Reports & Papers
Presentations
Books

Webinars
Podcasts
Videos & DVDs

SEI Overview
Director's Message
Vision, Mission, & Strategy

Our Organization
Our People
Year in Review

Search the Library

Browse by Topic

Browse by Type

More Related Links

05/20/2013

Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations

This technical note defines intellectual property (IP) and insider theft of IP, gives a snapshot of the insiders involved in these cases, summarizes some of the cases, and provides recommendations for mitigating the risk of similar incidents of insider threat.

05/10/2013

SOA Migration, Adoption, and Reuse Technique Family Members

This information sheet describes the SOA Migration, Adoption, and Reuse Technique (SMART), its benefits, and the SMART "family members."

05/09/2013

Software Assurance Competency Model

This Software Assurance Competency Model helps create a foundation for assessing and advancing the capability of software assurance professionals.

12/10/2012

Architecture Practices Initiative

The SEI Architecture Practices Initiative aims to improve product development and quality by using architecture to gain early confidence in achieving system-related business and mission goals.

06/06/2012

Advanced Software Architecture Workshop

Information sheet describing the Advanced Software Architecture Workshop

05/30/2012

Report from the First CERT-RMM Users Group Workshop Series

This report describes the first CERT RMM Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff.

05/03/2012

A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders

This report presents an example of an enterprise architectural pattern, Increased Monitoring for Intellectual Property (IP) Theft by Departing Insiders, to help organizations plan, prepare, and implement a means to mitigate the risk of insider theft of IP.

05/01/2012

Source Code Analysis Laboratory (SCALe)

This report details the CERT Program's Source Code Analysis Laboratory (SCALe), a proof-of-concept demonstration that software systems can be conformance tested against secure coding standards, and provides an analysis of selected software systems.

05/01/2012

Insider Threat Security Reference Architecture

This technical report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat to organizations from its own insiders. The ITSRA draws from existing best practices and standards as well as from analysis of real insider threat cases to provide actionable guidance for organizations to improve their posture against the insider threat.

04/25/2012

It Takes an Ecosystem

This presentation introduces the STRategic Ecosystem Analysis Method (STREAM), which uses the architecture construct of a view to reduce model complexity.

03/27/2012

CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1

This technical note maps CERT® Resilience Management Model (CERT®-RMM) process areas to certain National Institute of Standards and Technology (NIST) special publications in the 800 series.

03/22/2012

What’s New in V2 of the Architecture Analysis & Design Language Standard?

This report provides an overview of changes and improvements to the Architecture Analysis & Design Language (AADL) standard for describing both the software architecture and the execution platform architectures of performance-critical, embedded, real-time systems.

03/05/2012

Principles of Trust for Embedded Systems

This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular.

02/27/2012

Architecting Software the SEI Way--Analyzing and Evaluating Enterprise Architectures

John Klein reviews the SEI perspective on architecture-centric engineering, and discusses how this approach scales from its original software context through systems-of-systems.

02/27/2012

Architecting Software the SEI Way--Architecture Evaluation: A Tool for Designing Systems That Meet Users' Needs

At this 2012 event, Felix Bachmann discussed the concepts used by an Architecture Tradeoff Analysis Method (ATAM) that make an evaluation successful, which can be integrated into the architecture design process to ensure the creation of successful systems.

02/27/2012

Architecting Software the SEI Way--Software Architecture Fundamentals: Technical, Business, and Social Influences

Although software architecture is a key factor in determining the success or failure of a software system, software professionals throughout the industry continue to struggle with questions like: What exactly is a software architecture? Why is software architecture important?

02/27/2012

Mission Risk Diagnostic (MRD) Method Description

The SEI has developed the Mission Risk Diagnostic (MRD) to assess risk in interactively complex, socio-technical systems across the life cycle and supply chain.

02/16/2012

Deriving Software Security Measures from Information Security Standards of Practice

This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security.

02/13/2012

Risk-Based Measurement and Analysis: Application to Software Security

This report presents the foundational concepts of a risk-based approach for software security measurement and analysis and provides an overview of the IMAF and the MRD.

01/27/2012

SEI Technologies Forum-- Software Acquisition Program Dynamics

This January 2012 webinar discusses SEI efforts to improve acquisition program staff decision making in order to reduce program cost, schedule, and quality failures.

01/27/2012

SEI Technologies Forum-- The Insider Threat: Lessons Learned from Actual Insider Attacks

The Insider Threat Center at CERT, which has been researching insider threats since 2001, has built an extensive library and comprehensive database containing more than 700 actual cases of insider cyber crimes. This presentation will describe findings from our analysis of three primary types of insider cyber crimes: IT sabotage, theft of information, and fraud. All CERT insider threat research focuses on both the technical and behavioral aspects of actual compromises.

01/26/2012

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

This book describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by senior officials within any organization.

01/20/2012

Spotlight On: Malicious Insiders and Organized Crime Activity

This report defines malicious insiders and organized crime and provides a snapshot of who malicious insiders are, what and how they strike, and why.

12/30/2011

An Investigation of Techniques for Detecting Data Anomalies in Earned Value Management Data

This research demonstrated the effectiveness of various statistical techniques for discovering quantitative data anomalies.

12/30/2011

Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE)

The method of quantifying uncertainty described in this report synthesizes scenario building, Bayesian Belief Network (BBN) modeling and Monte Carlo simulation into an estimation method that quantifies uncertainties, allows subjective inputs, visually depicts influential relationships among program change drivers and outputs, and assists with the explicit description and documentation underlying an estimate.

12/30/2011

A Closer Look at 804: A Summary of Considerations for DoD Program Managers

The information in this report is intended to help program managers reason about actions they may need to take to adapt and comply with the Section 804 NDAA for 2010 and associated guidance.

12/21/2011

Using Defined Processes as a Context for Resilience Measures

This technical note, which builds on two previous reports, describes how implementation-level processes can provide the necessary context for identifying and defining measures of operational resilience.

10/31/2011

Agile Methods: Selected DoD Management and Acquisition Concerns

This technical note addresses some of the key issues that either must be understood to ease the adoption of Agile or are seen as potential barriers to adoption of Agile in the DoD acquisition context.

10/11/2011

Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination

This technical note presents an insider threat pattern on how organizations can combat insider theft of intellectual property. The technical note describes how to use the centralized log storage and indexing engine Splunk to detect malicious insider behavior on a network.

10/05/2011

An Acquisition Perspective on Product Evaluation

This technical note focuses on software acquisition and development practices related to the evaluation of products before, during, and after implementation. From engagements with numerous DoD acquisition programs, it has been observed that a number of recurring issues reduce the effectiveness of how software-reliant products are evaluated. An acquisition effort consists of identifying the customer’s needs, selecting or developing a product that is responsive to those needs, and then evaluating the product to determine if it properly addresses the identified needs. This technical note describes the Product Evaluation (verification, validation, and certification) process including test, reviews, and formal methods. It also makes the argument that Product Evaluation should not be deferred until after a product has been built, but should begin as soon as the customer’s needs have been identified and should continue throughout the acquisition effort

09/30/2011

2010 CERT Research Report

The CERT Research Report highlights our accomplishments and activities in successfully executing our research strategy.

09/16/2011

The CERT Oracle Secure Coding Standard for Java

This book is the first comprehensive compilation of code-level requirements for building secure systems in JAVA. Organized by CERT’s software security experts, it covers every facet of secure software coding with Java 7 SE and Java 6 SE.

09/06/2011

Help with Adoption of Software Product Lines

This one-pager was produced for SPLC 2011 and focuses on how the SEI provides various types of software product lines training.

08/18/2011

How to Sell Process Improvement

08/10/2011

Architecture Competence

To improve architecture capability, the SEI has developed a diagnostic method to systematically assess your architecture competence at the individual, team, and organizational levels.

08/10/2011

Keeping Your Family Safe in a Highly Connected World

Because of the anonymity provided by networked devices, our families are more likely to be attacked, be victims of theft, be subjected to inappropriate people or materials, or become involved unknowingly in illegal activities over a networked device than they are in person. This document discusses various dangers to be aware of and safeguards to reduce the risk of these dangers.

07/26/2011

Measures for Managing Operational Resilience

In this report, Resilient Enterprise Management (REM) team members suggest a set of top ten strategic measures for managing operational resilience. These measures derive from high-level objectives of the ORM system defined in the CERT® Resilience Management Model, Version 1.1 (CERT®-RMM).

07/20/2011

A Decision Framework for Selecting Licensing Rights for Noncommercial Computer Software in the DoD Environment

This report describes standard noncommercial software licensing alternatives as defined by U.S. government and Department of Defense (DoD) regulations. It also suggests an approach for objectively identifying agency needs for license rights and the appropriate license type for systems with noncommercial computer software or as standalone software in the DoD environment.

06/07/2011

Hands-On Software Architecture Course

A one-page brochure about the SEI's hands-on software architecture course.

06/02/2011

A Preliminary Model of Insider Theft of Intellectual Property

This report presents research about insider theft of intellectual property.

04/29/2011

Trusted Computing in Embedded Systems Workshop

This report describes the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University.

04/21/2011

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0

This document, first in the Best Practices for National Cyber Security series, provides information that interested organizations and governments can use to develop a national incident management capability.

03/31/2011

Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi

This report, the third volume in the Software Assurance Curriculum Project sponsored by the U.S. Department of Homeland Security, provides sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.

03/24/2011

Application of the CERT® Resilience Management Model at Lockheed Martin

Presented at SEPG North America 2011 on Thursday, March 24

03/24/2011

Using CERT-RMM in a Software and System Assurance Context

Presented at SEPG North America 2011 on Thursday, March 24

02/28/2011

A Framework for Evaluating Common Operating Environments: Piloting, Lessons Learned, and Opportunities

This report explores the interdependencies among common language, business goals, and soft-ware architecture as the basis for a common framework for conducting evaluations of software technical solutions.

02/25/2011

Function Extraction (FX) Research for Computation of Software Behavior: 2010 Development and Application of Semantic Reduction Theorems for Behavior Analysis

This 2011 report presents the findings of an SEI study that have been implemented in a system for malware analysis and improved capabilities for behavior computation in other applications.

02/18/2011

An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases

This report provides an overview of techniques employed by malicious insiders to steal intellectual property, including the types of assets targeted and the methods used to remove the information from a victim organization’s control. The report closes with a brief discussion of mitigating factors and strategic items that an organization should consider when defending against insider attacks on intellectual property.

02/08/2011

Network Monitoring for Web-Based Threats

This report provides detection and prevention methods to counter an approach that a focused attacker would need to take in order to breach an organization through web-based protocols.

01/28/2011

Architecture Tradeoff Analysis Method (ATAM)

This information sheet describes the Architecture Tradeoff Analysis Method (ATAM.)

01/17/2011

Trust and Trusted Computing Platforms

This technical note examines the Trusted Platform Module, which arose from work related to the Independent Research and Development project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as a Foundation for Cyber Security."

This 2010 report describes the (AIM which helps an organization to implement high-performance, high-quality CMMI practices much more quickly than industry norms.

12/31/2010

Adaptive Flow Control for Enabling Quality of Service in Tactical Ad Hoc Wireless Networks

This report details the results from 18 experiments to investigate Adaptive Quality of Service, an approach to enable applications to fulfill their missions despite network infrastructure limitations.

12/30/2010

Leadership, Teamwork, and Trust: Building a Competitive Software Capability

This book discusses the importance of knowledge work to the success of modern organizations and explains the necessary steps for reshaping the way in which software development is conducted.

12/28/2010

Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

The Source Code Analysis Laboratory (SCALe) tests software applications for conformance to one of the CERT® secure coding standards. Though SCALe can be used in various capacities, it is particularly significant for conformance testing of energy delivery systems because of their critical importance.

12/28/2010

A Taxonomy of Operational Cyber Security Risks

This report presents a taxonomy of operational cyber security risks. This report discusses the harmonization of the taxonomy with other risk and security activities.

12/17/2010

Beyond Technology Readiness Levels for Software: U.S. Army Workshop Report

This report synthesizes presentations, discussions, and outcomes from the "Beyond Technology Readiness Levels for Software" workshop from August 2010.

12/16/2010

Enabling Agility Through Architecture

Enabling Agility Through Architecture: A Crosstalk article by Nanette Brown, Rod Nord, and Ipek Ozkaya.

11/17/2010

A Workshop on Analysis and Evaluation of Enterprise Architectures

This report summarizes a workshop on the analysis and evaluation of enterprise architectures that was held at the SEI in April of 2010.

11/12/2010

CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

This book presents best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these into a unified CMM that encompasses security, business continuity, and IT operations.

11/11/2010

Strategic Planning with Critical Success Factors and Future Scenarios: An Integrated Strategic Planning Framework

This report explores the value of enhancing typical strategic planning techniques with the CSF method and scenario planning.

11/09/2010

Virtual Integration Demonstration

This 35-minute software architecture modeling demonstration describes an approach for virtual integration in system development.

11/08/2010

Maximizing the Investment from Your Software Product Portfolio (Webinar)

Linda Northrop describes the basic concepts of software product lines, summarizing the software engineering and management practices needed for a product line approach.

10/05/2010

Securing Information in the Health-Care Industry: Network Security, Incident Management, and Insider Threat

In this webinar Greg Porter and Randy Trzeciak, discuss the effects of the new regulations on the health-care industry and some of the essential elements that healthcare technology executives should consider in order to secure patient information and systems from external threats. As well as, the increasing risks of insider threat within organizations, the key factors influencing an insider's decision to act, the technical and non-technical indicators and precursors of malicious acts, and the countermeasures that could improve the survivability and resiliency of the organization. (1 hr:31 mins)

09/30/2010

Success in Acquisition: Using Archetypes to Beat the Odds

This report describes key elements in systems thinking, provides an introduction to general systems archetypes, and applies these concepts to the software acquisition domain.

09/30/2010

Program Executive Officer Aviation, Major Milestone Reviews: Lessons Learned Report

This report documents ideas and recommendations for improving the overall acquisition process and presents the actions taken by project managers in several programs to develop, staff, and obtain approval for their systems.

09/30/2010

Suggestions for Documenting SOA-Based Systems

This report provides suggestions for documenting service-oriented architecture-based systems based on the Views & Beyond (V&B) software documentation approach.

09/30/2010

Documenting Software Architectures: Views and Beyond, Second Edition

This book provides the most complete and current guidance on how to capture a software architecture in a commonly understandable form.

09/29/2010

Measuring Operational Resilience Using the CERT Resilience Management Model

This 2010 report begins a dialogue and establishes a foundation for measuring and analyzing operational resilience.

09/22/2010

Securing Information in the Health-Care Industry: Network Security, Incident Management, and Insider Threat (Webinar)

Greg Porter and Randy Trzeciak provide some essential elements that healthcare technology executives should consider in order to secure patient information and systems from external threats.

08/31/2010

Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum

This report contains a master of software assurance curriculum that educational institutions can use to create a degree program or track.

08/31/2010

Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines

This report focuses on an undergraduate curriculum specialization for software assurance.

08/31/2010

Measurement and Analysis Infrastructure Diagnostic, Version 1.0: Method Definition Document

This 2010 report is a guidebook for conducting a Measurement and Analysis Infrastructure Diagnostic (MAID) evaluation.

08/25/2010

Exploring Acquisition Strategies for Adopting a Software Product Line

Some basics of software product line practice, the challenges that make product line acquisition unique, and three basic acquisition strategies are all part of this white paper.

08/25/2010

Speculations on Coordination Models

Len Bass's keynote presentation from ICGSE 2010 talks about the structure of coordination models, especially after development has begun.

08/20/2010

COVERT: A Framework for Finding Buffer Overflows in C Programs via Software Verification

This report presents COVERT, an automated framework aimed at finding buffer overflows in C programs using state-of-the-art software verification tools and techniques.

08/20/2010

Relating Business Goals to Architecturally Significant Requirements for Software Systems

This report attempts to facilitate better elicitation of high-pedigree quality attribute requirements by understanding how business goals influence quality attribute requirements and architectures.

08/18/2010

Risk Management Framework

This report details a framework that documents best practices for risk management and an approach for evaluating a program’s risk management practice in relation to this framework.

07/30/2010

Adapting the SQUARE Process for Privacy Requirements Engineering

This 2010 report explores how the SQUARE process can be adapted for privacy requirements engineering in software development.

07/28/2010

Transforming Your Operational Resilience Management Capabilities: CERT’s Resilience Management Model (Webinar)

Rich Caralli, architect of CERT’s Resilience Management Model (CERT RMM), will describe how an organization can use the RMM to transform its operational resilience.

07/07/2010

Software Architecture Fundamentals: Technical, Business, and Social Influences (Webinar)

Rob Wojcik discusses the the role that software architecture plays in an organization, the role of quality attribute requirements in architectural design, and more.

06/30/2010

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

This document -- first in the Best Practices for National Cyber Security Series - provides insight that interested organizations and governments can use to begin to develop a national incident management capability.

06/30/2010

Performance Effects of Measurement and Analysis: Perspectives from CMMI High Maturity Organizations and Appraisers

This 2010 report describes results from two recent studies conducted by the SEI to survey the measurement and analysis activities of software systems development organizations.

06/30/2010

Software Product Lines: Report of the 2010 U.S. Army Software Product Line Workshop

This report synthesizes presentations and discussions from a 2010 workshop to discuss product line practices and operational accomplishments.

06/29/2010

Critical Lessons Learned in the Content and Delivery of Six Sigma Training (Webinar)

In this webinar, Robert W. Stoddard and David Zubrow summarize critical lessons learned from several large corporations in both the content and delivery of Six Sigma training.

06/17/2010

Considerations for Using Agile in DoD Acquisition

This 2010 report explores the questions: Can Agile be used in the DoD environment? If so, how?

06/16/2010

Securing Global Software Supply Chains

This webinar will discuss an ongoing SEI effort to develop an approach for assessing software supply chains and identifying the associated software assurance risks. (48 mins)

06/07/2010

Data Rights for Proprietary Software Used in DoD Programs

This report examines how data rights issues were addressed in the TSAT program, reviews additional concerns posed by the use of commercial software in the TSAT program’s Space Segment, and reviews data rights concerns for software incorporated in the GPS program.

06/07/2010

Java Concurrency Guidelines

The CERT Oracle Secure Coding Standard for Java provides guidelines for secure coding in the Java programming language. This report documents the portion of those Java guidelines that are related to concurrency.

06/04/2010

Specifications for Managed Strings, Second Edition

This report describes a managed string library for the C programming language.

06/01/2010

Survivability Analysis Framework

Description of a framework (Survivability Analysis Framework) used to examine the elements of an operational process and evaluate the survivability and effectiveness of the linkage among roles, dependencies, constraints, and risks to achieve critical operational capabilities.

05/25/2010

The Illusion of Certainty - Paper

In this 2010 paper, Grady Campbell - delivered at the 7th Acquisition Research Symposium - argues that a new approach to acquisition is needed that recognizes that hiding uncertainty is detrimental to success.

05/25/2010

The Illusion of Certainty - Presentation

presentation given at the 7th Annual Acquisition Research SymposiumNaval Postgraduate School, Monterey, CA, May 2010

05/21/2010

CERT Resilience Management Model, Version 1.0

This report presents the CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.

05/20/2010

Identifying Anomalous Port-Specific Network Behavior

A method for identifying network behavior that my be a sign of coming internet-wide attacks is presented.

05/14/2010

The Hard Choices Game Explained

The Hard Choices game is a simulation of the software development cycle meant to communicate the concepts of uncertainty, risk, options, and technical debt. In the quest to become market leader, players race to release a quality product to the marketplace. By the end of the game, everyone has experienced the implications of investing effort to gain an advantage or of paying a price to take shortcuts, as they em-ploy design strategies in the face of uncertainty.

05/14/2010

Maximizing your Process Improvement ROI through Harmonization

This white paper is an executive overview of the business value in harmonizing process improvement efforts when multiple improvement technologies, models and standards are in use. It proceeds with an overview of a harmonization approach that reaches from strategy to tactics and connects enterprise and discipline specific improvement.

05/04/2010

QUality Assessment of System Architectures and their Requirements (QUASAR) (SoSECIE 2010)

one hour overview presented as a DoD and NDIA System-of-Systems Engineering Collaborator’s Information Exchange (SoSECIE) Webinar on May 18, 2010

05/04/2010

Keynote: Engineering Safety-and Security-Related Requirements for Software-Intensive Systems (ICSE 2010)

Keynote presentation by Donald Firesmith at SESS’10, as part of the 32nd ACM/IEEE International Conference on Software Engineering (ISCE’2010) in Cape Town, South Africa.

05/04/2010

Engineering Safety- and Security-Related Requirements for Software-Intensive Systems (ICSE 2010)

presentation given at the 22nd Annual Systems and Software Technology Conference (SSTC 2010) in Salt Lake City, Utah on April 26-29, 2010.

05/04/2010

Engineering Safety-and Security-Related Requirements for Software-Intensive Systems (ICSE 2010)

presentation given at the 32nd International Conference on Software Engineering 4 May 2010

04/30/2010

We Have All Been Here Before: Recurring Patterns Across 12 U.S. Air Force Acquisition Programs

presentation given by William Novak and Ray Williams at the 2010 Systems and Software Technology Conference (SSTC) on April 29, 2010

04/30/2010

Status of Ongoing Work in Software TRAs/TRLs

In this 2010 presentation, Michael Bandor and Suzanne Garcia-Miller focus on software issues and shortfalls observed during the DoD Technology Readiness Assessment (TRA) processes.

04/30/2010

Characterizing Technical Software Performance Within System of Systems Acquisitions: A Step-Wise Methodology

Bryce Meyer and James Wessel provide a 10-step method for planning/assessing software performance, allowing for respective improvement of architecture and test processes.

04/30/2010

Measurement That Works -- Really!

James Wessel focuses on software measurement practices that Army acquisition organizations find useful for software issue identification, tracking, and active control of programs.

04/30/2010

Why Is R&D in the Cyber and Software Engineering Environment Different? (SSTC 2010)

Terry Roberts addresses why R&D in cyber and software engineering is different, how to research the federal lab landscape for opportunities, and how focus our R&D initiatives.

04/06/2010

Selecting Middleware Technologies

presentation made by Patricia Oberndorf Thomas Merendino, & Soumya Simanta at the at the Systems and Software Technology Conference, Salt Lake City, UT, April 26, 2010

04/06/2010

Open Systems: What’s Old Is New Again

presentation made by Patricia Oberndorf & Carol Sledge at the Systems and Software Technology Conference, Salt Lake City, UT, April 27, 2010

04/06/2010

Evolution of a Software Engineer in a SoS System Engineering World

This presentation was given by Patricia Oberndorf and Carol A. Sledge of the Software Engineering Institute (SEI) on April 6, 2010 at the IEEE Systems Conference in San Diego, CA.

03/18/2010

SEI Software Product Line Diagnostics

Three diagnostic tools for understanding an organization's readiness for and initial approach to software product lines

03/18/2010

Assessing and Improving Architecture Competence

Achieving architecture competence will ensure that you realize the benefit of architecture-centric practice, including the alignment of your architecture to your business goals and predictable, routine success in architecture.

03/12/2010

Designing Software Architecture to Achieve Business Goals

Designing Software Architecture to Achieve Business Goals: a presentation by Len Bass given to the Academy for Software Engineering Education and Training on March 12, 2010.

01/29/2010

SEI Software Product Line Curriculum

Enhance your skills in software product line adoption and learn how to employ the proven strategies and techniques that make software product lines successful.

01/18/2010

Acquisition Archetype: Shooting the Messenger

When problems are detected in programs, everyone needs to listen and work together towards a solution. Shooting the messenger only delays the process, and hurts program morale.

01/12/2010

Process Improvement in Multimodel Environments: A Three-Year Project Proposed by the SEI

The Process Improvement in Multimodel Environments (PrIME) project will span a breadth of topics that are needed for an organization to be successful with process improvement in multimodel environments. The project will concentrate on several subsets of models and standards that are commonly used in industry, such as Six Sigma, CMMI®, Lean, and Agile methods.

12/31/2009

Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report

Criteria and standards to certify an organization as a COE are presented in this Carnegie Mellon Software Engineering Institute preliminary report.

12/18/2009

A Structured Approach for Reviewing Architecture Documentation

This 2009 technical note proposes a structured approach for reviewing architecture documentation that is centered on the documentation's stakeholders.

11/30/2009

An Everyday Example of Architecture Documentation: Subway Maps

This white paper explores the idea that subway maps provide a good, common example of architecture documentation and that they might be instructive about good software architecture documentation,

11/24/2009

Talking Architects with Len Bass

Video of interview with the SEI's Len Bass, co-author of Software Architecture in Practice, about quality attributes (non-functional requirements) in an agile development environment

11/17/2009

Evaluating Artifact Quality from an Appraisal Perspective

This report explores the lack of agreement among SCAMPI Lead Appraisers about what “artifact quality” means in the SCAMPI process context.

11/17/2009

Evaluating Process Quality from an Appraisal Perspective

This report explores the lack of agreement among SCAMPI Lead Appraisers about what “process quality” means in the SCAMPI process context.

10/29/2009

Data Model as an Architectural View

This 2009 report describes the data model as an architectural style in an effort to help architects apply this style to create data model architectural views.

10/15/2009

Acquisition Archetypes: Brooks' Law

This April 2009 whitepaper focuses on the problems of underspending, which can result in funds being shifted from one acquisition program to another.

10/15/2009

Acquisition Archetypes: Happy Path Testing

When time and budget are tight, it's tempting to follow the "happy path" in testing. But be careful: it may be a path that brings your program great unhappiness.

09/30/2009

Lessons Learned from a Large, Multi-Segment, Software-Intensive System

This 2009 report contains a series of observations and their associated lessons learned from a large, multi-segment, software-intensive system.

08/24/2009

The Personal Software Process (PSP) Body of Knowledge, Version 2.0

The Personal Software Process (PSP) body of knowledge (BOK) contained in this report provides guidance to software professionals who are interested in using proven-effective, disciplined methods to improve their personal software development process.

08/13/2009

Secure Coding

Led by Robert Seacord, the Secure Coding Initiative (SCI) within CERT works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before software becomes operational. SCI is developing secure coding standards for commonly used programming languages such as C, C++, and Java. These standards can be used to improve and assess the security and overall quality of software through training, automated analysis, code review, and other processes. (59 mins)

08/04/2009

Realizing and Refining Architectural Tactics: Availability

Tactics are fundamental elements of software architecture that an architect employs to meet a system's quality requirements. This report describes an updated set of tactics that enable the architect to build availability into a system.

08/01/2009

Formulation of a Production Strategy for a Software Product Line

This 2009 report describes a technique for formulating the production strategy of a production system.

08/01/2009

Being Your Own Boss—Part IV: Being a Victim

07/10/2009

Building Process Improvement Business Cases Using Bayesian Belief Networks and Monte Carlo Simulation

This SEI report describes the results of a joint effort to build a business case using high maturity measurement approaches that require limited measurement effort.

07/10/2009

People CMM (Version 2)

06/30/2009

Incremental Development in Large-Scale Systems: Finding the Programmatic IEDs

This paper explores how continued use of the acquisition roadmaps opens up the potential for running into program pitfalls (programmatic IEDs) that aren’t acknowledged on the map at hand.

06/01/2009

Documenting Software Architectures Podcast

Paul Clements talks about best practices for communicating (documenting) software architectures and summarizes key points from the book Documenting Software Architectures: Views and Beyond and the related two-day course, Documenting Software Architectures.

06/01/2009

Measurement for Improvement: Successful Measurement Practices Used in Army Software Acquisition

This report summarizes the findings of a study conducted for the Army to find and describe software measurement practices that are being used successfully.

06/01/2009

Incorporating Software Requirements into the System RFP: Survey of RFP Language for Software by Topic, v. 2.0

The 2009 report defines and communicates software engineering and management events necessary to support the successful acquisition of software-intensive systems.

04/23/2009

Acquisition Archetypes: Robbing Peter to Pay Paul

This April 2009 whitepaper is one in a short series of acquisition failures. This paper focuses on the problems of underspending, which can result in funds being shifted from one program to another.

04/23/2009

Acquisition Archetypes: Longer Begets Bigger

Planning for a long development period doesn't always solve acquisition scheduling problems. Sometimes it makes them worse.

04/21/2009

Assurance Cases for Design Analysis of Complex System of Systems Software

This paper discusses the application of assurance cases as a means of building confidence that the software design of a complex system of systems will actually meet the operational objectives set forth in the project’s top-level requirements.

04/20/2009

MFESA One-Day Tutorial SSTC 2009

Donald Firesmith of the SEI presented a one-day tutorial in the Method Framework for Engineering Systems Architectures (MFESA) at the 2009 SSTC in April 2009.

04/01/2009

Software Product Lines: Report of the 2009 U.S. Army Software Product Line Workshop

This report is a synthesis of the presentations and discussions that took place during the 2009 U.S. Army Software Product Line Workshop.

04/01/2009

A Workshop on Architecture Competence

This report summarizes a June 2008 architecture competence workshop where practitioners discussed key issues in assessing architecture competence in organizations.

03/24/2009

Acquisition Process Improvement in Stealth Mode: is It IDEAL?

This presentation was given by Joe Wickless of the Software Engineering Institute (SEI) in March 2010 at SEPG North America 2009, held in San Jose, CA.

03/23/2009

Tutorial: The Method-Framework for Engineering System Architectures (MFESA)

Tutorial: The Method-Framework for Engineering System Architectures (MFESA). Delivered by Donald Firesmith at the IEEE International Systems Conference, March 23-26, 2009.

03/23/2009

An Innovative Requirements Solution: Combining Six Sigma KJ Language Data Analysis With Automated Content Analysis

This March 2009 presentation, An Innovative Requirements Solution, was presented by Ira Monarch, Dennis Goldenson, and Robert W. Stoddard at SEPG North America 2009.

03/23/2009

Method Framework for Engineering System Architecture

This brief tutorial of the Method Framework for Engineering System Architecture was delivered in March 2009 at the IEEE International Systems Conference by Donald Firesmith.

03/06/2009

Acquisition Archetypes: Everything for Everybody

When projects attempt to please too many customers, complexity mounts, schedules slip, costs expand ... and no one is happy.

03/05/2009

Method Framework for Engineering System Architectures, The

To be successful, every system needs a good architecture and that requires the use of a good architecture engineering method. However, systems vary greatly in size, complexity, criticality, domain, operational dependence on other systems, the technology used and its diversity, requirements volatility, required quality characteristics and attributes, and volatility of technology and component parts. (1hr:3 mins)

03/01/2009

Secure Design Patterns

This 2009 SEI report describes a set of secure design patterns, which are meant to eliminate the accidental insertion of vulnerabilities into code.

02/12/2009

Overview of a Proactive Software Product Line Acquisition Approach

presented at the SEI Army Software Product Line Workshop, February 12, 2009

02/12/2009

Approach to Software Product Line Acquisition Planning, An

presented at the SEI Army Software Product Line Workshop, February 12, 2009

02/12/2009

Diamond Software Product Family Product Centered Organization (PCO)

Presented: February 2009

02/12/2009

Army Software Product Line Workshop

This page contains the slides from the “Army Software Product Line Workshop,” which was hosted by Linda M. Northrop of the Software Engineering Institute (SEI) in February 2009.

02/12/2009

Army Software Product Line Workshop SPL Overview

This page contains the slides from the “Army Software Product Line Workshop,” which was hosted by Linda M. Northrop of the Software Engineering Institute (SEI) in February 2009.

02/01/2009

Use and Organizational Effects of Measurement and Analysis in High Maturity Organizations: Results from the 2008 SEI State of Measurement and Analysis Practice Surveys

This 2009 report contains results from a survey of high maturity organizations conducted by the Software Engineering Institute (SEI) in 2008.

01/01/2009

High-Fidelity E-Learning: The SEI's Virtual Training Environment (VTE)

This 2009 document describes the tenets of high-fidelity e-learning, describes how VTE reflects these, and summarizes how organizations have used and are using VTE.

12/10/2008

The Method Framework for Engineering System Architectures (MFESA)

A tutorial on the Method Framework for Engineering System Architectures (MFESA) delivered at ICSSEA 2008 on December 10, 2008.

12/01/2008

Survey of Systems Engineering Effectiveness - Initial Results, A

This survey quantifies the relationship between the application of Systems Engineering (SE) best practices to projects and programs, and the performance of those projects and programs.

11/18/2008

Video About the SEPG Conference

A 2008 video presenting an overview of the SEPG conference.

11/15/2008

Process Improvement and CMMI: Developing Complex Systems Using CCMI to Achieve Effective Systems and Software Engineering Integration

Presentation by Kenneth Nidiffer, Director of Strategic Plans for Government Programs (SEI), from the 8th Annual CMMI Technology Conference and User Group, November 2008.

11/12/2008

The Last Phase of Process Change - Deployment

A presentation made by Rick Barbour and Barbara Tyson at the 8th Annual CMMI Technology and Users Conference in November 2008. The Last Phase of Process Change - Deployment

11/01/2008

Can You Trust Your Data? Establishing the Need for a Measurement and Analysis Infrastructure Diagnostic

This report describes common errors in measurement and analysis, and discusses the need for a criterion-based assessment method that allows organizations to evaluate their measurement programs.

10/18/2008

How Future Trends in Systems and Software Engineering Bode Well for Enabling Improved Acquisition and Performance of Defense Systems

Kenneth Nidiffer delivered this presentation at the 11th Annual Systems Engineering Conference in October 2008.

10/14/2008

CERT C Secure Coding Standard

This book documents the first official release of the CERT C Secure Coding Standard, which itemizes those coding errors that are the root causes of software vulnerabilities in C.

10/14/2008

This presentation on business process lines to service-oriented architecture through the software product lines paradigm was delivered by five members of the University of Bari in 2008.

08/01/2008

How Mexico is Doing It

08/01/2008

Preview of the Mission Assurance Analysis Protocol (MAAP): Assessing Risk and Opportunity in Complex Environments

The purpose of this 2008 document is to preview a core set of activities and outputs that define a MAAP assessment.

07/18/2008

Process Improvement in Multi-Model Environments (PrIME)

In this presentation, currently available strategic and tactical methods for multi-model improvement are presented. (1 hr:9 mins)

07/01/2008

Software Product Line Essentials

Presented: July 2008

06/11/2008

Podcast: Becoming A Smart Buyer of Software

In this podcast, Brian Gallagher, former director of the Acquisition Support Program at the SEI, discusses what business leaders need to know when acquiring or purchasing software, along with implications for security.

06/04/2008

Future Trends in Systems and Software Engineering

presentation from the Second Annual Systems Engineering Conference of the National Reconnaissance Office on June 4, 2008

06/02/2008

Evaluating Service-Oriented Architectures

The emergence of service-oriented architecture (SOA) as an approach for integrating applications that expose services presents many new challenges to organizations resulting in significant risks to their business. Particularly important among those risks are failures to effectively address quality attribute requirements such as performance, availability, security, and modifiability. Because the risk and impact of SOA are distributed and pervasive across applications, it is critical to perform an architecture evaluation early in the software life cycle. This report contains technical information about SOA design considerations and tradeoffs that can help the architecture evaluator to identify and mitigate risks in a timely and effective manner. The report provides an overview of SOA, outlines key architecture approaches and their effect on quality attributes, establishes an organized collection of design-related questions that an architecture evaluator may use to analyze the ability of the architecture to meet quality requirements, and provides a brief sample evaluation.

06/01/2008

A Specification for Software Project Performance Measures

06/01/2008

04/08/2008

Identifying Acquisition Patterns of Failure Using System Archetypes

This presentation was given by Linda Levine and Bill Novak of the SEI’s Acquisition Support Program at the IEEE Systems Conference in April 2008.

04/01/2008

Making SIMPLE Decisions about Software Product Lines

03/20/2008

Tools Supporting CMMI High Maturity for Small Organizations 2008

Presented in September 2008 by Robert Stoddard.

03/20/2008

High Maturity Measurement Workshop

Presented by Dennis Goldenson and Bob Stoddard in March 2008.

03/20/2008

Interpreting CMMI High Maturity for Small Organizations 2008

Presented in September 2008 by Robert Stoddard.

03/12/2008

The Method-Framework for Engineering Systems Architectures (MFESA)

Presented by Don Firesmith on March 12, 2008

03/10/2008

Acquisition Archetypes: Firefighting

All hands on deck helps put out the immediate blazes threatening projects, but falling into a routine of constant firefighting is not the way to guide a project across the finish line.

03/04/2008

Acquisition Archetypes: PMO versus Contractor Hostility

Everyone intends the best in project-driven marriages of PMOs and contractors, but good intentions can't overcome the hostility generated by loss of trust and squabbles in poorly developed relationships.

03/04/2008

Acquisition Archetypes: Feeding the Sacred Cow

Some programs take on a life of their own--privileged, and woven into an organization's existence. But when "sacred cow" projects begin to go wrong, that privilege and protection makes fixing them even more difficult.

03/01/2008

Cyber Attack Scenarios Test Responses

03/01/2008

Being Your Own Boss—Part V: Building Trust

03/01/2008

Lessons Learned Applying the Mission Diagnostic

This technical note describes the adaptation of the Mission Diagnostic (MD) necessary for a customer and the lessons we learned from its use.

03/01/2008

Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success

This 2008 document describes the core set of activities and outputs that defines mission diagnostic protocol (MDP).

03/01/2008

Incident Management Mission Diagnostic Method, Version 1.0

This 2008 report provides a quick evaluation of the potential for success of an organization’s computer security or cyber-security incident management capability (IMC).

03/01/2008

Process Architecture in a Multimodel Environment

This paper was presented at the Hard Questions for Process Improvement in Multimodel Environments Workshop on May 8, 2008. This white paper is the third in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to consider.

03/01/2008

Implementation Challenges in a Multimodel Environment

03/01/2008

Improvement Technology Classification and Composition in Multimodel Environments

02/01/2008

Tackling the Growing Botnet Threat

02/01/2008

ASSIP Study of Real-Time Safety-Critical Embedded Software-Intensive System Engineering Practices

This report presents findings of a study of RTSCE software-intensive systems issues and develop recommendations for effectively dealing with those issues.

01/01/2008

Performance Improvement: It’s a Small World After All

01/01/2008

presented as part of the SEI Software Architecture Workshop for Educators, August 2007

08/02/2007

SEI Software Architecture Workshop for Educators (Presentation)

The Fourth SEI Software Architecture Workshop for Educators was held at the Software Engineering Institute in Pittsburgh, PA on July 31- August 2, 2007.

08/01/2007

Spider-Man 3 Developers to Discuss Process-Improvement Experience in SEPG Keynote

07/01/2007

Mitigating the Risk of Using Service-Oriented Architectures

07/01/2007

Incident Management Capability Metrics Version 0.1

This document presents metrics to provide a baseline or benchmark of incident management practices.

05/01/2007

Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes

This report explores the transformation of the disciplines of security and business continuity into processes designed to support and sustain operational resiliency.

05/01/2007

Quality-Attribute-Based Economic Valuation of Architectural Patterns

This 2007 report shows how an analysis of the options embodied within architectural patterns allows a software and system architect or manager to make reasoned choices about the future value of design decisions, considering this value along multiple quality attribute dimensions.

05/01/2007

+SAFE, V1.2: A Safety Extension to CMMI-DEV, V1.2

This technical report describes how to use +SAFE to appraise an organization's capability in developing, sustaining, maintaining, and managing safety-critical products.

04/19/2007

Engineering Performance-Critical Systems: meeting and exceeding performance, dependability, and interoperability goals

04/01/2007

Coming Soon: A New Version of the SEI's Framework for Software Product Line Practice

04/01/2007

Computer Forensics for Business Leaders: A Primer

03/29/2007

Improving Software Architecture Competence

Presented: March 2007

03/26/2007

Software Architecture Design with ArchE

Felix Bachmann, Lenn Bass, and Philip Bianco present ArchE, a tool that provides the right information at the right time for architect when designing software architecture.

03/22/2007

Predictable, Model-Based Engineering for Embedded Systems

03/01/2007

Modeling and Analysis of Information Technology Change and Access Controls in the Business Context

This report presents an overview of CERT progress in developing a system dynamics model of organizations’ typical use of change and access controls to support IT operations.

03/01/2007

Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks

This 2006 report describes the MERIT insider threat model and simulation results.

03/01/2007

Global Information Grid Survivability: Four Studies

Four studies from 2006 that explore an issue relevant to the survivability of networks which are systems of systems.

02/27/2007

Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

presentation given at the 6th IEEE International Conference on COTS-Based Software Systems (ICCBSS) 2007, Alberta, Canada (February-March 2007)

02/01/2007

SEI Publishes Framework for Software Process Research

02/01/2007

Large-Scale Work – Part VII: Process Discipline

02/01/2007

Protecting Against Insider Threat

02/01/2007

A Practical Example of Applying Attribute-Driven Design (ADD), Version 2.0

This 2007 report describes an example application of the ADD method, an approach to defining a software architecture in which the design process is based on the quality attribute requirements the software must fulfill.

01/19/2007

Learn to use the SAE AADL Standard Model-Based Engineering with SAE AADL

01/12/2007

SAE Architecture Analysis and Design Language Fact Sheet

The SAE AADL is an international standard for predictable model-based engineering of real-time and embedded computer systems.

01/01/2007

Large-Scale Work–Part VI: The Process

01/01/2007

FAQs Part 5: Getting Started

12/01/2006

A Process Research Framework

This book brings 27 leaders from academia and industry together to study the implications of both plausible future scenarios and existing process research.

12/01/2006

Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis

This report examines the psychological, technical, organizational, and contextual factors thought to contribute to espionage and insider sabotage against critical IT systems.

12/01/2006

In this report, five methods for the elicitation and expression of requirements are evaluated with respect to their ability to capture architecturally significant requirements.

08/01/2006

Systems of Systems: Scaling Up the Development Process

08/01/2006

Techniques for Developing an Acquisition Strategy by Profiling Software Risks

07/26/2006

Best Practices in Software Architecture

This presentation on best practices in software architecture was delivered by Paul C. Clements of the Software Engineering Institute (SEI) on July 26, 2006.

07/01/2006

QUASAR: A Method for the Quality Assessment of Software-Intensive System Architectures

This 2006 handbook documents the QUASAR (QUality Assessment of System ARchitectures) method for assessing the quality of the architecture of a software-intensive system.

07/01/2006

CERT Launches Secure Coding Standards Web Site

06/13/2006

The Adventures of Ricky and Stick

This book isn't an official guide to best practice, and it certainly isn't a textbook. But in a kind of off-beat way, it's an entertaining yet insightful look at some of the things that can really happen in software acquisition.

presentation delivered at the Systems & Software Technology Conference (SSTC): Transforming: Business, Security, Warfighting, in Salt Lake City, Utah, 1-4 May 2006

05/31/2006

Integrating Warfighter-Driven System-of-Systems Integration Into the Acquisition Life Cycle

presentation delivered at the Systems & Software Technology Conference (SSTC): Transforming: Business, Security, Warfighting, in Salt Lake City, Utah, 1-4 May 2006

05/31/2006

Transformation of a Software Development Organization Using Software Acquisition Practices: A Case Study

presentation delivered at the Systems & Software Technology Conference (SSTC): Transforming: Business, Security, Warfighting, in Salt Lake City, Utah, 1-4 May 2006

05/01/2006

Specifications for Managed Strings

05/01/2006

PROxy Based Estimation (PROBE) for Structured Query Language (SQL)

This 2006 report outlines a method for applying the PROxy Based Estimation (PROBE) technique to Structured Query Language (SQL).

05/01/2006

Sustaining Software-Intensive Systems

This report, published in 2006, discusses questions about sustaining new and legacy systems; the report presents definitions, related issues, future considerations, and recommendations for sustaining software-intensive systems.

05/01/2006

Applying OCTAVE: Practitioners Report

This document describes how the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method has been used and tailored to fit a wide range of organizational risk assessment needs.

05/01/2006

03/01/2006

Engineering Safety-Related Requirements for Software-Intensive Systems

01/02/2006

Future Trends of Software Technology and Applications: Software Architecture

Presented: January 2006

01/01/2006

Three Perspectives of Service-Oriented Architectures

01/01/2006

FAQs Part 3: Exploring the Issues More Deeply

01/01/2006

Proceedings of the First International Research Workshop for Process Improvement in Small Settings, 2005

This 2006 report includes papers from the Proceedings of the First International Research Workshop for Process Improvement in Small Settings workshop, and presents conclusions and next steps for process improvement in small settings.

12/01/2005

Software Acquisition Planning Guidelines

This 2005 handbook presents guidance for acquisition planning and strategy topics in a condensed form, and references the primary resources available for each topic.

12/01/2005

Categorizing Business Goals for Software Architectures

This report provides a categorization of possible business goals for software-intensive systems, so that individuals have some guidance in the elicitation, expression, and documentation of business goals.

12/01/2005

08/01/2005

04/01/2005

Large-Scale Work–Part IV: The Management System

04/01/2005

Large-Scale Work—Part III: The People

04/01/2005

Components of Software Architecture Design and Analysis, The

The Components of Software Architecture Design and Analysis

This 2005 report documents the ways in which the organizational and project management environment for system development can support or reject improved quality requirements elicitation mechanisms.

03/01/2005

U.S. Army Acquisition: The Program Executive Officer Perspective

03/01/2005

Software Product Lines: Experiences from the Seventh DoD Software Product Line Workshop

This 2005 report summarizes discussions and presentations from the Seventh Department of Defense (DoD) Product Line Practice Workshop.

03/01/2005

Software Process Improvement Journey: IBM Australia Application Management Services

This 2004 report describes the history and experiences of the process improvement initiatives that transformed the AMS Australia organization.

02/01/2005

Large-Scale Work—Part I: The Organization

02/01/2005

Architecture Business Cycle Revisited: A Business Goals Taxonomy to Support Architecture Design and Analysis, The

The Architecture Business Cycle Revisited: A Business Goals Taxonomy to Support Architecture Design and Analysis

02/01/2005

Only Leaders Need Apply

02/01/2005

Internet Denial of Service: Attack and Defense Mechanisms

Internet Denial of Service sheds light on a complex form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide.

01/01/2005

Using Architecture-Centric Methods within Plan Driven and Agile Software Development Processes

Presented: January 2005

01/01/2005

A Personal Quality Strategy

01/01/2005

Analyses of more than 1350 findings drawn from 663 Software CMM appraisals suggest several areas where both managers and engineers would benefit from better guidance about the proper use of measurement and analysis.

09/01/2004

Software Product Line Adoption Roadmap

This 2004 report introduces the Adoption Factory pattern, which provides a generic roadmap to guide a manageable, phased product line adoption strategy.

09/01/2004

Roadmap of Risk Diagnostic Methods: Developing an Integrated View of Risk Identification and Analysis Techniques, A

09/01/2004

Risk Based Diagnostics

The SEI has constructed a tentative "roadmap" for personnel involved in the systems and software acquisition community. This report describes the characteristics that determine whether a risk diagnostic method qualifies for the roadmap.

09/01/2004

Integrating Software-Architecture-Centric Methods into Extreme Programming (XP)

The report presents a summary of XP (Extreme Programming) and examines the potential uses of the SEI's architecture-centric methods.

09/01/2004

Creating and Using Software Architecture Documentation Using Web-Based Tool Support

This report describes a design prototype that demonstrates a web-based approach to creating, communicating, and using software architecture throughout the life of the system.

08/30/2004

Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools

Presented at the Third Software Product Line Conference (2004)

07/01/2004

Integrating the Quality Attribute Workshop (QAW) and the Attribute-Driven Design (ADD) Method

This technical note reports on a proposal to integrate the SEI Quality Attribute Workshop (QAW) and the SEI Attribute-Driven Design (ADD) method.

07/01/2004

Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management, The

This report describes the critical success factor method and presents various theories and experience in applying it to enterprise security management.

07/01/2004

Integrating Software-Architecture-Centric Methods into the Rational Unified Process

This report presents a summary of the RUP (Rational Unified Process) and examines the potential uses of the SEI's architecture-centric methods.

05/26/2004

Networked Technologies: The Role of Networks in the Diffusion and Adoption of Software Process Improvement (SPI) Approaches

Social networks play a key role in the adoption and diffusion of software process improvement as a networked technology. This panel addressed actual examples of SPI networks and identified key characteristics of and roles in these emergent networks.

05/26/2004

Software Patents: Innovation or Litigation?

This paper summarizes the scope of patent protection in the European Union, the United States, and Japan. In doing so, it examines the patentability of computer software as inventions allowed under E.U. and U.S. patent law.

05/14/2004

Human Aspects of Software Engineering

This book details software engineering from the perspective of those involved in the software development process: individuals, teams, customers, and the organization.

05/01/2004

Why Isn't Someone Coding Yet (WISCY)?

Presented: May 2004

05/01/2004

Survivable Functional Units: Balancing an Enterprise's Mission and Technology

This 2004 report describes a way to think about enterprise networks and is intended to aid system administrators so that they can more easily see how technology supports the enterprise’s mission.

05/01/2004

Advanced Engineering Environments for Small Manufacturing Enterprises: Volume II

This report documents the Self-Assessment Tool for Engineering Environments (SAT-EE) and the Self-Assessment Tool for Engineering Tool Capabilities (SAT-ETC).

04/01/2004

Documenting Component and Connector Views with UML 2.0

This 2004 report explores how changes in UML 2.0 affect UML's suitability for documenting component and connector views.

03/03/2004

Achieving Product Qualities Through Software Architecture Practices

Presented: March 2004

03/01/2004

Benchmarking for Improvement in Army Acquisition

03/01/2004

The Quality Attitude

03/01/2004

Integrated Approach to Software Process Improvement at Wipro Technologies: veloci-Q, An

This report details Wipro's process improvement activities and evolution of processes and systems over a period of time.

Software Product Lines: Experiences from the Sixth DoD Software Product Line Workshop

This 2004 report summarizes the presentations and discussions from the Sixth Department of Defense (DoD) Product Line Practice Workshop in September 2003.

03/01/2004

A Study of Product Production in Software Product Lines

This 2004 report presents the results of a study that focused on how product line organizations create products.

03/01/2004

Advanced Information Assurance Handbook

This handbook helps technical staff members who are charged with administering and securing information systems and networks.

01/01/2004

Eight Architecture Lessons from History

This 2004 whitepaper offers eight lessons from history for the software architecture field, drawn from peer fields i.e. Military, Civil, Finance, Mathematics, Astronomy, Social and Medical.

01/01/2004

Integrating Architecture Methods: The Case of the ATAM and the CBAM

01/01/2004

What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?

01/01/2004

COTS Acquisition Evaluation Process: Preacher's Practice

This paper outlines a successful effort to apply COTS-based engineering principles to a software acquisition by various groups at the SEI.

SACAM: The Software Architecture Comparison Analysis Method

The report outlines the first version of the Software Architecture Comparison Analysis Method (SACAM). This method was created to provide rationale for an architecture selection process by comparing the fitness of architecture candidates for required systems.

12/01/2003

Organizational Models for Computer Security Incident Response Teams (CSIRTs)

This 2003 report describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it.

11/01/2003

Real-Time Application Development with OSEK: A Review of the OSEK Standards

This 2003 report examines the OSEK OS, OSEK COM, and OSEK OIL specifications from the perspective of a real-time application developer.

11/01/2003

Architecture Reconstruction of J2EE Applications: Generating Views from the Module Viewtype

This report outlines the application of architecture reconstruction techniques to the Sun Microsystems' Duke's Bank system- Java2 Platform, Enterprise Edition/Enterprise JavaBeans (J2EE/EJB) application implemented mainly in Java.

10/01/2003

State of the Practice of Computer Security Incident Response Teams (CSIRTs)

This 2003 report provides an objective study of the state of the practice of incident response, based on information about how CSIRTs around the world are operating.

10/01/2003

Quality Attribute Workshops (QAWs), Third Edition

This report describes the newly revised QAW (Quality Attribute Workshop) and describes potential uses of the refined scenarios generated during it.

09/12/2003

Reusable Security Requirements

presentation from RE'2003 RHAS'03 Workshop, September 12, 2003

09/01/2003

Rethinking the Software Life Cycle

09/01/2003

The Business Case for Requirements Engineering

presentation from RE'2003 RHAS'03 Workshop, September 12, 2003

09/01/2003

The Man with the Plan

09/01/2003

Use Care When Reading Email with Attachments

09/01/2003

This 2003 report documents a recent investigation which characterized the technical and programmatic risks in reusing significant quantities of legacy Ada code in a new system.

07/01/2003

Documenting Software Architectures in an Agile World

07/01/2003

International Liability Issues for Software Quality

This 2003 report focuses on international law related to cybercrime, international information security standards, and software liability issues as they relate to information security for critical infrastructure applications.

Interactions Among Techniques Addressing Quality Attributes

This report provides software architects a chart for determining the relationships among techniques that promote different architectural qualities.

06/01/2003

The Evolution of Product Line Assets

The focus of this 2003 technical report is how evolutionary changes affect the various types of assets in a software product line.

05/19/2003

The SAE Avionics Architecture Description Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering

The AADL standard will include a UML profile useful for avionics, space, automotive, robotics and other real-time concurrent processing domains including safety critical applications.

05/03/2003

Architecture, Design, Implementation

Architecture, design, and implementation are used informally in partitioning software specifications into three coarse strata of abstraction. These strata are not well-defined in either research or practice, causing miscommunication and needless debate.

04/19/2003

Software Architecture in Practice (2nd Edition)

This book provides an easily accessible overview of software architecture. Anyone requiring a comprehensive overview of the software architecture field will benefit from this book.

04/01/2003

Handbook for Computer Security Incident Response Teams (CSIRTs)

This 2003 document provides guidance on forming and operating a CSIRT, and helps an organization to define and document the nature and scope of a computer security incident handling service, which is the core service of a CSIRT.

Rules of Thumb for the Use of COTS Products

This 2002 report provides information to help guide decisions about when COTS products are an appropriate solution—and when they are not.

12/01/2002

The CBAM (Cost Benefit Analysis Method) extends the ATAM framework to elicit and model costs, benefits, and uncertainty.

09/02/2002

A Report on the May 2002 CMMI Workshop

This report summarizes the results of the CMMI Workshop held May 7-8, 2002.

09/01/2002

Evolution of Quality Attribute Workshops as an Architecture-Evaluation Technique, The

The Evolution of Quality Attribute Workshops as an Architecture-Evaluation Technique

An Application of an Iterative Approach to DoD Software Migration Planning

This 2002 report outlines the early results of an approach to support software migration planning that focused on deriving actionable plans for focus areas that were identified in an initial increment of an overall migration plan.

09/01/2002

Product Line Production Planning for the Home Integration System Example

This 2002 technical note examines the significant characteristics of the production plans of three hypothetical organizations that create product lines of home integration systems.

09/01/2002

Making Architecture Design Decisions: An Economic Approach

This report describes the improvements to the CBAM (Cost Benefit Analysis Method) and provides a pilot case study conducted with NASA.

08/01/2002

Model-Based Verification: An Engineering Practice

This 2002 report summarizes MBV and outlines the responsibilities of engineers engaged in Model-Based Verification.

08/01/2002

Illuminating the Fundamental Contributors to Software Architecture Quality

This 2002 report presents the basic concepts of analysis models for two quality attributes-modifiability and performance, identifies a collection of tactics that can be used to control responses within those models, and discusses how to analyze the models in terms of these tactics.

07/09/2002

Managing Information Security Risks: The OCTAVE Approach

This book provides organizations with a systematic way to evaluate and manage their information security risks through the use of the OCTAVE approach.

07/01/2002

Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations

This 2002 paper reports on the study of the Industry/University group (a subgroup of the Working Group on Software Engineering Education and Training) to investigate active collaborations between companies and universities in which non-software professionals and practitioners who lack formal software education are reeducated to become software engineers.

This 2002 report outlines details of past and current architecture reconstruction work on several systems at Nokia.

03/01/2002

Software Acquisition Capability Maturity Model (SA-CMM) Version 1.03

This 2002 version of the SA-CMM incorporates change requests that have been received, as well as the results of lessons learned from conducting appraisals and from the use of Version 1.02.

01/01/2002

Model-Based Verification: Guidelines for Generating Expected Properties

This report presents a basic set of guidelines to facilitate the generation of expected properties in the context of Model-Based Verification.

01/01/2002

Documenting Software Architecture: Documenting Behavior

This report describes ways to document the behavior of systems, subsystems, and components of software architecture.

12/20/2001

Winning with Software: An Executive Strategy

Watts S. Humphrey shows corporate executives and senior managers how to gain control of a software operation and to transform it into a professional businesslike function.

This 2001 report provides a practical introduction to product line requirements modeling and describes product line analysis in the context of product line development.

Quality Attribute Design Primitives

This report addresses mechanisms that significantly affect quality attribute behavior and have sufficient content for analysis.

12/01/2000

Improving Predictability in Embedded Real-Time Systems

This 2000 paper discusses a model-based architectural approach for improving predictability of performance in embedded real-time systems.

12/01/2000

Third DoD Product Line Practice Workshop Report

This report synthesizes the presentations and discussions of the Third Department of Defense Product Line Practice Workshop held in March 2000.

10/01/2000

Application of the Architecture-Based Design Method to the Electronic House, An

This report elaborates an example of the application of the ABD (Architecture-Based Design) method to designing software architecture.

10/01/2000

Simplex Architecture Performance and Cost

The Simplex Architecture facilitates the building of dependable and upgradable real-time systems. Before using the technology, potential users want to know more about the costs of adopting the Simplex paradigm compared to the benefits of using it. This paper examines Simplex performance and the costs associated with its use.

09/01/2000

ATAM: Method for Architecture Evaluation

This report presents technical and organizational foundations for performing architectural analysis, and presents the SEI's ATAM, a technique for analyzing software architectures.

09/01/2000

An Evaluation Theory Perspective of the Architecture Tradeoff Analysis Method (ATAM)

The target, evaluation criteria, yardstick, data-gathering techniques, synthesis techniques and evaluation process of ATAM are identified and analyzed in this report.

08/01/2000

Active Reviews for Intermediate Designs

This paper describes ARID, a piloted software design review technique.

08/01/2000

Improving the Acquisition of Software Intensive Systems

The SEI surveyed senior acquisition managers about the performance of their organizations, especially on skills and competencies, and issues surrounding the training needed to develop them. The results of the survey are presented in this report.

06/01/2000

Quality Attribute Workshop

06/01/2000

Cybersleuthing: Means, Motive, and Opportunity

06/01/2000

Moving the Goal Posts

05/01/2000

Modeling the Space Shuttle Liquid Hydrogen Subsystem

This 2000 report describes experiences with modeling the liquid hydrogen subsystem of the space shuttle.

Basic Concepts of Product Line Practice for the DoD

This 2000 report provides background information to a series of SEI reports designed to provide concise and usable information about product line acquisition practices.

02/01/2000

Fourth Product Line Practice Workshop Report

This report synthesizes the results of the 1999 Product Line Practice Workshop, which described practices and issues associated with tool support for software product lines.

01/01/2000

The Architecture Based Design Method

This paper presents the Architecture Based Design (ABD) method for designing the high-level software architecture for a product line or long-lived system.

01/01/2000

Quality Attribute Workshop Participants Handbook

This report describes the 1) process we use to conduct QAW (Quality Attribute Workshop), 2) information required, 3) suggested tools, and 4) expected outcomes of QAWs.

12/07/1999

Competing in the Software Age

A presentation by Watts Humphrey

Attribute-Based Architectural Styles

This report establishes a common format for documenting ABASs in the hope that they will become the foundation for anyone who is doing system design and analysis.

10/01/1999

Architectural Evaluation of Collaborative Agent-Based Systems

This report identifies features in agent-based systems that could be used to classify agent-system architectures and to guide the generation of scenarios applicable to these architectures.

10/01/1999

Second DoD Product Line Practice Workshop Report

This report synthesizes the workshop presentations and discussions of the Second DoD Product Line Practice Workshop, held in March 1999.

10/01/1999

Software Acquisition Risk Management Key Process Area (KPA): A Guidebook Version 1.02

This report provides guidelines for implementing a software acquisition risk management program that satisfies the goals of the ARM KPA of the SA-CMM.

09/01/1999

The Net Effects of Product Lines

09/01/1999

Perils and Joys of Reconstructing Architectures, The

The Perils and Joys of Reconstructing Architectures

Getting Management Support for Process Improvement

08/01/1999

Guidelines for Developing a Product Line Concept of Operations

This 1999 report provides guidelines for an organization that is developing a CONOPS document.

08/01/1999

Simplex in a Hostile Communications Environment: The Coordinated Prototype

This report describes an approach to using Simplex to construct a COTS-based computer system capable of coordinated real-time motion control in a hostile communications environment.

07/01/1999

Architecture Tradeoff Analyses of C4ISR Products

This report describes how various C4ISR products can be used in the context of an ATAM evaluation and their relative value for generating quality attribute-specific scenarios required for an ATAM evaluation.

Your Date or Mine?

09/01/1998

Are Software Architects Like Building Architects?

09/01/1998

Security Matters – Doesn't It?

09/01/1998

Model-Based Verification: A Technology for Dependable System Upgrade

This 1998 report outlines the technological foundations of model-based verification for engineering software system upgrades.

08/01/1998

The Architecture Tradeoff Analysis Method

07/01/1998

Mapping MetaH into ACME

This 1998 report explores the translation of MetaH into ACME.

07/01/1998

Software Acquisition Improvement Framework (SAIF) Definition

This 1998 document discusses rationale behind the need for the Software Acquisition Improvement Framework (SAIF), the elements constituting the SAIF, and the intended operational usage of the SAIF.

06/15/1998

View Extraction and View Fusion in Architectural Understanding

This paper presents a workbench for architectural extraction called Dali, and shows how Dali supports flexible extraction and fusion of architectural information. Its use is described through two extended examples of architectural reconstruction.

05/01/1998

Report on the Second International Workshop on Development and Evolution of Software Architectures for Product Families

This report summarizes the discussions and outcomes of the Second International Workshop on Development and Evolution of Software Architectures for Product Families, held in February 1998.

05/01/1998

DoD Product Line Practice Workshop Report

This report synthesizes the results of the 1998 product line workshop that described selected practices and identified barriers and enablers to achieving these practices within the DoD.

05/01/1998

Steps in an Architecture Tradeoff Analysis Method: Quality Attribute Models and Analysis

This paper presents some of the steps in an emerging architecture tradeoff analysis method (ATAM).

04/01/1998

Assessment of CORBA and POSIX Designs for FAA En Route Resectorization

This report addresses the use of different technologies and an architectural tradeoff approach on a typical En Route system problem.

04/01/1998

Second Product Line Practice Workshop Report

This 1998 report synthesizes the presentations and discussions from the Second SEI Product Line Practice Workshop, held in November 1997.

03/09/1998

Assessing Architectural Complexity

This paper describes a system, called IAPR, that aids in architectural exploration and measurement by attempting to match patterns to an architecture.

02/10/1998

Software Process Improvement: Practical Guidelines for Business Success

This book shows you how to develop a preventive culture of disciplined software process improvement within an organization in order to control the quality of its software products.

01/01/1998

Study in the Use of CORBA in Real-Time Settings: Model Problems for the Manufacturing Domain, A

In this report, we describe the application of an off-the-shelf ORB to two real-time model problems.

01/01/1998

Requirements for Integrating Software Architecture

This paper discusses the requirements and a generic framework for the integration of architectural and code-based reengineering tools. It was presented at the 1998 Working Conference on Reverse Engineering, Honolulu HI, October 1998 and was written by Rick Kazman, S. G. Woods, and S. J. Carriere.

11/10/1997

Classifying Architectural Elements as a Foundation for Mechanism Matching

This paper presents a set of well known but informally described software architectural elements used in system composition, and taxonomizes them under a basic set of characteristic features.

11/10/1997

An Approach to Software Architecture Analysis for Evolution and Reusability

This paper presents an approach to capturing and assessing software architectures for evolution and reuse. The approach consists of a framework for modeling various types of relevant information and a set of architectural views for reengineering, analyzing, and comparing software architectures.

10/01/1997

Playing Detective: Reconstructing Software Architecture from Available Evidence

This paper presents Dali, an open, lightweight workbench that aids an analyst in extracting, manipulating, and interpreting architectural information.

08/01/1997

Software Acquisition Process Maturity Questionnaire

This 1997 report contains a software acquisition process maturity questionnaire, intended for those interested in learning about and performing software acquisition process appraisals.

08/01/1997

Workshop on the State of the Practice in Dependably Upgrading Critical Systems

This report describes the results of the Workshop on the State of the Practice in Dependably Upgrading Critical Systems held April 16-17, 1997 at the Software Engineering Institute.

07/01/1997

Perspective on the State of Research in Fault-Tolerant Systems, A

This 1997 report presents a perspective on research in fault tolerance as it relates to dependability in software-based systems and attempts to describe the current state of, and outline future directions for, this broad research field.

06/01/1997

Product Line Practice Workshop Report

This 1997 report synthesizes the presentations and discussions from the 1996 SEI Product Line Practice Workshop.

05/01/1997

Estimating With Objects - Part XI

This column is the last in a series about estimating. This column describes some data on how the PROBE method that is described in these articles has helped engineers make better estimates and do better work.

05/01/1997

Principles for Evaluating the Quality Attributes of a Software Architecture

This report describes a few principles for analyzing a software architecture to determine if it exhibits certain quality attributes.

04/01/1997

Estimating With Objects - Part X

This column is the tenth in a series about estimating. This column concludes the discussion of how object-oriented techniques can help you estimate and plan your work.

03/03/1997

Estimating With Objects - Part IX

This column is the ninth in a series about estimating. This column continues the discussion of how object-oriented techniques can help you to estimate and plan your work.

02/03/1997

Estimating With Objects - Part VIII

This column is the eighth in a series about estimating. This column continues the discussion of how to make software estimates.

01/02/1997

Estimating With Objects - Part VII

This column is the seventh in a series about estimating. This column continues the discussion of how to make software estimates.

01/01/1997

Recommended Best Industrial Practice for Software Architecture Evaluation

This report details the results of two workshops on software architecture evaluation, held at the SEI in 1996.

12/02/1996

Estimating With Objects - Part VI

This column is the sixth in a series about estimating. It continues the discussion of how to make size estimates.

12/01/1996

Software Acquisition Capability Maturity Model

This 1996 version of the SA-CMM incorporates the results of lessons learned from the use of Version 1.0.

11/01/1996

Managing Technical People: Innovation, Teamwork, and the Software Process

Drawing on the author's extensive experience as a senior manager of software development at IBM, this book describes proven techniques for managing technical professionals.

11/01/1996

Estimating With Objects - Part V

This column is the fifth in a series about estimating. It continues the discussion of how to make size estimates.

11/01/1996

Scenario-Based Analysis of Software Architecture

This paper presents an experiential case study illustrating the methodological use of scenarios to gain architecture-level understanding and predictive insight into large, real-world systems in various domains.

11/01/1996

Investment Analysis of Software Assets for Product Lines

This 1996 report introduces an approach that will help managers make resource allocation decisions.

10/01/1996

Estimating With Objects - Part IV

This column is the fourth in a series about estimating. It continues the discussion of how to make size estimates.

09/02/1996

Estimating With Objects - Part III

08/01/1996

Estimating With Objects - Part II

This is the second of a series of columns on software project estimating. It discusses program size and it provides a general background for all the columns to follow.

07/01/1996

Estimating With Objects - Part I

This column starts a series on estimating. In this first column, Watts Humphrey talks about why one should make estimates and then briefly discusses the elements of estimating.

06/01/1996

Transitioning Domain Analysis: An Industry Experience

This report provides an industry example in the planning and execution of a research project using feature-oriented domain analysis (FODA).

03/15/1996

Survey of Architecture Description Languages. A

This paper summarizes a taxonomic survey of ADLs that is in progress. This paper summarizes a taxonomic survey of ADLs that is in progress. Preliminary results allow conclusions to be drawn about what constitutes an ADL, and how contemporary ADLs differ.

03/01/1996

Gadfly: An Approach to Architectural-Level System Comprehension, The

This paper describes the Gadfly, an approach for developing narrowly-focused, reusable domain models that can be integrated and (re)used to aid in the process of top-down system comprehension.

03/01/1996

Credibility and Commitment

This 1996 whitepaper explores how an organization can gain credibility by realistically planning work based on historical performance.

02/01/1996

State of the Practice Report: Problems in the Practice of Performance Engineering

As systems have performance requirements, sometimes dominant and explicit, and other times subordinate and implicit. Despite the pervasiveness and importance of performance requirements, performance problems persist. To help us understand why, we sponsored a workshop in performance engineering and conducted some structured interviews with software contractors. This report summarizes our observations.

02/01/1996

Software Architecture: An Executive Overview

This report summarizes software architecture for an intended audience of mid to senior level management.

01/01/1996

Tool Support for Architecture Analysis and Design

This position paper first presents a set of requirements that an ideal tool for architectural design and analysis, and then presents a tool—called SAAMtool—that meets most, but not all, of these requirements.

01/01/1996

Coming Attractions in Software Architecture

This 1996 report identifies a set of promising lines of research related to software architecture and architecture-based system development.

12/01/1995

Quality Attributes

This report describes efforts to develop a unifying approach for reasoning about multiple software quality attributes.

11/15/1995

From Subroutines to Subsystems: Component-Based Software Development

This whitepaper provides a conceptual overview of component-based software development (CBSD) and discusses how CBSD is changing the way large software systems are developed.

09/15/1995

Formal Methods in Describing Architectures

This paper presents Modechart, a specification language for hard-real-time embedded computer systems developed at the University of Texas at Austin. It presents the Modechart paradigm as an example of a fruitful trend for ADL research.

09/01/1995

Distributed System Design Using Generalized Rate Monotonic Theory

This 1995 paper reviews the rate monotonic scheduling theory, examines the architectural requirements for the use of the theory, and provides an application example.

07/01/1995

A Software Architecture for Dependable and Evolvable Industrial Computing Systems

This paper gives a brief overview of the underlying technologies of the Simplex architecture, which was developed to support safe and reliable online upgrade of hardware and software components.

06/01/1995

OOD Paradigm for Flight Simulators (2nd Edition), An

This report presents a paradigm for object-oriented implementation of flight simulators. It is a result of work on the ADA Simulator Validation Program (ASV) carried out by members of the technical staff at the SEI.

05/01/1995

DoD Software Measurement Pilot: Applying the SEI Core Measures, A

This 1994 report discusses the results of a DISA pilot effort to assess the issues involved in implementing a software measurement program across multiple sites and projects.

04/14/1995

An Architectural Analysis Case Study:Internet Information Systems

This paper presents a method for analyzing systems for nonfunctional qualities from the perspective of their software architecture and applies this method to the field of Internet information systems (IISs).

04/14/1995

Understanding Architectural Influences and Decisions in Large-System Projects

This paper discusses the approach taken in a pilot study to uncover the correlation, if any, between architectural influences and architectural decisions in large-scale, software-intensive development projects.

04/14/1995

Features of Architecture Description Languages

This 1995 whitepaper provides an overview of Architecture description languages (ADLs), an emerging notation for software architecture models.

03/01/1995

Case Study in Assessing the Maintainability of Large, Software-Intensive Systems, A

This paper presents a case study in assessing the maintainability of a large, software intensive system. The techniques used are described, and their strengths and weaknesses discussed.

12/01/1994

Characteristics of Higher Level Languages for Software Architecture

System designers use two primary ways of defining software architecture; this paper explains why neither alternative is adequate.

11/15/1994

Software Architecture Renaissance, The

The increasing importance of software in systems is also driving the software architecture renaissance. This article provides a brief overview of some important architecture related efforts.

11/01/1994

Toward Deriving Software Architectures from Quality Attributes

08/01/1994

Experience with a Course on Architectures for Software Systems, Part II: Educational Materials

04/01/1994

Rate Monotonic Analysis for Real-Time Systems: Instructor's Guide

This report helps instructors teach rate monotonic analysis (RMA) to graduate and undergraduate software, computer, and electrical engineering students.

01/01/1994

From Domain Models to Architectures

This whitepaper was presented at the Workshop on Software Architecture, USC Center for Software Engineering, Los Angeles, 1994, by Paul Clements.

01/01/1994

An Introduction to Software Architecture

This paper provides an introduction to the emerging field of software architecture.

12/01/1993

A Taxonomy of Coordination Mechanisms Used in Real-Time Software Based on Domain Analysis

This 1993 proposes a taxonomy of the coordination mechanisms for the synchronization and communication of concurrent processes.

12/01/1993

SEI and NAWC: Working Together to Establish a Software Measurement Program, The

This 1993 report provides examples of an organization struggling to establish a software measurement program in order to help other organizations with setting up their own programs.

10/01/1993

Use of ASN.1 and XDR for Data Representation in Real-Time Distributed Systems, The

This report provides an overview of two standards that are used for data specification and representation in distributed systems.

08/01/1993

Structural Modeling: An Application Framework and Development Process for Flight Simulators-

This paper presents the structural modeling approach, an application framework and development process for the construction of flight simulators.

06/01/1993

Safety-Critical Software: Status Report and Annotated Bibliography

Many systems are deemed safety-critical and these systems are increasingly dependent on software. Much has been written in the literature with respect to system and software safety. This report summarizes some of that literature and outlines the development of safety-critical software. Techniques for hazard identification and analysis are discussed. Further, techniques for the development of safety-critical software are mentioned. A partly annotated bibliography of literature concludes the report.

04/01/1993

Distributed Real-Time System Design: Theoretical Concepts and Applications

This 1993 paper describes the use of generalized rate monotonic scheduling theory for the design and analysis of a distributed real-time system.

03/01/1993

Software Architectures for Shared Information Systems

02/01/1993

Formal Specification and Verification of Concurrent Programs

This 1993 module introduces formal specification of concurrent software and verification of the consistency between concurrent programs and their specifications.

06/01/1992

Application of Feature-Oriented Domain Analysis to the Army Movement Control Domain and Appendices A-I

This report documents an analysis of the army movement control domain performed by the SEI and a team of experts from the army.

02/01/1992

ADA Validation Tests for Rate Monotonic Scheduling Algorithm

This report presents a set of tests for checking whether an ADA runtime system properly supports certain rate monotonic scheduling algorithms, specifically, the basic inheritance and priority ceiling protocols.

02/01/1992

Experience with a Course on Architectures for Software Systems Part I: Course Description

The "software architecture" level of software design was the subject of a course taught at the SEI in 1992. This report presents the motivation for the course, the content and structure of the current version, and plans for improving the next version.

02/01/1992

Conceptual Framework for System Fault Tolerance, A

This document provides vocabulary, discusses system failure, describes mechanisms for making systems fault tolerant, and provides rules for developing fault tolerant systems.

01/01/1992

Reuse-Based Software Development Methodology, A

Kang et al present a reuse-based software development methodology developed by the Software Engineering Institute that is meant to identify the applicability of reusable resources.

12/01/1991

Design Specifications for ADAptive Real-Time Systems

This 1991 report presents a design specification method that treats a software architecture as a set of runtime entities.

10/01/1991

Fault Tolerant Systems Practitioner's Workshop June 10-11, 1991

This 1991 report summarizes workshop discussions about state of the practice in fault tolerant systems and barriers to the deployment of fault tolerant systems.

09/01/1991

Application-Level Implementation of the Sporadic Server, An

The purpose of this paper is to introduce a sporadic server algorithm that can be implemented as an application-level task, and that can be used when no runtime or operating system level implementation of the sporadic server is available.

07/01/1991

Issues in Real-Time Data Management

This 1991 report explores issues related to the use of database management technology in support of real-time systems programming.

03/01/1991

Rate Monotonic Analysis for Real-Time Systems

In this report, we review important decisions in the development of RMA. Our experience indicates that technology transition considerations should be embedded in the process of technology development from the start, rather than as an afterthought.

12/01/1990

Generic Avionics Software Specification

This 1990 report informally specifies the general functions, data interactions, and timing constraints for an avionics mission control computer system typical of those found in some existing U.S. Navy/Marine Corps aircraft.

11/01/1990

Studying Software Architecture Through Design Spaces and Rules

The 1990 report describes a multi-dimensional design space that classifies system architectures.

11/01/1990

Feature-Oriented Domain Analysis (FODA) Feasibility Study

This 1990 report establishes methods for performing a domain analysis and describes the products of the domain analysis process.

11/01/1990

A Design Space and Design Rules for User Interface Software Architecture

This report describes the architecture of user interface systems, using a design space that identifies the key architectural choices and classifies the available alternatives.

07/01/1990

Analysis of Input/Output Paradigms for Real-Time Systems, An

This paper illustrates how to build a mathematical model of the schedulability of a real-time system, taking into consideration such factors as preemption, synchronization, non-preemptibility, interrupts, and process idle time.

06/01/1990

Experiences Porting the Distributed ADA Real-Time Kernel

Boeing Military Airplanes and The Wichita State University became co-acceptors of a copy of DARK for the purpose of demonstrating a port to a 68000-based distributed architecture. This report describes the experiences in accomplishing the port.

06/01/1990

Hartstone Benchmark Results and Analysis

This 1990 report describes the results obtained by running Version 1.0 of the Hartstone benchmark, an ADA implementation of one of the requirements, on a number of compiler/target processor combinations.

06/01/1990

Domain Analysis Bibliography, A

This 1990 document presents a bibliography of references on domain analysis.

05/01/1990

Implementing Sporadic Servers in ADA

This 1990 paper presents the data structures and algorithms for implementing sporadic servers in real-time systems programmed in ADA.

12/01/1989

Comparative Evaluations of Four Specification Methods for Real-Time Systems

This report describes the evaluation of four methods for the specification of system and software requirements for time-critical systems.

09/01/1989

Real-Time Software Engineering in ADA: Observations and Guidelines

This 1989 report presents techniques for controlling devices with Ada and several Ada tasking paradigms for managing concurrency.

06/01/1989

Hartstone: Synthetic Benchmark Requirements for Hard Real-Time Applications

This 1989 paper defines the operational concept for a series of benchmark requirements to be used to test the ability of a system to handle hard real-time applications.

04/01/1989

Real-Time Locking Protocol, A

This 1989 report examines a priority-driven, two-phase lock protocol called the read- or write-priority ceiling protocol.

04/01/1989

Real-Time Scheduling Theory and ADA

This 1989 report reviews important results of a priority-based scheduling theory and discusses implications for the Ada tasking model.

04/01/1989

Implementing Priority Inheritance Algorithms in an ADA Runtime System

This 1989 paper presents a high-level design for implementing the basic priority inheritance and priority ceiling protocols in an ADA runtime system.

04/01/1989

Scheduling Sporadic and Aperiodic Events in a Hard Real-Time System

A real-time system consists of both aperiodic and periodic tasks. Periodic tasks have regular arrival times and hard deadlines. Aperiodic tasks have irregular arrival times and either soft or hard deadlines. In this paper, we present a new algorithm, the Sporadic Server algorithm, that greatly improves response times for soft-deadline aperiodic tasks and can guarantee hard deadlines for both periodic and aperiodic tasks. The operation of the Sporadic Server algorithm, its performance, and schedulability analysis are discussed and compared with previous, published aperiodic service algorithms.

02/01/1989

Performance and Reliability Enhancement of the Durra Runtime Environment

This 1989 report describes a new design for the Durra runtime environment that addresses these two issues.

01/01/1989

Managing the Software Process

This landmark book introduces the author's methods, now commonly practiced in industry, for improving software development and maintenance processes.

12/01/1988

Introduction to Software Verification and Validation

This curriculum module provides an overview needed to understand in-depth curriculum modules in the verification and validation area.

12/01/1988

Formal Verification of Programs

This 1988 module introduces formal verification of programs, dealing primarily with proofs of sequential programs, but also with consistency proofs for data types and deduction of particular behaviors of programs from their specifications. This module introduces formal verification of programs, dealing primarily with proofs of sequential programs, but also with consistency proofs for data types and deduction of particular behaviors of programs from their specifications.

11/01/1988

Real-Time Scheduling Theory and ADA (1988)

This 1988 report reviews results of a priority-based scheduling theory, illustrates its applications with examples, discusses its implications for the Ada tasking model, and suggests workarounds.

11/01/1988

Mode Change Protocols for Priority-Driven Preemptive Scheduling

This 1988 report discusses a protocol for accomplishing mode change in the context of a priority-driven preemptive scheduling environment.

10/01/1988

Functional Performance Specification for an Inertial Navigation System

This 1988 report defines the functional and performance requirements for the inertial navigation system simulator that interfaces with the ECS simulator.

10/01/1988

Functional Performance Specification for an External Computer System Simulator

This 1988 document defines the functional and performance requirements for the ECS simulator that interfaces with the inertial navigation system simulator.

09/01/1988

Perspective on Software Reuse

This report presents a perspective to software reuse in the context of "ideal" development capabilities, which is intended to lead to a reuse strategy for software development.

03/01/1988

A Practical Application of the Ceiling Protocol in a Real-Time System

This paper discusses real-time design issues that arise when using the priority ceiling protocol for real-time systems.

03/01/1988

Priority Ceiling Protocol: A Method for Minimizing the Blocking of High-Priority ADA Tasks, The

The priority ceiling protocol is a new technique that addresses the priority inversion problem. Under the priority ceiling protocol, a high priority task can be blocked at most once by a lower priority task. This paper, written in 1988, defines how to apply the protocol to Ada.

12/01/1987

ADA for Embedded Systems: Issues and Questions

This 1987 report addresses issues and questions related to the use of ADA for embedded systems applications.

12/01/1987

Survey of Real-Time Performance Benchmarks for the Ada Programming Language, A

This 1987 survey provides a summary description of some of the major Ada benchmarks currently available and an evaluation of their applicability to the Real-Time Embedded Systems Testbed Project at the SEI.

12/01/1987

Evolving Persistent Objects in a Distributed Environment

This paper considers a class of objects, called incrementally mutable objects, that are intermediate between mutable and immutable objects.

12/01/1987

Prototype Real-Time Monitor: Executive Summary

This report summarizes the history, goals, and conclusions of the prototype real-time monitor development effort.

12/01/1987

Annual Technical Report for ADA Embedded Systems Testbed Project

This technical report provides an overview of the results produced in the first year of the ADA Embedded Systems Testbed Project (through September 30, 1987).

12/01/1987

ADA Performance Benchmarks on the Motorola MC68020: Summary and Results

This report documents the results obtained from running Ada performance benchmarks on a DEC VAXELN MicroVAX II using the DEC VAXELN Ada compiler.

11/01/1987

VAXELN Experimentation: Programming a Real-Time Periodic Task Dispatcher Using VAXELN ADA 1.1

The purpose of this paper is to provide the reader with some technical information and observations ADA source code, and measurement results based on experimentation with respect to developing a real-time periodic task dispatcher in ADA.

11/01/1987

Prototype Real-Time Monitor: Requirements

The requirements imposed by flight simulators and good software engineering practice on Ada systems force software engineers to seek new solutions to the problem of monitoring executing software. This report examines some of these requirements and, based on these requirements, defines a subset for implementation as a prototype real-time monitor (RTM).

11/01/1987

Prototype Real-Time Monitor: User's Manual

This 1987 report defines the user interface to the prototype real-time monitor (RTM).

11/01/1987

Prototype Real-Time Monitor: Design

11/01/1987

Prototype Real-Time Monitor: ADA Code

This report documents the ADA code of the prototype real-time monitor (RTM).

11/01/1987

Criteria for Constructing and Using an ADA Embedded System Testbed

This report lists criteria used in five aspects of the project: hardware configuration, software configuration, real-time application, ADA real-time experiments, and benchmarking and instrumentation techniques.

10/01/1987

VAXELYN Experimentation: Programming a Real-Time Clock and Interrupt Handling Using VAXELYN ADA 1.1

This report describes the results of implementing an interrupt handler totally in ADA for a MicroVAX II/VAXELN 2.3 target system, the VAXELN 1.1 ADA compiler, and a KWV11-C programmable real-time clock.

06/01/1987

Seeking the Balance Between Government and Industry Interests in Software Acquisition. Volume I. A Basis for Reconciling DoD and Industry Needs for Rights in Software

This 1987 report offers several recommendations for achieving a balanced policy as to government funded software, privately funded software, and mixed funding software that will meet the mission needs of the DoD while enabling contractors to protect their proprietary interests, and commercialize their software products.

01/01/1987

Call: 412-268-2358