Software Engineering and Information Assurance
Measurable means to achieve quality, security, and affordability
Software-intensive systems should perform as intended and be free from vulnerabilities. They should also be affordable, a term that implies cost control and timely deployment of needed software capabilities. System designers struggle to make software secure and affordable amid technology gaps for resilient software architecture, automated software analysis, development process agility, and cost control.
We focus on forming solutions to building correct, secure, and affordable systems. We develop measurable means to reduce risk for new systems or legacy system sustainment efforts by building in data and information security and wringing out software defects. We seek root causes in software acquisition of affordability issues that result in wasted effort and delays. In response to those issues, we create and prototype tooling that can shorten development time and increase software quality.
We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.
CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.
The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.
Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.
November 15, 2018 • News
Pentagon competition seeks innovative uses of computer vision.Download
July 27, 2018 • News
The CERT Division today announced the 2nd annual CERT Data Science in Cybersecurity Symposium, a free one-day symposium to be held in Arlington, Va., on August 29. Registration is now open.Download
History of Innovation at the SEI in Software Engineering and Information Assurance
The SEI has performed innovative research in software and information assurance for almost 30 years that has benefited government, industry, and academia. Learn more about a few of the highlights.
Attacking Software Vulnerabilities
In 2014, the SEI CERT Division introduced the Tapioca tool to check Android apps for vulnerabilities. In the first year of use, Tapioca was used to check more than 1 million Android apps.Read the Story
Standardizing More Secure Software
Since forming its Secure Coding Initiative in 2003, the SEI CERT Division has analyzed and cataloged thousands of software vulnerabilities and discovered that many share the same coding errors.Read the Story
Tailoring Risk Management Practice
Since the 1990s, SEI risk research has shaped standards for software risk management, enabling program managers in software-intensive programs to identify what could go wrong and mitigate those risks.Read the Story
Building the Master of Software Engineering Curriculum
During the early years of curriculum development in software engineering, the SEI held a workshop for leading software engineering educators to design a recommended curriculum for a software engineering degree.Read the Story