CERT-SEI

Research

SEI Seeks Organizations to Pilot New Performance Improvement Concept

The SEI is piloting an exciting new approach to improving performance. This new concept is designed to make it faster and easier to improve your software engineering processes. Combining the best of CMMI, the Team Software Process, and Six Sigma measurement and analysis techniques, this approach helps organizations accelerate the pace of performance improvement, including significantly decreasing cost, increasing quality, and improving on-time delivery. To learn more about participating in a pilot project, contact Jay Douglass (jcd@sei.cmu.edu, 412-268-6834) or Dave Scherb (dscherb@sei.cmu.edu, 412-268-3946).

TSP and the Integrated Software Acquisition Metrics (ISAM) Project

When it comes to meeting cost, schedule and performance objectives, program managers need

  • accurate cost and schedule information
  • proven practices for delivering quality software
  • timely knowledge of possible risks

The ISAM project was initiated with the assumption the TSP can be the foundation that program managers need to answer questions like: Where are you in your program? How do you know for sure? ISAM is developing pilot studies to create an effective, common measurement framework for acquirers and developers based on TSP and PSP practices. Managers will be able to use data from TSP teams so that they can answer these questions with confidence.

PSP and TSP provide the framework for ISAM because with TSP and PSP precise measures are normal engineering practice. TSP also provides the management and engineering training needed for rapid and effective use of these measures.

TSP for Secure Systems

The security of a software-intensive system is directly related to the quality of its software.

  • Over 90% of software security incidents are caused by attackers exploiting known software defects.
  • Analysis of 45 e-business applications showed that 70% of security defects were design defects.
  • Experienced and capable software engineers inject, on average, one defect every nine lines of code.
  • A one million line of code systems typically contains 1,000-5,000 defects when shipped.

TSP fosters good practices based on engineering principles. With TSP, software teams

  • build detailed, accurate plans
  • manage and track their commitments
  • produce nearly defect-free software (<0.1 defects/KSLOC)

TSP for Secure Systems is an applied research effort to enhance TSP by incorporating processes for

  • secure design
  • secure implementation
  • secure review and inspection
  • secure testing

TSP for Secure Systems is a collaborative effort between the TSP program and the Networked Systems Survivability program at the SEI.

Related Presentation

Team Software Process for Secure Systems Development