Entries Tagged as 'Measurement & Analysis'

Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

Measurement & Analysis , Software Assurance No Comments »

By Carol Woody
Technical Manager of the Cybersecurity Engineering Team
CERT Division

This post was co-authored by Bill Nichols.

Carol Woody Mitre’s Top 25 Most Dangerous Software Errors is a list that details quality problems, as well as security problems. This list aims to help software developers “prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped.” These vulnerabilities often result in software that does not function as intended, presenting an opportunity for attackers to compromise a system. This blog post highlights our research in examining techniques used for addressing software defects in general and how those can be applied to improve security detection and management.


Improving the Reliability of Expert Opinion within Early Lifecycle Cost Estimation

Measurement & Analysis , Software Cost Estimates No Comments »

By Robert Stoddard,
Senior Member of the Technical Staff
Software Engineering Measurement and Analysis Program

Robert Stoddard As part of our research related to early acquisition lifecycle cost estimation for the Department of Defense (DoD), my colleagues in the SEI’s Software Engineering Measurement & Analysis initiative and I began envisioning a potential solution that would rely heavily on expert judgment of future possible program execution scenarios. Previous to our work on cost estimation, many parametric cost models required domain expert input, but, in our opinion, they did not address alternative scenarios of execution that might occur from Milestone A onward. Our approach, known as Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), asks domain experts to provide judgment not only on uncertain cost factors for a nominal program execution scenario, but also for the drivers of cost factors across a set of anticipated scenarios. This blog post describes our efforts to improve the accuracy and reliability of expert judgment within this expanded role of early lifecycle cost estimation.


Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE): An Update

Measurement & Analysis , Software Cost Estimates 6 Comments »

By Dave Zubrow,
Chief Scientist
Software Engineering Process Management Program

Dave ZubrowBy law, major defense acquisition programs are now required to prepare cost estimates earlier in the acquisition lifecycle, including pre-Milestone A, well before concrete technical information is available on the program being developed. Estimates are therefore often based on a desired capability—or even on an abstract concept—rather than a concrete technical solution plan to achieve the desired capability. Hence the role and modeling of assumptions becomes more challenging.  This blog posting outlines a multi-year project on Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE) conducted by the SEI Software Engineering Measurement and Analysis (SEMA) team. QUELCE is a method for improving pre-Milestone A software cost estimates through research designed to improve judgment regarding uncertainty in key assumptions (which we term program change drivers), the relationships among the program change drivers, and their impact on cost.


High Maturity Software Engineering Measurement and Analysis

CMMI , Measurement & Analysis , Team Software Process (TSP) 2 Comments »

By Dave Zubrow, Manager
Software Engineering Measurement and Analysis Initiative


Dave ZubrowThe SEI has been actively engaged in defining and studying high maturity software engineering practices for several years.  Levels 4 and 5 of the CMMI (Capability Maturity Model Integration) are considered high maturity and are predominantly characterized by quantitative improvement. This blog posting briefly discusses high maturity and highlights several recent works in the area of high maturity measurement and analysis, motivated in part by a recent comment on a Jan. 30 post asking about the latest research in this area. I’ve also included links where the published research can be accessed on the SEI website.



A Summary of Key SEI R&D Accomplishments in 2011

Acquisition , Agile , Architecture , Architecture Documentation , Binaries , Cyber-physical Systems , Fuzzy Hashing , Handheld Devices , Malware , Measurement & Analysis , Resilience Management Model (RMM) , Safety-Related Requirements , Security-Related Requirements , Software Cost Estimates , Team Software Process (TSP) , Technical Debt 1 Comment »

By Douglas C. Schmidt
Chief Technology Officer

Douglas C. SchmidtA key mission of the SEI is to advance the practice of software engineering and cyber security through research and technology transition to ensure the development and operation of software-reliant Department of Defense (DoD) systems with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development (R&D) activities involving the DoD, federal agencies, industry, and academia. One of my initial blog postings summarized the new and upcoming R&D activities we had planned for 2011. Now that the year is nearly over, this blog posting presents some of the many R&D accomplishments we completed in 2011.