Entries for month: October 2012

Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

Architecture No Comments »

By Bill Pollak
Transition Manager
Research Technology & System Solutions

Bill PollakLast week, we presented the first posting in a series from a panel at SATURN 2012 titled "Reflections on 20 Years of Software Architecture." In her remarks on the panel summarizing the evolution of software architecture work at the SEI, Linda Northrop, director of the SEI's Research, Technology, and System Solutions (RTSS) Program, referred to the steady growth in system scale and complexity over the past two decades and the increased awareness of architecture as a primary means for achieving desired quality attributes, such as performance, reliability, evolvability, and security.

It’s undeniable that the field of software architecture has grown during the past 20 years. In 2010, CNN/Money Magazine identified "software architect" as the most desirable job in the U.S. Since 2004, the SEI has trained people from more than 900 organizations in the principles and practices of software architecture, and more than 1,800 people have earned the SEI Software Architecture Professional certificate. It is widely recognized today that architecture serves as the blueprint for both the system and the project developing it, defining the work assignments that must be performed by design and implementation teams. Architecture is the primary purveyor of system quality attributes which are hard to achieve without a unifying architecture; it’s also the conceptual glue that holds every phase of projects together for their many stakeholders.

This blog posting—the second in a series—provides a lightly edited transcription of a presentation by Douglas C. Schmidt, former chief technology officer of the SEI and currently a professor of computer science at Vanderbilt University, who discussed advances in software architecture practice for distributed real-time embedded systems during the past two decades.


Reflections on 20 Years of Software Architecture: A Presentation by Linda Northrop

Architecture , Architecture Documentation , Architecture Tradeoff Analysis Method (ATAM) , Quality Attribute Workshop , Ultra Large Scale Systems 4 Comments »

By Bill Pollak,
Transition Manager
Research, Technology, & System Solutions

Bill PollakA search on the term "software architecture" on the web as it existed in 1992 yielded 88,700 results. In May, during a panel providing a 20-year retrospective on software architecture hosted at the SEI Architecture Technology User Network (SATURN) conference, moderator Rick Kazman noted that on the day of the panel discussion—May 9, 2012— that same search yielded 2,380,000 results. This 30-fold increase stems from various factors, including the steady growth in system complexity, the increased awareness of the importance of software architecture on system quality attributes, and the quality and impact of efforts by the SEI and other groups conducting research and transition activities on software architecture. This blog posting—the first in a series—provides a lightly edited transcription of the presentation of the first panelist, Linda Northrop, director of the SEI’s Research, Technology, & System Solutions (RTSS) Program at the SEI, who provided an overview of the evolution of software architecture work at the SEI during the past twenty years.


SEI Contributes to a National Supercomputing Initiative

CMMI , Architecture No Comments »

By Kurt Wallnau
Senior Member of the Technical Staff
Research, Technology, and System Solutions and CERT Science of Cyber-Security

Kurt WallnauFor more than 10 years, scientists, researchers, and engineers used the TeraGrid supercomputer network funded by the National Science Foundation (NSF) to conduct advanced computational science. The SEI has joined a partnership of 17 organizations and helped develop the successor to the TeraGrid called the Extreme Science and Engineering Discovery Environment (XSEDE). This posting, which is the first in a multi-part series, describes our work on XSEDE that allows researchers open access—directly from their desktops—to the suite of advanced computational tools and digital resources and services provided via XSEDE. This series is not so much concerned with supercomputers and supercomputing middleware, but rather with the nature of software engineering practice at the scale of socio-technical ecosystem.


Readiness & Fit Analysis

Agile , CMMI , Acquisition No Comments »

By Suzanne Miller,
Senior Member of the Technical Staff
Acquisition Support Program

Suzanne MillerAll software engineering and management practices are based on cultural and social assumptions. When adopting new practices, leaders often find mismatches between those assumptions and the realities within their organizations. The SEI has an analysis method called Readiness and Fit Analysis (RFA) that allows the profiling of a set of practices to understand their cultural assumptions and then to use the profile to support an organization in understanding its fit with the practices’ cultural assumptions.  RFA has been used for multiple technologies and sets of practices, most notably for adoption of CMMI practices. The method for using RFA and the profile that supports CMMI for Development adoption is found in Chapter 12 of CMMI Survival Guide: Just Enough Process Improvement. This blog post discusses a brief summary of the principles behind RFA and describes the SEI Acquisition Support Program’s work in extending RFA to support profiling and adoption risk identification for Department of Defense (DoD) and other highly-regulated organizations that are considering or are in the middle of adopting agile methods.


Effectiveness of a Pattern for Preventing Theft by Insiders

Insider Threat Patterns , Insider Threat , CERT No Comments »

By Andrew P. Moore
Senior Member of the Technical Staff
The CERT Program

Andrew P. Moore Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims’ organizations, and convicted felons. Among the more than 700 insider threat cases that we’ve documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused on identifying enterprise architecture patterns that protect organization systems from malicious insider threat. Enterprise architecture patterns are organization patterns that involve the full scope of enterprise architecture concerns, including people, processes, technology, and facilities. Our goal with this pattern work is to equip organizations with the tools necessary to institute controls that will reduce the incidence of insider compromise. This blog post is the second in a series that describes our research to create and validate an insider threat mitigation pattern language that focuses on helping organizations balance the cost of security controls with the risk of insider compromise.