Enhanced Acquisition Capability
The U.S. Army and the SEI engaged in a multi-year partnership to improve the Army's capability to acquire software-reliant systems.
Reliable, Fast Financial System
Bursatec, the technology arm of the Mexican Stock Exchange, combined our Team Software Process (TSP) and Architecture-Centric Engineering (ACE) methods in a project to build a reliable and fast stock trading system that works ceaselessly while handling sharp fluctuations in trading volume.
Automotive Software Process Improvement
Urban Science, a global company of automotive retail performance experts, found that our Accelerated Improvement Method (AIM) provided a more structured approach to software development to complement its use of Scrum.
Standards for Secure Coding
Software developers and designers need metrics for evaluating and contrasting software security, safety, reliability, and related properties. We have developed standards for secure coding for several programming languages and a tool to assess code conformance with ISO/IEC 17000.
Improved Risk Assessment in Healthcare Compliance
Government agencies in Clark County, Nevada, found that our OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) method improved their efficiency in complying with federal Health Information Portability and Accountability Act (HIPAA) requirements.
Products that rely on software systems—and most do today—are
developed to satisfy qualities such as performance, modifiability, and
security that are critical to an organization's business or mission
goals. Achieving system qualities is haphazard at best without a unifying vision of the product's software architecture.
The U.S. Department of Defense (DoD) now acquires systems
that increasingly rely on software to deliver capabilities to the
warfighter. These systems are more complex and costly than ever. Yet,
DoD acquisition managers are challenged to operate in an environment of constrained budgets and faster delivery.
Information has become an essential asset supporting the
operation of government and industrial organizations. Those
organizations have increasing concerns about protecting information against cyber attacks that stem from criminal intentions or motivations and commercial motivations.
Software engineering organizations now are in an environment that is more uncertain—due
in large part to the increasingly distributed nature of software
development. How well those organizations navigate through this
environment will determine their success or failure, and effective
navigation requires a new view of risk analysis and management.
Leading software-engineering organizations emphasize faster
delivery of products having exceptional quality and the flexibility to
be easily adapted to meet changing customer needs. Delivering a
software-reliant system that meets all of those business goals has
proven to be difficult, witness the still-stubborn high percentage of products that fail in operation or do not meet expectations.
Analysis for the DoD Personnel Security Research Center (PERSEREC) reveals a full picture of insider threat and leads to the development of the CERT Insider Threat Center.
Mandate to respond to needs for innovation and adaptation leads to the development of a framework for rapid life cycle management.
Acquisition and Innovation
DoD acquisition search for guidance on adopting agile practices leads to SEI development of a model to reduce uncertainty regarding the use of Agile techniques.
Acquisition Patterns of Failure
Answering why problems persist in software development and systems acquisition led to the identification of solutions to 13 archetypal patterns of failure.
Secure Coding Standards
CERT security experts observed that most vulnerabilities stem from a relatively small number of common programming errors. In response, they devised a comprehensive approach to secure software development.
Cloudlets in Tactical Settings
SEI experts recognized three challenges to U.S. Department of Defense (DoD) interest in having soldiers carry handheld mobile computing devices: lower computational power, greater demands on battery power, and reliability issues with tactical networks.
Rate Monotonic Analysis
SEI researchers applied the theory of generalized rate monotonic scheduling, Rate Monotonic Analysis (RMA), to evolve a set of analytic tools for real-time systems.
Architecture Analysis and Design Language
SEI experts in embedded systems provided technical leadership for the standards effort led by the U.S. Army AMRDEC Software Engineering Directorate (SED) that developed the Architecture Analysis and Design Language (AADL), an international industry standard.
Software Assurance Curriculum
CERT Program researchers, collaborating with a team of educators from Embry-Riddle Aeronautical University, Monmouth University, and Stevens Institute of Technology built a model curriculum for software assurance education and defined strategies to implement it.
Discovering that software architecture is essential to the achievement of system qualities, SEI researchers developed the evaluation method called the Architecture Tradeoff Analysis Method (ATAM).
Knowing that secure software is not built by accident, CERT researchers integrated secure coding techniques into the Team Software Process (TSP) so that high quality, secure software can be developed with predictable cost and schedule results.
Cyber Intelligence Tradecraft
SEI researchers benchmarked a baseline data from 26 organizations against an analytic framework to determine the state of best practices in cyber intelligence.