Four Pillars for Improving the Quality of Safety-Critical Software-Reliant Systems
(April 2013) This white paper presents an improvement strategy comprising four pillars of an integrate-then-build practice that lead to improved quality through early defect discovery and incremental end-to-end validation and verification.

Measuring Assurance Case Confidence Using Baconian Probabilities
(March 2013) The basis for assessing the validity of an assurance case is an active area of study. In this paper, we discuss how to assess confidence in a case by considering the doubts eliminated by the claims and evidence in a case. This is an application of eliminative induction and the notion of Baconian probability as put forward by L. Jonathan Cohen.

Eliminative Induction: A Basis for Arguing System Confidence
(March 2013) Assurance cases provide a structured method of explaining why a system has some desired property, e.g., that the system is safe. But there is no agreed approach for explaining what degree of confidence one should have in the conclusions of such a case. In this paper, we use the principle of eliminative induction to provide a justified basis for assessing how much confidence one should have in an assurance case argument.

Cyber Intelligence Tradecraft Project: Summary of Key Findings
(February 2013) The Software Engineering Institute (SEI) Innovation Center at Carnegie Mellon University is studying the state of cyber intelligence across government, industry, and academia. This study, known as the Cyber Intelligence Tradecraft Project (CITP), seeks to advance the capabilities of organizations performing cyber intelligence by elaborating on best practices and prototyping solutions to shared challenges.

Arabic Language Translation of CMMI for Services V1.3
(November 2012) Arabic translation of CMMI-SVC V1.3

Traditional Chinese Language Translation of CMMI for Development V1.3
(June 2012) CMMI-DEV V1.3 Traditional Chinese Translation

Japanese Language Translation of CMMI for Development, V1.3
(May 2012) Japanese Language Translation of CMMI for Development, V1.3

Spanish language translation of CMMI for Development, v1.3
(May 2012) Spanish language translation of CMMI for Development, v1.3

Deriving Software Security Measures from Information Security Standards of Practice
(February 2012) This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security.

German language translation of CMMI for Development, V1.3
(November 2011) CMMI Dev V1.3 German language translation

Dutch language translation of CMMI for Development V1.3
(October 2011) This document is the Dutch language translation of CMMI-DEV V1.3.

French language translation of CMMI for Development, V1.3
(August 2011) This is The French language translation of CMMI for Development, V1.3.

Keeping Your Family Safe in a Highly Connected World
(August 2011) Because of the anonymity provided by networked devices, our families are more likely to be attacked, be victims of theft, be subjected to inappropriate people or materials, or become involved unknowingly in illegal activities over a networked device than they are in person. This document discusses various dangers to be aware of and safeguards to reduce the risk of these dangers.

Which CMMI Model Is for You?
(August 2011) A short white paper that provides guidance on selecting the best CMMI model for process improvement.

Software Assurance for System of Systems
(May 2011) Justified confidence in system and SoS behavior requires software assurance theories and principles that don’t exist today. New theories can be used to make the assurance process more effective.

Managing Technical Debt in Software-Reliant Systems
(April 2011) This whitepaper argues that there is an opportunity to study and improve the “technical debt” metaphor concept and offers software engineers a foundation for managing such trade-offs based on models of their economic impacts.

Analysis and Management of Architectural Dependencies in Iterative Release Planning
(April 2011) Authors assert that the ability to quantify architecture quality with measurable criteria provides engineering guidance for iterative release planning

Employing SOA to Achieve Information Dominance
(April 2011) SEI research will enable the Navy to to develop service-oriented systems that address information dominance priority requirements.

Architectures for the Cloud: Best Practices for Navy Adoption of Cloud Computing
(April 2011) The goal of SEI research is to create best practices for architecture and design of systems that take advantage of the cloud, leading to greater system quality from both a consumer and provider perspective-.

Enabling Agility Through Architecture
(December 2010) Enabling Agility Through Architecture: A Crosstalk article by Nanette Brown, Rod Nord, and Ipek Ozkaya.

Executive Overview: Employing SOA to Achieve Information Dominance
(November 2010) The current ability to implement systems in the DoD based on service-oriented architecture (SOA) technologies falls short of the DoD's goals. To close the gaps in these areas, research is needed in SOA security, semantic SOA, context-aware applications, and real-time SOA.

Executive Overview: Best Practices for Adoption of Cloud Computing
(November 2010) This paper describes the SEI approach to cloud computing research for the DoD.

Cloud Computing Basics Explained
(September 2010) This paper seeks to help organizations understand cloud computing essentials, including drivers for and barriers to adoption, in support of making decisions about adopting the approach.

Primer on SOA Terms
(September 2010) This white paper presents basic terminology related to Service- Oriented Architecture (SOA). The goal of the paper is to establish a baseline of terms for service-oriented systems.

Exploring Acquisition Strategies for Adopting a Software Product Line
(August 2010) Some basics of software product line practice, the challenges that make product line acquisition unique, and three basic acquisition strategies are all part of this white paper.

The Illusion of Certainty - Paper
(May 2010) In this 2010 paper, Grady Campbell - delivered at the 7th Acquisition Research Symposium - argues that a new approach to acquisition is needed that recognizes that hiding uncertainty is detrimental to success.

Edge Enabled Systems
(May 2010) This paper describes the characteristics of edge systems and the edge organizations in which these systems operate, and make initial recommendations about how such systems and organizations can be created to serve the needs of users at the edge.

The Hard Choices Game Explained
(May 2010) The Hard Choices game is a simulation of the software development cycle meant to communicate the concepts of uncertainty, risk, options, and technical debt. In the quest to become market leader, players race to release a quality product to the marketplace. By the end of the game, everyone has experienced the implications of investing effort to gain an advantage or of paying a price to take shortcuts, as they em-ploy design strategies in the face of uncertainty.

Maximizing your Process Improvement ROI through Harmonization
(May 2010) This white paper is an executive overview of the business value in harmonizing process improvement efforts when multiple improvement technologies, models and standards are in use. It proceeds with an overview of a harmonization approach that reaches from strategy to tactics and connects enterprise and discipline specific improvement.

Evaluating Software's Impact on System and System and System of Systems Reliability
(April 2010) System engineers are uncertain about how to determine the impact of software on overall system reliability – particularly when attempting to evaluate the impact of software on system of systems (SoS) reliability. New guides are needed to better deal adequately with aspects of systems and SoS reliability.

Portuguese language translation of CMMI for Development, V1.2
(March 2010) This is the Portuguese language translation of CMMI for Development, V1.2.

Industry Standard Notation for Architecture-Centric Model-Based Engineering
(January 2010) The SAE International Architecture Analysis & Design Language (AADL) integrates concepts from research in software architecture into an international standard suite for modeling and analyzing the architecture of the operational software, the computer system, and the mission system of safety-critical, performance-critical, and mission-critical software-reliant systems in order to facilitate next-generation industrial model-based embedded systems engineering practice.

Acquisition Archetype: Shooting the Messenger
(January 2010) When problems are detected in programs, everyone needs to listen and work together towards a solution. Shooting the messenger only delays the process, and hurts program morale.

An Everyday Example of Architecture Documentation: Subway Maps
(November 2009) This white paper explores the idea that subway maps provide a good, common example of architecture documentation and that they might be instructive about good software architecture documentation,

The Economics of CMMI
(October 2009) This paper provides practical guidance for CMMI adopters in the effective use of CMMI, based upon established NDIA principles.

Acquisition Archetypes: Happy Path Testing
(October 2009) When time and budget are tight, it's tempting to follow the "happy path" in testing. But be careful: it may be a path that brings your program great unhappiness.

Acquisition Archetypes: Brooks' Law
(October 2009) This April 2009 whitepaper focuses on the problems of underspending, which can result in funds being shifted from one acquisition program to another.

CMMI and Medical Device Engineering
(September 2009) This paper summarizes the comparison performed between the CMMI and the regulations and standards that drive software intensive medical device product development.

German language translation of CMMI for Development, V1.2
(July 2009) The German language translation of CMMI for Development, V1.2 was sponsored by Pearson Education Deutschland GMBH. The translation of CMMI-DEV, v1.2 was performed by a team sponsored by Pearson Education Deutschland GMBH and verified by an independent verification & validation team made up of members of the German CLIB. The CLIB coordination team consisted of Carsten Skerra, Winfried Russwurm, and Eberhard Hübner.

Revealing Cost Drivers for Systems Integration and Interoperability Through Q Methodology
(June 2009) The findings suggest that Q Methodology may prove helpful in isolating many of the non-technical latent cost factors associated with system integration and interoperability.

A Research Perspective on Maintenance and Reengineering of Service-Oriented Systems
(June 2009) This position paper surveys the landscape of service-oriented architecture practice as it pertains to service-orientation maintenance and reengineering.

Spanish language translation of CMMI for Development, V1.2
(June 2009) The Spanish language translation of CMMI for Development, V1.2 was performed by Cátedra de Mejora de Procesos de Software en el Espacio, Iberoamericano de la Universidad Politécnica de Madrid and was verified by Javier Torralba.

Acquisition Archetypes: Robbing Peter to Pay Paul
(April 2009) This April 2009 whitepaper is one in a short series of acquisition failures. This paper focuses on the problems of underspending, which can result in funds being shifted from one program to another.

Acquisition Archetypes: Longer Begets Bigger
(April 2009) Planning for a long development period doesn't always solve acquisition scheduling problems. Sometimes it makes them worse.

Assurance Cases for Design Analysis of Complex System of Systems Software
(April 2009) This paper discusses the application of assurance cases as a means of building confidence that the software design of a complex system of systems will actually meet the operational objectives set forth in the project’s top-level requirements.

Evaluating Hazard Mitigations with Dependability Cases
(April 2009) This 2009 paper presents an example to show the value a dependability case adds to a traditional hazard analysis.

Risk Detection and Mitigation Metrics and Design Check Lists for Real Time and Embedded Systems
(April 2009) A whitepaper by Lui Sha of the University of Illinois and C. Douglass Locke of LC System Services Inc. The paper discusses risk detection and mitigation metrics and design check lists for real time and embedded systems.

Acquisition Archetypes: Everything for Everybody
(March 2009) When projects attempt to please too many customers, complexity mounts, schedules slip, costs expand ... and no one is happy.

The Software Quality Profile
(January 2009) The software community has been slow to use data to measure software quality. This paper discusses the reasons for this problem and describes a way to use process measurements to assess product quality.

Traditional Chinese language translation of CMMI for Acquisition, V1.2
(October 2008) The Traditional Chinese language translation of CMMI for Acquisition, V1.2 was sponsored by the Institute for Information Industry (III), a non-profit organization primarily funded by the Ministry of Economic Affairs in Taiwan. The translation of CMMI-ACQ, V1.2 was performed by III and verified by an independent quality assurance team led by Chaw-Kwei Hung. Other components of the CMMI Product Suite will be available at a later date. (You will need Chinese fonts that support Big5 encoding to view these pages, but not the models.)

Model-Driven Performance Analysis
(October 2008)

Integrating Quality-attribute Reasoning Frameworks in the ArchE Design Assistant
(October 2008) Bachmann et al present their work on a design assistant called ArchE that provides third-party researchers with an infrastructure to integrate their own quality-attribute models.

Traditional Chinese language translation of CMMI for Development, V1.2
(October 2008) The Traditional Chinese language translation of CMMI for Development, V1.2 was sponsored by the Institute for Information Industry (III), a non-profit organization primarily funded by the Ministry of Economic Affairs in Taiwan. The translation of CMMI-DEV, V1.2 was performed by the Information Engineering Institute (IEI) of the III and verified by an independent quality assurance team led by Chaw-Kwei Hung. (You will need Chinese fonts that support Big5 encoding to view these pages, but not the models.)

CMMI for Services V1.2 (Traditional Chinese)
(October 2008) CMMI for Services (CMMI-SVC) is a model that provides guidance to service provider organizations for establishing, managing, and delivering services. The model focuses on service provider processes and integrates bodies of knowledge that are essential for successful service delivery.

Acquisition Archetypes: Staff Burnout and Turnover
(September 2008) Applying more pressure on staff can temporarily increase productivity, but burnout soon sets in.

Acquisition Archetypes: Underbidding the Contract
(September 2008) From the Acquisition Support Program, one in a series of short papers on acquisition patterns of failure. Acquisition Archetype: Underbidding the Contract

Performance Analysis of Real-Time Component
(June 2008) This paper defines extensions and changes to the S-PMIF meta-model and schema required for real-time systems. It describes transformations for both simple, best-case models and more detailed models of concurrency and synchronization.

French language translation of CMMI for Development, V1.2
(June 2008) The French language translation of CMMI for Development, V1.2 was sponsored by Pearson Education France. The translation of CMMI-DEV, V1.2 was performed by Marie-Cécile Bland, Emmanuelle Burr and Florian Ascouët and verified by an independent quality assurance team led by Antoine Nardeze of Alcyonix France - Groupe SQLI.

Leadership and Management in Software Architecture Leadership and Management in Software Architecture
(May 2008) The workshop on Leadership and Management in Software Architecture that took place at ICSE 2008 was focused on understanding these non-technical duties and the type of support an architect should expect from an organization.

The Value of Harmonizing Multiple Improvement Technologies: A Process Improvement Professional's View
(May 2008) This white paper is the first in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to consider.

Strategic Technology Selection and Classification in Multimodel Environments
(May 2008) white paper that was presented at the Hard Questions for Process Improvement in Multimodel Environments Workshop on May 8, 2008

Building Secure Systems Using Model-Based Engineering and Architectural Models
(May 2008) A system designer faces several challenges when specifying security for distributed computing environments or migrating systems to a new execution platform.

Using Model-Based Engineering and Architectural Models to Build Secure Systems
(May 2008) In this paper, the authors present analytical techniques to model and validate security protocols for enforcing confidentiality and integrity.

Acquisition Archetypes: Firefighting
(March 2008) All hands on deck helps put out the immediate blazes threatening projects, but falling into a routine of constant firefighting is not the way to guide a project across the finish line.

Acquisition Archetypes: PMO versus Contractor Hostility
(March 2008) Everyone intends the best in project-driven marriages of PMOs and contractors, but good intentions can't overcome the hostility generated by loss of trust and squabbles in poorly developed relationships.

Acquisition Archetypes: Feeding the Sacred Cow
(March 2008) Some programs take on a life of their own--privileged, and woven into an organization's existence. But when "sacred cow" projects begin to go wrong, that privilege and protection makes fixing them even more difficult.

Improvement Technology Classification and Composition in Multimodel Environments
(March 2008) This paper was presented at the Hard Questions for Process Improvement in Multimodel Environments Workshop on May 8, 2008. This white paper is the third in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to consider.

Process Architecture in a Multimodel Environment
(March 2008) This paper was presented at the Hard Questions for Process Improvement in Multimodel Environments Workshop on May 8, 2008. This white paper is the third in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to consider.

Implementation Challenges in a Multimodel Environment
(March 2008) This paper was presented at the Hard Questions for Process Improvement in Multimodel Environments Workshop on May 8, 2008. This white paper is the third in a five-part series dedicated to examining problems organizations encounter when operating in multimodel environments and the current process improvement approaches such organizations need to consider.

Diagrams and Languages for Model-Based Software Engineering of Embedded Systems: UML and AADL
(December 2007) The tools compared in this discussion, the Unified Modeling Language (UML) and the Architecture Analysis and Design Language (AADL), facilitate the modeling of software architecture and provide elements to understand it.

Common Misconceptions About Service-Oriented Architecture
(November 2007) This 2007 article from Crosstalk magazine suggests ways to more effectively address critical SOA issues that potential users, developers, and acquisition officers may have.

A-Specification for the CMMI Product Suite, version 1.7
(November 2007) The A-Specification for the CMMI Product Suite (A-SPEC) defines the scope, lists applicable documents, defines the requirements the CMMI Product Suite must meet to be considered acceptable, identifies the methods for verifying achievement of the requirements, provides packaging information and general notes.

Acquisition Archetypes: The Bow Wave Effect
(October 2007) From the Acquisition Support Program, one in a series of short papers on acquisition patterns of failure.

Four Pillars of Service-Oriented Architecture
(September 2007) This 2007 SEI whitepaper by Grace Lewis and Dennis B. Smith outlines four pillars to Service-Oriented Architecture (SOA) success.

Business Rules for CMMI Focus Topics
(August 2007) This paper provides guidelines for organizations seeking to publish material related to any CMMI focus topics.

Why Don't They Practice What We Preach?
(July 2007) One of the most intractable problems in software is getting engineers to consistently use effective methods. The Software Engineering Institute has worked on this problem for a number of years and has developed effective methods for addressing it. This paper describes these methods and shows what they have accomplished with several hundred students and working engineers.

SAAM: A Method for Analyzing the Properties of Software Architectures
(May 2007) This paper describes three perspectives by which we can understand the description of a software architecture and proposes a five-step method for analyzing software architectures called SAAM (Software Architecture Analysis Method). It was written by Rick Kazman, Len Bass, Gregory Abowd, and Mike Webb.

Copper Manual, Tutorial, and Specification Grammar
(April 2007) Copper is a software model checker for concurrent message-passing C programs.

Handbook for Conducting SCAMPI B and C Appraisals, Version 1.1 Errata Sheet
(April 2007) This errata sheet logs errors identified since the release of the Handbook for Conducting SCMAPI B and C Appraisals, Version 1.1. Corrections will be released in the next version.

Optimized L*-Based Assume-Guarantee Reasoning
(March 2007) white paper from the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) 2007

Creating Custom Containers with Generative Techniques
(October 2006) Component containers are a key part of mainstream component technologies, and play an important role in separating nonfunctional concerns from the core component logic. This paper addresses two different aspects of containers.

Precise Buffer Overflow Detection via Model Checking
(December 2005) In this paper the authors present an automated overflow detection technique based on model checking and iterative refinement. They discuss advantages, and limitations, of our approach with respect to today’s existing solutions.

Using the OPEN Process Framework to Produce a Situation-Specific Requirements Engineering Method
(September 2005) The OPEN Process Framework (or OPF) is an appropriate focused requirements engineering method (REM) that facilitates the search for a mechanism that will support the flexible creation of a number of tailored REMs from a single base.

Obtaining the Benefits of Predictable Assembly from Certifiable Components (PACC)
(August 2005)

The ComFoRT Reasoning Framework
(July 2005) Model checking is a promising technology for verifying critical behavior of software. However, software model checking is hamstrung by scalability issues and is difficult for software engineers to use directly. ComFoRT addresses both of these challenges.

Word Level Predicate Abstraction and Refinement for Verifying RTL Verilog
(June 2005) This paper proposes to use predicate abstraction for verifying RTL Verilog, a technique successfully used for software verification.

Method Engineering and COTS Evaluation
(May 2005) This position paper argues that a successful COTS evaluation process should be based on the principles of method engineering (ME).

Reflections on Software Agility and Agile Methods: Challenges, Dilemmas, and the Way Ahead
(May 2005) What are the drivers for the burgeoning interest in agile methods? Have these drivers stimulated a similar rethinking on other fronts? What have we discovered? In this 2005 paper, the author takes a reflective stance in order to look at these larger issues and patterns.

A Taxonomy of Security-Related Requirements
(May 2005) This paper addresses the problems associated with a lack of a clear security taxonomy by identifying four different types of security-related requirements, providing them with clear definitions, and placing them within an organizing hierarchical taxonomy.

Industry Best Practices in Achieving Service Oriented Architecture
(April 2005)

Predicate Abstraction with Minimum Predicates
(October 2004) Predicate abstraction is a popular abstraction technique employed in formal software verification. Experiments show that predicate minimization can result in a significant reduction of both verification time and memory usage compared to earlier methods.

A Taxonomy of Safety-Related Requirements
(September 2004) This paper describes a taxonomy of these different kinds of safety-related requirements, and clearly and briefly defines and describes each of the above categories of safety-related requirements.

Measurement and Analysis: What Can and Does Go Wrong?
(September 2004) Analyses of more than 1350 findings drawn from 663 Software CMM appraisals suggest several areas where both managers and engineers would benefit from better guidance about the proper use of measurement and analysis.

Networked Technologies: The Role of Networks in the Diffusion and Adoption of Software Process Improvement (SPI) Approaches
(May 2004) Social networks play a key role in the adoption and diffusion of software process improvement as a networked technology. This panel addressed actual examples of SPI networks and identified key characteristics of and roles in these emergent networks.

Software Patents: Innovation or Litigation?
(May 2004) This paper summarizes the scope of patent protection in the European Union, the United States, and Japan. In doing so, it examines the patentability of computer software as inventions allowed under E.U. and U.S. patent law.

Errata Sheet for CMMI: Guidelines for Process Integration and Product Improvement
(April 2004) This errata sheet logs both content errors and minor implementation errors that have been identified since the release of the book “CMMI: Guidelines for Process Integration and Product Improvement.”

COTS Usage Risk Evaluation Participant’s Overview
(March 2004) This document provides an overview of the three steps of the COTS Usage Risk Evaluation (CURE) that involve participation by the program’s team members. For each step, both the activity and the personnel expected to perform it are discussed.

Conflict Patterns: Toward Identifying Suitable Middleware
(March 2004) This whitepaper describes patterns of interoperability conflicts along with their typical resolution in an effort to present reusable solutions for the design of integration architectures.

System of Systems Software Assurance
(March 2004) This white paper describes SEI investigation into ways to provide justified confidence that a system of systems will behave as needed in its actual and evolving usage environments.

Upgrading from SW-CMM to CMMI
(February 2004) This whitepaper shows how organizations can promptly move from a maturity level of the SW-CMM to the corresponding maturity level of CMMI.

A-Specification for the CMMI Product Suite, version 1.6
(February 2004) The A-Specification for the CMMI Product Suite defines the scope, lists applicable documents, and defines the requirements the CMMI Product Suite must meet to be considered acceptable.

Eight Architecture Lessons from History
(January 2004) This 2004 whitepaper offers eight lessons from history for the software architecture field, drawn from peer fields i.e. Military, Civil, Finance, Mathematics, Astronomy, Social and Medical.

Developing a Communication Strategy for a Research Institute
(October 2003) This 2004 whitepaper presents a communication strategy that defines products and internal processes for optimizing communication with the Software Engineering Institute’s (SEI) most important stakeholders.

Analyzing and Specifying Reusable Security Requirements
(September 2003) A system cannot have high assurance if it has poor security, and thus, requirements for high assurance systems will logically include security requirement as well as availability, reliability, and robustness requirements.

Gobus Toolkit 3 Core - A Grid Service Container Framework
(July 2003) The core infrastructure of Globus Toolkit 3 (GT3 Core) is based on the Open Grid Services Infrastructure (OGSI) primitives and protocols. The main design goal has been to make the OGSI technology easy to use, reuse, and extend when developing new Grid applications.

Organisational Interoperability Maturity Model for C2
(July 2003) A model of organisational interoperability is proposed in this paper which extends the LISI model into the more abstract layers of C2 Support, that is, the C2 Frameworks, C2 Processes and Information Management areas.

Measurement and Analysis in Capability Maturity Model Integration Models and Software Process Improvement
(July 2003) This article reviews the content and rationale behind the new process area and describes how the ideas introduced there are further elaborated and evolved throughout capability maturity model integration models.

Preserving Real Concurrency
(July 2003) In this 2003 whitepaper, the authors make use of information provided by components and extracted from static assembly topologies to faithfully model real concurrency. The result is more effective analysis.

The SAE Avionics Architecture Description Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering
(May 2003) The AADL standard will include a UML profile useful for avionics, space, automotive, robotics and other real-time concurrent processing domains including safety critical applications.

Architecture, Design, Implementation
(May 2003) Architecture, design, and implementation are used informally in partitioning software specifications into three coarse strata of abstraction. These strata are not well-defined in either research or practice, causing miscommunication and needless debate.

Quantifying the Value of Architecture Design Decisions: Lessons from the Field
(January 2003) This paper outlines experiences with using economic criteria to make architecture design decisions.

Distributed Software: From Component Model to Software Architecture
(June 2002) This 2002 whitepaper presents a component model for redeveloping software.

Issues in Predicting the Reliability of Components
(May 2002) This whitepaper presents the design of an experiment that forms the basis of a reliability prediction-enabled component technology (PECT). It also discusses aspects of models that need to be adapted and how they affect the design of the experiment.

The Potential for Synergy Between Certification and Insurance
(April 2002) Because of their affordability and availability, reusable software components have long been a tantalizing IT investment. However, the risks associated with uncertainties about technical attributes and lack of protection against undesirable behaviors often deters their adoption. Certification and insurance are potential approaches to managing these risks.

Is Third Party Certification Necessary?
(April 2002) This paper describes a model for the component marketplace, along with two possible forms that the model may take in order to establish trust among participants in component-based design.

Quality Attribute Design Primitives and the Attribute Driven Design Method
(October 2001) This paper discusses the understanding of quality attributes and their application to the design of a software architecture.

Managing Variability in Software Architectures
(May 2001) This paper presents experience with explicitly managing variability within a software architecture.

Defining and Understanding Software Measurement Data
(January 2001) The following describes a measurement process and provides some basic concepts that managers can use to help integrate measurement into the process for managing software development.

Simulation: An Enabling Technology in Software Engineering
(April 1999) This 1999 whitepaper suggests three reasons why the software engineering community could exploit simulation to much greater advantage.

Study of the Interdependencies Within the Banking and Finance Infrastructure for Survivability Research
(January 1999) To preserve the public's confidence in the banking and finance infrastructures, its survivability needs to be examined. One approach to investigating the survivability of the banking and finance system is to design a simulation for the infrastructure. We discussed several ways for analyzing survivability, including simulation tools. Then we introduce the tools we chose, EASEL (the Emergent Algorithms Simulation Environment and Language), and the concept of EMergent Algorithms. From the perspective of simulation, we study three payment systems in the infrastructure and present the result as the list of actors, neighbors, functions, and the algorithms which actors perform. Then we illustrate the interdependencies we found among the three payment systems. After we understand the three payment systems, and illustrate the interdependencies among them, we discuss the relationships between the interdependencies and the survivability requirements for the infrastructures. We will also discuss some advantages and disadvantages about using EASEL to design the simulation and describe the payment systems.

Software Architectural Transformation
(January 1999) This paper presents a concrete example of an architecturally-motivated reengineering task. In executing this task, the authors perform architecture reconstruction, reason about the reconstructed architecture, motivate an architectural transformation with new architectural quality requirements, and realize this architectural transformation via an automated code transformation.

Consistency in Dynamic Reconfiguration
(October 1998) This paper examines issues relating to the impact of change in real-time control applications.

DoD Security Needs and COTS-Based Systems
(September 1998) This monograph offers a "heads-up" to decision makers who are building information systems that have security constraints, who feel the market imperatives, and who want to make opportunistic use of what the market has to offer.

A Summary of DoD COTS-Related Policies
(September 1998) This Monograph examines seven documents that contain official guidance regarding the use of COTS products in Government systems.

View Extraction and View Fusion in Architectural Understanding
(June 1998) This paper presents a workbench for architectural extraction called Dali, and shows how Dali supports flexible extraction and fusion of architectural information. Its use is described through two extended examples of architectural reconstruction.

Case Study: Evaluating COTS Products for DoD Information Systems
(June 1998) This monograph reports on a DoD program that undertook a detailed evaluation effort that examined several commercial products as candidates for a large information system.

Case Study: Significant Schedule Delays in a Complex NDI-Based System
(June 1998) The expected audience for this monograph is a general audience, and the major issues tend to be more programmatic and managerial rather than purely technical.

The Architecture Tradeoff Analysis Method
(April 1998) This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in design.

Assessing Architectural Complexity
(March 1998) This paper describes a system, called IAPR, that aids in architectural exploration and measurement by attempting to match patterns to an architecture.

Monograph: COTS and Open Systems
(February 1998) Monograph: COTS and Open Systems

Isolating Faults in Complex COTS-Based Systems
(February 1998) This monograph provides an overview of a method for isolating and overcoming faults in COTS-based systems.

COTS and Open Systems
(February 1998) This monograph offers a practical rather than theoretical approach to the issues of COTS and open systems.

Requirements for Integrating Software Architecture
(January 1998) This paper discusses the requirements and a generic framework for the integration of architectural and code-based reengineering tools. It was presented at the 1998 Working Conference on Reverse Engineering, Honolulu HI, October 1998 and was written by Rick Kazman, S. G. Woods, and S. J. Carriere.

Classifying Architectural Elements as a Foundation for Mechanism Matching
(November 1997) This paper presents a set of well known but informally described software architectural elements used in system composition, and taxonomizes them under a basic set of characteristic features.

An Approach to Software Architecture Analysis for Evolution and Reusability
(November 1997) This paper presents an approach to capturing and assessing software architectures for evolution and reuse. The approach consists of a framework for modeling various types of relevant information and a set of architectural views for reengineering, analyzing, and comparing software architectures.

Assessing Design Quality From a Software Architectural Perspective
(October 1997) In this paper, we take the position that good object oriented designs accrue from attention to both the design of objects and classes and to the architectural framework which defines how instances of those classes interact. We argue that an architecture should be assessed for conceptual integrity, and describe tool support for making such an assessment.

Case Study: Correcting System Failure in a COTS Information System
(September 1997) Case Study: Correcting System Failure in a COTS Information System

Case Study: Correcting System Failure in a COTS Information System``
(September 1997) This monograph provides an in-depth technical study about a COTS-based information system made up of several commercial components.

Assembling Large Systems from COTS Components: Opportunities, Cautions, and Complexities
(June 1997) Assembling Large Systems from COTS Components: Opportunities, Cautions, and Complexities

Assembling Large Systems from COTS Components
(June 1997) This monograph, the first in a series, illuminates some general issues that can arise when pursuing a COTS-based approach in complex, heterogeneous systems.

Estimating With Objects - Part XI
(May 1997) This column is the last in a series about estimating. This column describes some data on how the PROBE method that is described in these articles has helped engineers make better estimates and do better work.

Estimating With Objects - Part X
(April 1997) This column is the tenth in a series about estimating. This column concludes the discussion of how object-oriented techniques can help you estimate and plan your work.

Estimating With Objects - Part IX
(March 1997) This column is the ninth in a series about estimating. This column continues the discussion of how object-oriented techniques can help you to estimate and plan your work.

Estimating With Objects - Part VIII
(February 1997) This column is the eighth in a series about estimating. This column continues the discussion of how to make software estimates.

Estimating With Objects - Part VII
(January 1997) This column is the seventh in a series about estimating. This column continues the discussion of how to make software estimates.

Estimating With Objects - Part VI
(December 1996) This column is the sixth in a series about estimating. It continues the discussion of how to make size estimates.

Estimating With Objects - Part V
(November 1996) This column is the fifth in a series about estimating. It continues the discussion of how to make size estimates.

Scenario-Based Analysis of Software Architecture
(November 1996) This paper presents an experiential case study illustrating the methodological use of scenarios to gain architecture-level understanding and predictive insight into large, real-world systems in various domains.

Estimating With Objects - Part IV
(October 1996) This column is the fourth in a series about estimating. It continues the discussion of how to make size estimates.

Estimating With Objects - Part III
(September 1996)

Estimating With Objects - Part II
(August 1996) This is the second of a series of columns on software project estimating. It discusses program size and it provides a general background for all the columns to follow.

Estimating With Objects - Part I
(July 1996) This column starts a series on estimating. In this first column, Watts Humphrey talks about why one should make estimates and then briefly discusses the elements of estimating.

Survey of Architecture Description Languages. A
(March 1996) This paper summarizes a taxonomic survey of ADLs that is in progress. This paper summarizes a taxonomic survey of ADLs that is in progress. Preliminary results allow conclusions to be drawn about what constitutes an ADL, and how contemporary ADLs differ.

Credibility and Commitment
(March 1996) This 1996 whitepaper explores how an organization can gain credibility by realistically planning work based on historical performance.

The Gadfly: An Approach to Architectural-Level System Comprehension
(March 1996) This paper describes the Gadfly, an approach for developing narrowly-focused, reusable domain models that can be integrated and (re)used to aid in the process of top-down system comprehension.

A Case Study in Requirements for Survivable Systems
(January 1996) This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.

Tool Support for Architecture Analysis and Design
(January 1996) This position paper first presents a set of requirements that an ideal tool for architectural design and analysis, and then presents a tool—called SAAMtool—that meets most, but not all, of these requirements.

From Subroutines to Subsystems: Component-Based Software Development
(November 1995) This whitepaper provides a conceptual overview of component-based software development (CBSD) and discusses how CBSD is changing the way large software systems are developed.

The Changing World of Software
(October 1995) Few expect software to be delivered on time and defect-free. How long will customers tolerate such performance? A closer look at the industry reveals that the software world needs to change.

Formal Methods in Describing Architectures
(September 1995) This paper presents Modechart, a specification language for hard-real-time embedded computer systems developed at the University of Texas at Austin. It presents the Modechart paradigm as an example of a fruitful trend for ADL research.

Assessing the Quality of Large, Software-Intensive Systems: A Case Study
(September 1995) This paper presents a case study in carrying out an audit of a large, software-intensive system. It was written by Alan Brown, David Carney, Paul Clements, Craig Meyers, Dennis Smith, Nelson Weiderman, and Bill Wood.

An Architectural Analysis Case Study:Internet Information Systems
(April 1995) This paper presents a method for analyzing systems for nonfunctional qualities from the perspective of their software architecture and applies this method to the field of Internet information systems (IISs).

Understanding Architectural Influences and Decisions in Large-System Projects
(April 1995) This paper discusses the approach taken in a pilot study to uncover the correlation, if any, between architectural influences and architectural decisions in large-scale, software-intensive development projects.

Features of Architecture Description Languages
(April 1995) This 1995 whitepaper provides an overview of Architecture description languages (ADLs), an emerging notation for software architecture models.

An Architectural Analysis Case Study: Internet Information Systems
(April 1995) This paper presents a method for analyzing systems for nonfunctional qualities from the perspective of their software architecture and applies this method to the field of Internet information systems (IISs). It was written by Rick Kazman, Len Bass, Gregory Abowd, and Paul Clements.

Case Study in Assessing the Maintainability of Large, Software-Intensive Systems, A
(March 1995) This paper presents a case study in assessing the maintainability of a large, software intensive system. The techniques used are described, and their strengths and weaknesses discussed.

Software Architecture Renaissance, The
(November 1994) The increasing importance of software in systems is also driving the software architecture renaissance. This article provides a brief overview of some important architecture related efforts.

From Domain Models to Architectures
(January 1994) This whitepaper was presented at the Workshop on Software Architecture, USC Center for Software Engineering, Los Angeles, 1994, by Paul Clements.