CERT-SEI

Case Studies

"Without better methods for developing dependable software, it may not be possible to build the systems we would like to build." —from a National Research Council study*

An architecture-centric, model-based approach to development and the building of an assurance case provide tools to develop dependable systems at all scales. For example, use of the Architecture Analysis and Design Language (AADL) supports predictive analysis for security, real-time performance, availability, and other quality concerns early and often during system design or when upgrading existing system architecture. An assurance case provides a means to structure the reasoning that engineers use implicitly to gain confidence that systems will work as expected.

We've noted examples of how these tools are being used, such as

About ROI

Calculating the return-on-investment (ROI) from the use of tools like AADL and assurance cases needs to account for the ways they help organizations avoid problems that often lead to cost overruns, schedule slips, and performance shortfalls when traditional development approaches are used. The ROI factors to consider include the following:

  • Discovery of errors at system integration requires costly rework. Using quantitative model verifications early catches errors, reducing the rework needed.
  • In model-based development and system upgrade activities, time-to-market is cut by up to 50%.
  • Precise models created through model-based software and systems engineering can guide the rapid, automated generation of code that has significantly fewer bugs that code created in conventional development.
  • A model-based software and system engineering process supports more informed choices about hardware.In typical development, conservative design approaches result in the need to add hardware to make up for imprecise modeling. This additional hardware increases cost directly for each unit of the system and indirectly by boosting weight and power requirements.

* Software for Dependable Systems: Sufficient Evidence? (2007), Computer Science and Telecommunications Board (CSTB)