Tools & Methods Developed at the SEI
The SEI creates, tests, refines, and disseminates a broad range of technologies and management techniques. These techniques enable organizations to improve the results of software projects, the quality and behavior of software systems, and the security and survivability of networked systems. As an applied research and development center, the SEI brings immediate benefits to its research partners and long-term benefits to organizations that depend on software. The tools and methods developed by the SEI and its research partners are applied daily in organizations throughout the world.
Forges & Communities
We support acquisition managers and practitioners throughout the lifecycle, from the identification of user needs through sustainment. Acquisition Managers and practitioners can use our tools and methods to more effectively form acquisition strategy, more accurately estimate software costs, more fully profile software risks, and more realistically model sustainment investment.
We address security, software assurance, and survivability throughout the development and acquisition lifecycles. Acquirers, managers, developers, and operators of large-scale, complex, networked systems can integrate our methods with existing practices to build security into software-reliant systems and our tools to gain greater confidence in the security of those systems.
Cyber Risk and Resilience Management
Using a resilience approach, organizations focus on managing risk to critical assets by optimizing both protection and continuity strategies. Managers use our tools and methods to determine the organization's capability to set resilience goals and targets, and develop plans to close identified gaps.
Digital Intelligence and Investigation
Computer forensics investigators in law enforcement and other sectors can use our tools to develop incident response capabilities and facilitate their investigations.
A cybersecurity insider threat is a person who intentionally misuses or exceeds authorized access to an organization's network, system, or data in a way that negatively affects the organization's information or information systems. Security officers use our insider threat test datasets to model malicious activity.
Measurement & Analysis
Performance & Dependability
Mission risk analysis is based on a holistic, system-theory view of risk for interactively complex, distributed, socio-technical systems. Managers of these complex systems can use our tools to change the risk management paradigm from a traditional (a focus on threats) to the mission risk analysis (a focus on drivers for success) approach.
In this area, our work aims to reduce the number of vulnerabilities by preventing coding errors or discovering and eliminating security flaws during implementation and testing. Software developers and project managers can use our freely available tools to perform static analysis on code and validate code against ruled defined by ISO/IEC TS 17961.
The smart grid concept is a combination of technology and practices that is transforming power grids around the world. Electric utility organization managers can use our smart grid tools to inform their utility’s vision for smart grid transformation, chart its progress toward implementation, and strengthen cybersecurity capabilities.
Our two decades of work in software architecture has shown that building or choosing the right software architecture paves the way for system success. Software architects and project managers can use our tools and methods to establish requirements, define an architecture intended to satisfy requirements, evaluate and improve an architecture, document an architecture, and analyze an architecture for system safety-, security-, and performance-critical behaviors.
Software Product Lines
Organizations using software product lines have realized order-of-magnitude improvements in time to market, cost, productivity, quality, and other business drivers. Our tools help management combine the business and technical approaches necessary to adopt a software product lines approach as a dependable low-risk high-payoff practice.
System of Systems