Software Engineering and Information Assurance
Measurable means to achieve quality, security, and affordability
Software-intensive systems should perform as intended and be free from vulnerabilities. They should also be affordable, a term that implies cost control and timely deployment of needed software capabilities. System designers struggle to make software secure and affordable amid technology gaps for resilient software architecture, automated software analysis, development process agility, and cost control.
We focus on forming solutions to building correct, secure, and affordable systems. We develop measurable means to reduce risk for new systems or legacy system sustainment efforts by building in data and information security and wringing out software defects. We seek root causes in software acquisition of affordability issues that result in wasted effort and delays. In response to those issues, we create and prototype tooling that can shorten development time and increase software quality.
The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.
CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.
We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.
Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.
November 15, 2016 • Book
Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies.Download
October 27, 2016 • Technical Report
This report describes research to define complexity measures for avionics systems to help the FAA identify when systems are too complex to assure their safety.Download
April 13, 2016 • White Paper
This report describes cybersecurity risks and vulnerabilities in modern connected vehicles.Download
December 03, 2015 • Technical Report
This report defines software complexity, metrics for complexity, and the effects of complexity on cost and presents an analysis tool to measure complexity in models.Download