Software Engineering and Information Assurance

Measurable means to achieve quality, security, and affordability

Software-intensive systems should perform as intended and be free from vulnerabilities. They should also be affordable, a term that implies cost control and timely deployment of needed software capabilities. System designers struggle to make software secure and affordable amid technology gaps for resilient software architecture, automated software analysis, development process agility, and cost control.

We focus on forming solutions to building correct, secure, and affordable systems. We develop measurable means to reduce risk for new systems or legacy system sustainment efforts by building in data and information security and wringing out software defects. We seek root causes in software acquisition of affordability issues that result in wasted effort and delays. In response to those issues, we create and prototype tooling that can shorten development time and increase software quality.

Featured Work

Managing Technical Debt with Data-Driven Analysis

Most software projects carry technical debt. We develop tools and techniques that identify it and provide a complete view of the debt that you need to manage.

Learn More

Converting a Navy Weapon System from a 32- to a 64-Bit Architecture

The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.

Learn More

Automating Vulnerability Discovery in Critical Applications

CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.

Learn More

Supporting the U.S. Army's Joint Multi-Role Technology Demonstrator Effort

We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.

Learn More

Design Pattern Recovery from Malware Binaries

The U.S. Department of Defense (DoD) and industry face many malware problems. CERT researchers automate malware analysis capabilities, including those focused on malware family evolution and similarity.

Learn More

Automated Code Repair

Finding security flaws in source code is daunting; fixing them is an even greater challenge. Our researchers are creating automated tools that can repair bugs automatically or by prompting developers for more information to make effective repairs.

Learn More

QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation

Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.

Learn More

View More Work

Featured News

Collaborative Solution Earns Top-Five Spot in DIUX Challenge

November 15, 2018 • News

Pentagon competition seeks innovative uses of computer vision.

Download

CERT Division Announces Data Science in Cybersecurity Symposium

July 27, 2018 • News

The CERT Division today announced the 2nd annual CERT Data Science in Cybersecurity Symposium, a free one-day symposium to be held in Arlington, Va., on August 29. Registration is now open.

Download

SEI Research Combats Mounting Acquisition Costs

April 09, 2018 • News

Because we are now in an era in which software costs can limit military capability, understanding and controlling these costs is critical.

Download

From Our Experts

AI Engineering for Defense and National Security: A Report from the October 2019 Community of Interest Workshop

October 29, 2020 • Special Report

Based on a workshop with thought leaders in the field, this report identifies recommended areas of focus for AI Engineering for Defense and National Security.

read

A Stakeholder-Specific Vulnerability Categorization

October 29, 2020 • Podcast

Allen D. Householder Eric Hatleback Jonathan Spring

Eric Hatleback, Allen Householder, and Jonathan Spring, vulnerability and incident resesarchers in the SEI CERT Division, discuss SSVC and also take audience members through a sample scoring vulnerability.

learn more

AI Engineering Report Highlights Needs and Challenges to Focus Emerging Discipline

October 29, 2020 • News

The conclusions of a 2019 SEI workshop describe nine areas of need for the defense and national security AI systems of the future.

read

SEI Releases Software Engineering Measurement and Analysis Course Materials

October 28, 2020 • Newsletter

October 28, 2020, SEI Bulletin

read

SEI Releases Software Engineering Measurement and Analysis Course Materials

October 28, 2020 • News

Presentations and sample datasets for three courses on software product and process improvement are now available to download from the SEI website.

read

View More Publications

History of Innovation at the SEI in Software Engineering and Information Assurance

The SEI has performed innovative research in software and information assurance for almost 30 years that has benefited government, industry, and academia. Learn more about a few of the highlights.

2014

Attacking Software Vulnerabilities

In 2014, the SEI CERT Division introduced the Tapioca tool to check Android apps for vulnerabilities. In the first year of use, Tapioca was used to check more than 1 million Android apps.

Read the Story

2003

Standardizing More Secure Software

Since forming its Secure Coding Initiative in 2003, the SEI CERT Division has analyzed and cataloged thousands of software vulnerabilities and discovered that many share the same coding errors.

Read the Story

2002

Tailoring Risk Management Practice

Since the 1990s, SEI risk research has shaped standards for software risk management, enabling program managers in software-intensive programs to identify what could go wrong and mitigate those risks.

Read the Story

1989

Building the Master of Software Engineering Curriculum

During the early years of curriculum development in software engineering, the SEI held a workshop for leading software engineering educators to design a recommended curriculum for a software engineering degree.

Read the Story