Software Engineering and Information Assurance
Measurable means to achieve quality, security, and affordability
Software-intensive systems should perform as intended and be free from vulnerabilities. They should also be affordable, a term that implies cost control and timely deployment of needed software capabilities. System designers struggle to make software secure and affordable amid technology gaps for resilient software architecture, automated software analysis, development process agility, and cost control.
We focus on forming solutions to building correct, secure, and affordable systems. We develop measurable means to reduce risk for new systems or legacy system sustainment efforts by building in data and information security and wringing out software defects. We seek root causes in software acquisition of affordability issues that result in wasted effort and delays. In response to those issues, we create and prototype tooling that can shorten development time and increase software quality.
Featured Work

DevOps: Build Faster and Better Applications
CERT researchers help your organization understand and establish robust DevOps capabilities to develop, test, and deploy software faster, with high quality, and with less risk.

Managing Technical Debt with Data-Driven Analysis
Most software projects carry technical debt. We develop tools and techniques that identify it and provide a complete view of the debt that you need to manage.

Converting a Navy Weapon System from a 32- to a 64-Bit Architecture
The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.

Automating Vulnerability Discovery in Critical Applications
CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.

Supporting the U.S. Army's Joint Multi-Role Technology Demonstrator Effort
We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.

Design Pattern Recovery from Malware Binaries
The U.S. Department of Defense (DoD) and industry face many malware problems. CERT researchers automate malware analysis capabilities, including those focused on malware family evolution and similarity.

Automated Code Repair
Finding security flaws in source code is daunting; fixing them is an even greater challenge. Our researchers are creating automated tools that can repair bugs automatically or by prompting developers for more information to make effective repairs.

QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation
Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.
Featured News

Collaborative Solution Earns Top-Five Spot in DIUX Challenge
November 15, 2018 • News
Pentagon competition seeks innovative uses of computer vision.
Download
CERT Division Announces Data Science in Cybersecurity Symposium
July 27, 2018 • News
The CERT Division today announced the 2nd annual CERT Data Science in Cybersecurity Symposium, a free one-day symposium to be held in Arlington, Va., on August 29. Registration is now open.
Download
SEI Research Combats Mounting Acquisition Costs
April 09, 2018 • News
Because we are now in an era in which software costs can limit military capability, understanding and controlling these costs is critical.
DownloadHistory of Innovation at the SEI in Software Engineering and Information Assurance
The SEI has performed innovative research in software and information assurance for almost 30 years that has benefited government, industry, and academia. Learn more about a few of the highlights.