search menu icon-carat-right cmu-wordmark

Since it was established in 1984 as a federally funded research and development center sponsored by the U.S. Department of Defense, the SEI has delivered innovative methods, tools, algorithms, and frameworks to meet current software and cybersecurity needs and provide a foundation for combating future ones.

In our role as a research leader, the SEI often produces technical work that bears fruit years later. For example, our pioneering work in software architecture led to the accepted understanding today that architecture determines the quality and longevity of a software system. And SEI experts closed gaps in network data collection and analysis by developing a suite of cybersecurity tools and a system that now provides traffic monitoring and protection throughout federal networks.

The stories below offer snapshots of the culture of innovation at the SEI as our researchers and engineers have investigated the nation's toughest problems in software and cybersecurity over the years.

You can also read these stories in the 2016 book History of Innovation at the SEI.

2021

SCAIFE: Secure Code Analysis for Continuous Integration

The SEI developed SCAIFE, an AI-enabled framework for efficient static analysis classification and prioritization, aiding in flaw detection.

Read More

2020

Crucible and GHOSTS: Enabling Realistic Cyber Simulations

Read the Story

2019

Foundry: A Training Asset Management Portal

A next-generation cyber-training asset-management portal, Foundry connects cyber training content users, sponsors, and developers in a shared environment where available content is registered for users to consume, rate, and add to playlists.

Read More

2018

Defining the Practice of Managing Technical Debt: From Research to Community

Read the Story

2017

Helping Analysts Automate Reverse Engineering

In 2017, the SEI released OOZanalyzer, part of the Pharos Binary Static Analysis Framework, a suite of tools that help reverse engineers and malware analysts gain insights into software binaries when source code is not available.

Read More

2017

Automating the Repair of Software Flaws

Read the Story

2016

Contributing to Developing and Implementing the DoD Vulnerability Discovery Program

In 2016, the DoD identified a need for a transparent and modernized vulnerability disclosure program and asked the SEI’s CERT Division to help develop and implement such a program.

Read More

2015

Enhancing Computing Power at the Edge

Read the Story

2015

Creating a New Language to Verify Complex Systems

SEI researchers created a new programming language to verify distributed, adaptive real-time (DART) systems, which are essential to DoD capability but notoriously difficult to verify.

Read More

2015

Integrating Early to Prevent Costly Problems

Read the Story

2014

Taming Uncertainty in Software Cost Estimation

Early cost estimates rely on expert judgments about cost factors, but cost factors change throughout the program lifecycle. The SEI's approach helps program managers account for these changing factors.

Read More

2014

Enabling a Stronger Cyber Workforce

Read the Story

2014

Attacking Software Vulnerabilities

In 2014, the SEI's CERT Division introduced the Tapioca tool to check Android apps for vulnerabilities. In the first year of use, Tapioca was used to check more than one million Android apps.

Read More

2014

Building Capability to Defend Against Malware

Read the Story

2011

Assessing Cyber Risk Readiness

This research led to development of standards in 2004, which were chosen for an aerospace initiative in 2008 and used to detect potential integration issues in the Joint Multi-Role helicopter program in 2015.

Read More

2009

Certifying the Software Architect Role

Read the Story

2009

Augmenting T&E with Assurance

Our work on the use of assurance cases in the development of medical devices led the FDA to issue draft guidance to manufacturers recommending the use of assurance cases and providing guidance for their use.

Read More

2009

Codifying Resilience Practice

Read the Story

2007

Strengthening Network Traffic Analysis

Casual conversation among members of the DoD and SEI staff sparked a collaboration that produced the DHS Einstein program, which helps protect federal computer networks and the delivery of essential government services.

Read More

2004

Leading the Growth of an Architectural Modeling Standard

Read the Story

2003

Defining Non-Functional System Qualities

The idea that quality attributes influence the shape of an architecture and that the architecture is fundamental to a system emerged from 2003 research at the SEI in rate monotonic analysis.

Read More

2003

Standardizing More Secure Software

Read the Story

2002

Tailoring Risk Management Practice

Since the 1990s, SEI risk research has shaped standards for software risk management, enabling program managers in software-intensive programs to identify what could go wrong and mitigate those risks.

Read More

2001

Setting a Foundation for Software Architecture

Read the Story

2001

Changing Software Contractor Selection Criteria

Through CMMI and SCAMPI, the SEI has made substantial contributions to software contractor appraisal and evaluation processes, strongly influencing government acquisition practices.

Read More

2000

Bringing Science to Insider Threat Mitigation

Read the Story

2000

Enabling Large-Scale Network Flow Analysis

Since the early 1990s, SEI and CERT have developed numerous tools and techniques to assist in analyzing network traffic flow and identifying cybersecurity incidents.

Read More

1994

Evaluating System Architecture

Read the Story

1993

Meeting Real-Time Scheduling Needs

The SEI has been instrumental in developing the rate monotonic scheduling paradigm, publishing A Practitioner’s Handbook for Real-Time Analysis: Guide to Rate Monotonic Analysis for Real-Time Systems in 1993.

Read More

1991

Transforming Software Quality Assessment

Read the Story

1990

Establishing a Basis for Software Reuse

Underlying today's efforts to reuse software is a 1990s technology called feature-oriented domain analysis. By developing this technology, the SEI demonstrated that managing variation is essential to software reuse.

Read More

1989

Building the Master of Software Engineering Curriculum

Read the Story

1988

Pointing the Way Toward a Software Architecture Discipline

The SEI contributed to a greater understanding of how architectural decisions affect the ease of modifying a user interface, introducing an important concept to the discipline of software architecture in the 1990s.

Read More

1988

Fostering Growth in Professional Cyber Incident Management

Read the Story