementation of user interfaces.
DOWNLOAD -
An Object-Oriented Solution Example: A Flight Simulator Electrical System
• Technical Report
By Kenneth Lee, Michael Rissman
This 1989 report describes an implementation of a subset of an aircraft flight simulator electrical system.
DOWNLOAD -
Conducting SEI-Assisted Software Process Assessments
• Technical Report
By Watts S. Humphrey, Timothy G. Olson, David Kitson
This report describes software process assessment as it is performed in organizations with the assistance of the SEI.
DOWNLOAD -
Performance and Reliability Enhancement of the Durra Runtime Environment
• Technical Report
By Charles Weinstock
This 1989 report describes a new design for the Durra runtime environment that addresses these two issues.
DOWNLOAD -
Command, Control, Communications, and Intelligence Node: A Durra Application Example
• Technical Report
By Charles Weinstock, Dennis N. Doubleday, Mario R. Barbacci
This report describes an experiment in implementing a command, control, communications and intelligence (C3I) node using reusable components.
DOWNLOAD -
Software Engineering Education Directory (1989)
• Technical Report
By Bill McSteen, Mark Schmick
This 1989 report provides information about software engineering courses and software engineering degree programs that are available in the United States and Canada.
DOWNLOAD -
Proceedings of the Workshop on Executive Software Issues August 2-3 and November 18, 1988
• Technical Report
By Priscilla Fowler, Scott Carey, R. Martin, John Maher, Jr., Mark Cottichia
This report documents the results of two sessions of the Workshop on Executive Software Issues, held at the Software Engineering Institute on 2-3 August and 18 November 1988.
DOWNLOAD -
1988 CERT Advisories
• White Paper
By None
This document contains the CERT advisories from 1988.
DOWNLOAD -
Using the Vienna Development Method (VDM) to Formalize a Communication Protocol
• Technical Report
By Mark H. Klein, Jan Storbank Pedersen
This 1988 paper provides an example of how VDM might be used in the area of communications, a new domain for VDM.
DOWNLOAD -
Real-Time Scheduling Theory and ADA (1988)
• Technical Report
By Lui R. Sha, John B. Goodenough
This 1988 report reviews results of a priority-based scheduling theory, illustrates its applications with examples, discusses its implications for the Ada tasking model, and suggests workarounds.
DOWNLOAD -
Mode Change Protocols for Priority-Driven Preemptive Scheduling
• Technical Report
By John Lehoczky (Carnegie Mellon University), Lui R. Sha, John B. Goodenough, Ragunathan Rajkumar, Krithi Ramamritham
This 1988 report discusses a protocol for accomplishing mode change in the context of a priority-driven preemptive scheduling environment.
DOWNLOAD -
Experiment Planning for Software Development: Redevelopment Experiment
• Technical Report
By A. Spencer Peterson, Robert R. Holibaugh, Sholom G. Cohen, Kyo C. Kang (Pohang University of Science and Technology), James M. Perry
In 1988, the SEI's ARSC Project investigated the impacts of software reuse on software development process and products. This document reports on the experiment design and data collection effort of …
DOWNLOAD -
Functional Performance Specification for an Inertial Navigation System
• Technical Report
By B. Craig Meyers
This 1988 report defines the functional and performance requirements for the inertial navigation system simulator that interfaces with the ECS simulator.
DOWNLOAD -
System Specification Document: Shipboard Inertial Navigation System Simulator and External Computer
• Technical Report
By B. Craig Meyers, Nelson W. Weiderman
This document specifies high-level requirements for a shipboard inertial navigation system (INS) simulator and an external computer system that will interface with the inertial navigation system.
DOWNLOAD -
Functional Performance Specification for an External Computer System Simulator
• Technical Report
By Hans Mumm, B. Craig Meyers
This 1988 document defines the functional and performance requirements for the ECS simulator that interfaces with the inertial navigation system simulator.
DOWNLOAD -
Phase I Testbed Description: Requirements and Selection Guidelines
• Technical Report
By James M. Perry, Robert R. Holibaugh, Alice Sun
In 1988, the SEI's Application of Reusable Software Components Project constructed a reuse testbed, in which to conduct experiments. This document contains the requirements and selection criteria for the testbed …
DOWNLOAD -
Experiment Transcripts for the Evaluation of the Rational Environment
• Technical Report
By Carl Dahlke (Computer Sciences Corporation), Grace Downey, Mitchell Bassman (Computer Sciences Corporation)
This 1988 report contains the instantiation of the experiments presented in a report released in 1987.
DOWNLOAD -
Perspective on Software Reuse
• Technical Report
By James M. Perry
This report presents a perspective on software reuse in the context of "ideal" software development capabilities.
DOWNLOAD -
An OOD Paradigm for Flight Simulators, 2nd Edition
• Technical Report
By Roger Van Scoy, Chuck Plinta, Rich D'Ippolito, Kenneth Lee, Michael Rissman
This report presents a paradigm for object-oriented implementation of flight simulators. It is a result of work on the ADA Simulator Validation Program (ASV) carried out by members of the …
DOWNLOAD -
The Software Technical Review Process
• Technical Report
By Mario R. Barbacci
This 1988 report describes MasterTask, a program that can emulate any task in an application by interpreting the timing expression describing the behavior of the task, performing the input and …
DOWNLOAD -
MasterTask: The Durra Task Emulator
• Technical Report
By Mario R. Barbacci
This 1988 report describes MasterTask, a program that can emulate any task in an application by interpreting the timing expression describing the behavior of the task, performing the input and …
DOWNLOAD -
ISTAR Evaluation
• Technical Report
By Mark H. Graham, D. Miller
This 1988 report presents a description of the facilities offered by ISTAR.
DOWNLOAD -
The Project Management Experiment
• Technical Report
By Peter H. Feiler, Roger Smeaton
This 1988 report covers a project management (PM) experiment, one of six experiments that examine different functional areas of Ada programming environments.
DOWNLOAD -
Evaluation of the Rational Environment
• Technical Report
By Grace Downey, Susan A. Dart, Peter H. Feiler
This 1988 report presents an analysis of the Rational R1000 Development System for ADA, also called the Rational Environment.
DOWNLOAD -
Kernel Facilities Definition
• Technical Report
By Dave Stinchcomb, Roger Van Scoy, Currie Colket, Robert Firth, Dan Klein, Timothy Coddington, Judy Bamberger
This document defines the conceptual design of the Kernel by specifying the underlying models, assumptions, and 2) restrictions that govern the design and implementation of the Kernel.
DOWNLOAD -
The Durra Runtime Environment
• Technical Report
By Mario R. Barbacci, Dennis N. Doubleday, Charles Weinstock
This 1988 report describes the Durra Runtime Environment for Durra, a language designed to support PMS-level programming.
DOWNLOAD -
Generalized Image Library: A Durra Application Example
• Technical Report
By Mario R. Barbacci, Dennis N. Doubleday
This 1988 report describes an experiment in writing task descriptions and type declarations for a subset of the Generalized Image Library, a collection of utilities developed at Carnegie Mellon University.
DOWNLOAD -
Evaluation and Recommendations for Technology Insertion into Technical Order Maintenance
• Technical Report
By Greg Hansen, James W. Over
This 1987 report describes the evaluation process and the recommendations for technology insertion into technical order maintenance.
DOWNLOAD -
Serpent Runtime Architecture and Dialogue Model
• Technical Report
By Erik Hardy, Kurt Hoyt, Reed Little, Robert C. Seacord, Len Bass
This 1988 report describes the runtime architecture and dialogue model of the Serpent User Interface Management System (UIMS).
DOWNLOAD -
Software Process Modeling
• Technical Report
By Marc I. Kellner, Greg Hansen
This 1988 report outlines a software process modeling case study conducted at the SEI.
DOWNLOAD -
Managing Development of Very Large Systems: Implications for Integrated Environment Architectures
• Technical Report
By Roger Smeaton, Peter H. Feiler
This 1988 report examines management support for development through integrated environments and investigates the implications for environment architectures.
DOWNLOAD -
A Guide to the Assessment of Software Development Methods
• Technical Report
By Richard D. Pethia, Robert Firth, Lauren Roberts Gold, William Wood
This 1988 report outlines a process that provides method assessors with a systematic way to improve their understanding of and form opinions about the ability of existing methods to meet …
DOWNLOAD -
Conference Report: Overcoming the Disincentives to Modernization in the Defense Industry
• Special Report
By William E. Hefley
This report documents the keynote and panel sessions from the 1988 Procurement Committee of the National Security Industrial Association.
DOWNLOAD -
Introduction to the Serpent User Interface Management System
• Technical Report
By Erik Hardy, Kurt Hoyt, Reed Little, Robert C. Seacord, Len Bass
This 1988 report provides an overview of Serpent, its components and the editor used to construct the user interface.
DOWNLOAD -
A Method for Assessing the Software Engineering Capability of Contractors
• Technical Report
By R. K. Edwards, Watts S. Humphrey, M. F. Owens, H. P. Schulz, G. R. LaCroix, William Sweet
This 1987 document provides guidelines for assessing the ability of DoD contractors to develop software in accordance with modern software engineering methods.
DOWNLOAD -
Issues in Software: A Blue Two Visit Feasibility Assessment
• Technical Report
By Benita L. Gilliard (Air Force Coordinating Office for Logistics Research), William E. Hefley
This 1987 report documents discussions that address a software-oriented Blue Two Visit (BTV).
DOWNLOAD -
ADA Performance Benchmarks on the Motorola MC68020: Summary and Results
• Technical Report
By Patrick Donohoe
This report documents the results obtained from running Ada performance benchmarks on a DEC VAXELN MicroVAX II using the DEC VAXELN Ada compiler.
DOWNLOAD -
ADA for Embedded Systems: Issues and Questions
• Technical Report
By Mark H. Klein, Nelson W. Weiderman, Mark W. Borger, Andrea L. Cappellini, Susan A. Dart, Stefan F. Landherr
This 1987 report addresses issues and questions related to the use of ADA for embedded systems applications.
DOWNLOAD -
Ada Performance Benchmarks on the MicroVAX II: Summary and Results, Version 1.0
• Technical Report
By Patrick Donohoe
This report documents the results obtained from running Ada performance benchmarks on a DEC VAXELN MicroVAX II using the DEC VAXELN Ada compiler.
DOWNLOAD -
A Survey of Real-Time Performance Benchmarks for the Ada Programming Language
• Technical Report
By Patrick Donohoe
This 1987 survey provides a summary description of some of the major Ada benchmarks currently available and an evaluation of their applicability to the Real-Time Embedded Systems Testbed Project at …
DOWNLOAD -
Annual Technical Report for ADA Embedded Systems Testbed Project
• Technical Report
By Patrick Donohoe, Nelson W. Weiderman, Neal Altman, William E. Hefley, Mark H. Klein, Stefan F. Landherr, Hans Mumm, John A. Slusarz, Mark W. Borger
This technical report provides an overview of the results produced in the first year of the ADA Embedded Systems Testbed Project (through September 30, 1987).
DOWNLOAD -
Inertial Navigation System Simulator Program: Top-Level Design (1987)
• Technical Report
By Stefan F. Landherr, Mark H. Klein
This 1987 document discusses top-level design from three points of view: data flow perspective, the concurrency and control perspective, and the Adamodule perspective.
DOWNLOAD -
Prototype Real-Time Monitor: Executive Summary
• Technical Report
By Rich D'Ippolito, Chuck Plinta, Roger Van Scoy, Kenneth Lee, Michael Rissman
This report summarizes the history, goals, and conclusions of the prototype real-time monitor development effort.
DOWNLOAD -
Report on the SEI Workshop on Ada in Freshman Courses
• Technical Report
By Gary Ford
This 1987 report describes the Ada in Freshman Courses in June 1987 workshop and summarizes the discussions and conclusions.
DOWNLOAD -
Views for Evolution in Programming Environments
• Technical Report
By John Nestor
This 1987 report focuses on one important aspect of persistent data: how to allow evolution when the existing information must be preserved without change to maintain history.
DOWNLOAD -
Evolving Persistent Objects in a Distributed Environment
• Technical Report
By John Nestor
This paper considers a class of objects, called incrementally mutable objects, that are intermediate between mutable and immutable objects.
DOWNLOAD -
IDL: Background and Status
• Technical Report
By Don Stone, John Nestor
This 1987 paper describes the IDL language and its history, and discusses the status of the IDL community.
DOWNLOAD -
Interfacing ADA and SQL
• Technical Report
By Mark H. Graham, William Wood, Chuck Engle Jr., Robert Firth
This 1987 document assists the reader in answering the question "What constitutes a good interface between ADA and SQL?"
DOWNLOAD -
Final Evaluation of MIPS M/500 Final Report for the RISC Insertion Project
• Technical Report
By Dan Klein, Robert Firth
This 1987 report describes the evaluation of the MIPS M/500 RISC processor1 as part of ongoing research into RISC class architectures.
DOWNLOAD -
Criteria for Constructing and Using an ADA Embedded System Testbed
• Technical Report
By Nelson W. Weiderman
This report lists criteria used in five aspects of the project: hardware configuration, software configuration, real-time application, ADA real-time experiments, and benchmarking and instrumentation techniques.
DOWNLOAD -
VAXELN Experimentation: Programming a Real-Time Periodic Task Dispatcher Using VAXELN ADA 1.1
• Technical Report
By Mark W. Borger
The purpose of this paper is to provide the reader with some technical information and observations ADA source code, and measurement results based on experimentation with respect to developing a …
DOWNLOAD -
Prototype Real-Time Monitor: Requirements
• Technical Report
By Rich D'Ippolito, Roger Van Scoy, Kenneth Lee, Michael Rissman, Chuck Plinta
The requirements imposed by flight simulators and good software engineering practice on Ada systems force software engineers to seek new solutions to the problem of monitoring executing software. This report …
DOWNLOAD -
Prototype Real-Time Monitor: User's Manual
• Technical Report
By Timothy Coddington, Michael Rissman, Kenneth Lee, Rich D'Ippolito, Chuck Plinta, Roger Van Scoy
This 1987 report defines the user interface to the prototype real-time monitor (RTM).
DOWNLOAD -
Prototype Real-Time Monitor: Design
• Technical Report
By Kenneth Lee, Michael Rissman, Roger Van Scoy, Chuck Plinta, Rich D'Ippolito
The requirements imposed by flight simulators and good software engineering practice on Ada systems force software engineers to seek new solutions to the problem of monitoring executing software. This report …
DOWNLOAD -
Prototype Real-Time Monitor: ADA Code
• Technical Report
By Roger Van Scoy
This report documents the ADA code of the prototype real-time monitor (RTM).
DOWNLOAD -
A Classification Scheme for Software Development Methods
• Technical Report
By Richard D. Pethia, Tom Dolce, Vicky Mosley, Lauren Roberts Gold, Robert Firth, William Wood
This report describes a classification scheme for software development methods, includes descriptions of the major characteristics of such methods, and contains some words of advice on choosing and applying such …
DOWNLOAD -
Teaching a Project-Intensive Introduction to Software Engineering
• Technical Report
By James E. Tomayko
This report is meant as a guide to the teacher of the introductory course in software engineering. It contains a case study of a course based on a large project.
DOWNLOAD -
Timing Variation in Dual Loop Benchmarks
• Technical Report
By Nelson W. Weiderman, Neal Altman
This report disproves one of the major assumptions of dual loop benchmark testing by testing two bare computers with Ada test programs.
DOWNLOAD -
Factors Causing Unexpected Variations in ADA Benchmarks
• Technical Report
By Neal Altman
This 1987 report considers factors that may cause ADA benchmarks to produce inaccurate results.
DOWNLOAD -
Software Development
• Technical Report
By Susan A. Dart, Robert J. Ellison
Over the last 20 years, the set of software tools available to developers has expanded considerably. We can illustrate this change by observing some distinctions in the terminology.
DOWNLOAD -
VAXELYN Experimentation: Programming a Real-Time Clock and Interrupt Handling Using VAXELYN ADA 1.1
• Technical Report
By Mark W. Borger
This report describes the results of implementing an interrupt handler totally in ADA for a MicroVAX II/VAXELN 2.3 target system, the VAXELN 1.1 ADA compiler, and a KWV11-C programmable real-time …
DOWNLOAD -
Inertial Navigation System Simulator: Behavioral Specification (1987)
• Technical Report
By Stefan F. Landherr, Mark H. Klein
This 1987 report specifies the INS simulator program and clarifies and supplements the functional specification.
DOWNLOAD -
A Guide to the Classification and Assessment of Software Engineering Tools
• Technical Report
By Vicky Mosley, Richard D. Pethia, Lauren Roberts Gold, William Wood, Robert Firth
This 1987 report describes a tool classification technique that helps those investigating tools decide where a tool fits in the software engineering process and identify what a tool does or …
DOWNLOAD -
Software Engineering Education: An Interim Report from the Software Engineering Institute
• Technical Report
By James E. Tomayko, Norman Gibbs, Gary Ford
This 1987 report describes the goals and activities of the Software Engineering Institute's Education Program.
DOWNLOAD -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: I. Overview
• Technical Report
By B. Craig Meyers, Andrea L. Cappellini
This report, the first in a series, presents an overview of the aspects of the Ada language relating to representation clauses and implementation-dependent features. Particular emphasis is given to the …
DOWNLOAD -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIA. Evaluation Questions
• Technical Report
By Dawn Cappelli, B. Craig Meyers
This report is the second in a series on the use of representation clauses and implementation-dependent features in Ada.
DOWNLOAD -
Preliminary Report on Conducting SEI-Assisted Assessments of Software Engineering
• Technical Report
By David Kitson, Watts S. Humphrey
This 1987 report provides guidance on creating the proper environment for a meaningful assessment and prescribes effective use of the assessment instrument.
DOWNLOAD -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIIA. Qualitative Results for VAX Ada
• Technical Report
By Dawn Cappelli, B. Craig Meyers
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation- dependent features in Ada provided by the VAX Ada compiler, Version 1.3.
DOWNLOAD -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIB. Experimental Procedures
• Technical Report
By Dawn Cappelli, B. Craig Meyers
This report is one in a series dealing with the use of representation clauses and implementation-dependent features in Ada. The purpose of this report is to discuss detailed experimental procedures …
DOWNLOAD -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IVA. Qualitative Results for Ada/M(44)
• Technical Report
By B. Craig Meyers, Dawn Cappelli
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation-dependent features in Ada provided by the Ada/M(44) compiler, Version 1.6.
DOWNLOAD -
Distributed ADA Real-Time Kernel
• Technical Report
By Roger Van Scoy, Currie Colket, Dave Stinchcomb, Dan Klein, Robert Firth, Timothy Coddington, Judy Bamberger
This 1987 paper addresses two distinct needs of real-time applications: distribution and hard real-time scheduling mechanisms.
DOWNLOAD -
Software and System Warranty Issues
• Technical Report
By Richard D. Pethia, Timothy K. Shuba, I. Michael Greenberger, Larry Druffel, William Wood
This 1987 report addresses technical and administrative issues associated with the system warranty process, and recommends a straightforward, two-page generic system warranty clause that covers software, not in isolation, but …
DOWNLOAD -
Seeking the Balance Between Government and Industry Interests in Software Acquisition. Volume I. A Basis for Reconciling DoD and Industry Needs for Rights in Software
• Technical Report
By Anne C. Martin, Kevin M. Deasy
This 1987 report offers several recommendations for achieving a balanced policy as to government funded software, privately funded software, and mixed funding software that will meet the mission needs of …
DOWNLOAD -
ADA Adoption Handbook
• Technical Report
By John B. Goodenough, John T. Foreman
This technical report has been superseded by CMU/SEI-92-TR-029. Please refer to the new page for information about this report.
DOWNLOAD -
User Interface Technology Survey
• Technical Report
By Peter H. Feiler
This report attempts to do two things: specify an understanding of user interfaces by presenting a taxonomy that encompasses the various aspects of user interfaces, and indicate the state of …
DOWNLOAD -
Evaluation of ADA Environments, Executive Summary
• Technical Report
By John Kochmar, Roger Smeaton, Nelson W. Weiderman, Neal Altman, Mark W. Borger, Mark H. Klein, Stefan F. Landherr, Alice Sun, Rich D'Ippolito
This 1987 report provides a detailed description of the Ada Environments methodology and examples of its usage.
DOWNLOAD -
Distributed Systems Technology Survey
• Technical Report
By Eric C. Cooper
This 1987 report provides an informative review of the distributed systems technology surveyed in 1985-1986.
DOWNLOAD -
Tool Interface Technology
• Technical Report
By Joe Newcomer
This report is one of a series of survey reports on tool interface technology. It is intended as an informative review of the technology surveyed. These surveys were conducted in …
DOWNLOAD -
The Effect of Software Support Needs on DoD Software Acquisition Policy: Part 1: A Framework for Analyzing Legal Issues
• Technical Report
By Anne C. Martin, Kevin M. Deasy
This 1987 report summarizes the significant technical and managerial considerations that affect the maintenance and enhancement of software.
DOWNLOAD -
The Analysis of the Technical Order Production Process at Ogden Air Logistics Center and Recommendations for the Improvement of the Process
• Technical Report
By Stan Przybylinski, Greg Hansen, Marc I. Kellner, James W. Over
This report details the process used by Ogden Air Logistics Center to maintain Operational Flight Program Technical Orders for the F-16 airplane.
DOWNLOAD -
Durra: A Task-Level Description Language Preliminary Reference Manual
• Technical Report
By None
This 1986 report is a reference manual for Durra, a language designed to support the development of large-grained parallel programming applications.
DOWNLOAD -
Specifying Functional and Timing Behavior for Real-Time Applications
• Technical Report
By J. Wing, Mario R. Barbacci
This 1986 report presents a notation and a methodology for specifying the functional and timing behavior of real-time applications for a heterogeneous machine.
DOWNLOAD -
Summary of the SEI Workshop on Software Configuration Management
• Technical Report
By Katherine E. Harvey
This 1986 report summarizes the discussions held during the Software Configuration Management meeting in Pittsburgh in July 1986.
DOWNLOAD -
The Heterogeneous Machine Simulator
• Technical Report
By Robert G. Stockton
This 1986 document presents a basic description of the heterogeneous machine simulator and provides an example of how a simulation may be run.
DOWNLOAD -
Proposal for a New "Rights in Software" Clause for Software Acquisitions by the Department of Defense
• Technical Report
By Pam Samuelson, Anne C. Martin, Kevin M. Deasy
This report 1986 recommends regulatory strategies for addressing difficulties the DoD has experienced with respect to legal issues related to software acquisitions.
DOWNLOAD -
Toward a Reform of the Defense Department Software Acquisition Policy
• Technical Report
By Pam Samuelson
A series of about 120 interviews were conducted with DoD personnel and others recommended by them. This report is an organized catalog of software acquisition problems reported, along with some …
DOWNLOAD
