Home Contact Us Site Map Search

Publications SEI Publications Journal Articles Books & Book Chapters Proceedings Tutorials

SEI in the Community Conferences Keynote Presentations Technical Leadership Positions Press Releases Media Coverage AJ Awards

Press Releases

July 10, 2006
Software Engineering Institute Publishes Report on the Future of Software Research: Ultra-Large-Scale (ULS) Systems

PITTSBURGH, PA, July 10, 2006—The Carnegie Mellon Software Engineering Institute (SEI) today announced publication of Ultra-Large-Scale Systems: The Software Challenge of the Future (ISBN 0-9786956-0-7). Available on the Web at www.sei.cmu.edu/uls, the report is the product of a 12-month study of ultra-large-scale (ULS) systems software that the SEI conducted on behalf of the Office of the Assistant Secretary of the Army (Acquisition, Logistics, and Technology).

The study brought together software experts and experts from outside the field of software engineering from a variety of institutions and organizations in response to a question posed by the U.S. Army to the SEI, a federally funded research and development center sponsored by the U.S. Department of Defense: “Given the issues with today’s software engineering, how can we build the systems of the future that are likely to have billions of lines of code?” Although a billion lines of code was the initial challenge, increased code size brings with it increased scale in many dimensions, posing challenges that strain current software foundations. The report details a broad, multi-disciplinary research agenda for developing the ultra-large-scale systems of the future.

Software, says Claude M. Bolton, Jr., Assistant Secretary of the Army (Acquisition, Logistics, and Technology), is the chief enabler of an Army transformation that emphasizes information superiority. “Software makes possible increased situational awareness by providing sensors into networks that allow commanders and soldiers to see first, act first, and act decisively,” he says.

But the Army’s demands for software are rapidly outpacing its ability to manage software acquisition. “We need better tools to meet future challenges,” says Bolton, “and neither industry nor government is working on how to do things light-years faster and cheaper. How can future systems be built reliably if we can’t even get today’s systems right?”

“The DoD has a goal of information dominance,” says Linda M. Northrop, who led the study for the SEI. “Achieving this goal depends on the availability of increasingly complex systems characterized by thousands of platforms, sensors, decision nodes, weapons, and users, connected through heterogeneous wired and wireless networks. These systems will be ULS systems. Although they will comprise far more than just software,” says Northrop, “it is software that fundamentally will make possible the achievement of the DoD’s goal.

“Yet software is the least well understood and the most problematic element of our largest systems today. Our current understanding of software and our software development practices will not meet the demands of the future. To make significant progress in the size and complexity of systems that can be built and deployed successfully, we require a culture shift. In this report, we identify the kinds of research that will effect such a culture shift. The United States needs a program that will fund this software research required to sustain ongoing transformations in national defense and global interdependence. The report provides the starting point for the path ahead.”

The principal team of authors who wrote the report consists of Peter Feiler, John Goodenough, Rick Linger, Tom Longstaff, Rick Kazman, Mark Klein, Linda Northrop, and Kurt Wallnau from the SEI, along with Richard P. Gabriel, Sun Microsystems, Inc.; Douglas Schmidt, Vanderbilt University; and Kevin Sullivan, University of Virginia.

 

December 15, 2005
CERT Coordination Center Partners With Qatar's Supreme Council to Battle Cyber Risks

DOHA, QATAR, December 15, 2005—The Carnegie Mellon Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC) and the Qatar Supreme Council for Information and Communications Technology (ictQATAR) today announced a partnership to establish Qatar CERT (Q-CERT). Funded by the Qatar Supreme Council, Q-CERT will serve as the national organization to conduct and coordinate the comprehensive set of cybersecurity activities that will be needed to protect Qatar’s critical infrastructures as cyberspace becomes the nerve center of Qatar’s government, business and education operations.

“Carnegie Mellon, and CERT specifically, has worked with countries and organizations worldwide to increase their research and development activities, as well as increase their knowledge and experience in the protection of critical infrastructures,” said Richard D. Pethia, director of the SEI’s CERT program and interim team leader of Q-CERT. “We are pleased to partner with the State of Qatar and the Supreme Council to effectively manage ICT development in Qatar.”

“We are delighted to have the SEI’s CERT program here in Qatar,” said Hessa Al Jaber, director of ictQATAR. “It’s intrinsic to ictQATAR’s mission to bring Qatar in step with the best computing practices in the world, and this helps realize our goal.”

Al Jaber added that “Qatar aims to fully promote information and communications technology to become one of the most successful knowledge-based societies in the world. To achieve this, Qatar will need to implement initiatives that successfully manage the increased risk that comes with dependence on these powerful technologies.”

The plan for Q-CERT was developed during talks with Carnegie Mellon officials who have established a campus in Doha to offer programs in business and computer science. The goals of Q-CERT are to:

1. create awareness of cybersecurity in private-public institutions and the public
2. provide proactive and guided approaches for managing ICT security in the civil society
3. assist private-public stakeholders in managing risks and vulnerabilities against the country’s information infrastructure
4. ensure integrity and confidentiality of data crucial to the wide range of online services that will be offered
5. introduce cybercrime laws and privacy laws and educate the public on their rights

Carnegie Mellon University Provost and Senior Vice President Mark Kamlet stated that the university is excited about the opportunity to apply its expertise in computer security to Qatar, particularly given the university’s participation in Education City, where it is offering undergraduate Carnegie Mellon degrees in business and computer science. “SEI’s CERT is the global leader in computer security incident response and Q-CERT will be a top priority of SEI’s most senior management,” Kamlet said.

 

November 15, 2005
Carnegie Mellon Software Engineering Institute and General Motors Launch CMMI for Acquisition Organizations Project

DENVER, CO, November 15, 2005—The Carnegie Mellon Software Engineering Institute (SEI) and General Motors (NYSE: GM) Corporation, in coordination with the government/industry/SEI CMMI Steering Group, today announced a joint effort to create a new business process improvement model for companies looking to source information technology capabilities from third-party suppliers. The SEI and GM will co-develop the initial model for use by government and industry organizations. The initial model will be based on the existing CMMI Acquisition Module which was created by a CMMI team of government, industry and academic experts for the U.S. Department of Defense in 2004. Additional government and industry stakeholders will review and further develop this initial acquisition model before it will be submitted to the CMMI Steering Group for approval.

“We have been successful in driving common IT process standards across GM’s global organization and introducing this concept to our many IT suppliers,” said Ralph Szygenda, Group Vice President and CIO of General Motors. “Together with the SEI and the CMMI Steering Group, we believe we can develop a third-generation sourcing model that will not only bring benefit to General Motors, but to the information technology industry in general. Over time, all companies will be able to leverage this model to gain the most from their information technology suppliers. Meanwhile, IT suppliers will be able to leverage this model to provide more robust and efficient support to their business customers.”

SEI Director and Chief Executive Officer Paul D. Nielsen stated that the expansion of the CMMI framework to include an acquisition model demonstrates the SEI and CMMI team’s understanding of the dynamic IT market and the need to improve the acquisition practices of customers.

“Organizations will be able to leverage their existing investments in CMMI-based process improvement to improve their acquisition practices,” said Nielsen. “General Motors’ initiative in this area will lead to improvement of acquisition practices for all organizations—defense, civil, and commercial—who work in a more integrated way with their suppliers on challenging systems. We have learned that the process maturity of the acquirer can impact the effectiveness of a supplier no matter how sophisticated the supplier’s process maturity is.”

CMMI is a process improvement approach that provides organizations with the essential elements of effective processes. CMMI can be used to guide process improvement across a project, a division, or an entire organization. The model helps integrate traditionally separate organizational functions, sets process improvement goals and priorities, provides guidance for quality processes, and provides a point of reference for appraising current processes. General Motors Information Systems & Services (GM IS&S) views CMMI as the preferred framework for deploying common process improvement across IT in an organization.

The initial acquisition model will be in conformance with CMMI best practices, and will address the processes, practices, and activities an acquiring organization performs to manage its supplier interactions. It will address acquirers' process that are not part of the current engineering-related CMMI models. It can also be used with the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) Class A appraisal to achieve and determine a maturity level rating.

GM IS&S anticipates an initial draft by December 2005, and an SEI special report of the initial model for public release will be published by the end of the first quarter 2006.

 

October 3, 2005
Department of Homeland Security and Carnegie Mellon Software Engineering Institute Launch Software Assurance Web Portal

Pittsburgh, PA, October 3, 2005— the Department of Homeland Security and Carnegie Mellon Software Engineering Institute (SEI) launched a secure, web-based software assurance portal called Build Security In (BSI). The Portal, which can be accessed at http://buildsecurityin.us-cert.gov, offers best practices, tools and other resources to help software developers, architects and security practitioners create more secure and reliable software.

The BSI Portal was launched at the Department of Homeland Security-Department of Defense Software Assurance Forum that brings together technology experts from government, industry, and academia to examine the impact of software assurance on America’s critical infrastructure. It is a key part of the DHS Software Assurance Program that partners with the private sector to reduce software vulnerabilities, minimize exploitation, and deploy trustworthy software products by assuring security is part of software development.

“Securing our software systems is critical to protect the vast infrastructure that these systems support and operate,” said Andy Purdy, acting director of the National Cyber Security Division at the Department of Homeland Security. “Our software assurance efforts are focused on working with academia and the private sector to shift the paradigm from patch management to true software assurance. Our objectives are to raise the bar on software quality and security by improving software development and acquisition processes and practices. ”

Many security incidents are the result of exploits against defects in the design or code of software. According to the research firm Gartner, software code attacks cost companies $13.2 billion in 2004. The approach most commonly used to address software defects is to retroactively patch on devices that make it more difficult for defects to be exploited.

The BSI Portal seeks to alter the way that software is developed and provide resources and tools to “build in” security from the start so it is less vulnerable to attack.

“We look forward to partnering with Homeland Security and members of the software assurance community to improving and protecting our critical infrastructures,” said Richard D. Pethia, director of the SEI Networked Systems Survivability Program. “Community involvement in the direction of the portal content will help to ensure that the BSI knowledge portal is continuously delivering the information, data, and facts the software community needs to create secure systems.