Oct 29
2012
By Bill Pollak
Transition Manager
Research Technology & System Solutions
Last
week, we presented the first posting in a series from a panel at SATURN
2012 titled "Reflections on 20 Years of Software Architecture." In her
remarks on the panel summarizing the evolution of software architecture
work at the SEI, Linda Northrop, director of the SEI's Research, Technology, and System Solutions (RTSS) Program,
referred to the steady growth in system scale and complexity over the
past two decades and the increased awareness of architecture as a
primary means for achieving desired quality attributes, such as
performance, reliability, evolvability, and security.
It’s undeniable that the field of software architecture has grown during the past 20 years. In 2010, CNN/Money Magazine identified "software architect" as the most desirable job in the U.S.
Since 2004, the SEI has trained people from more than 900 organizations
in the principles and practices of software architecture, and more than
1,800 people have earned the SEI Software Architecture Professional certificate.
It is widely recognized today that architecture serves as the blueprint
for both the system and the project developing it, defining the work
assignments that must be performed by design and implementation teams.
Architecture is the primary purveyor of system quality attributes which
are hard to achieve without a unifying architecture; it’s also the
conceptual glue that holds every phase of projects together for their
many stakeholders.
This blog posting—the second in a series—provides a lightly edited transcription of a presentation by Douglas C. Schmidt, former chief technology officer of the SEI and currently a professor of computer science at Vanderbilt University,
who discussed advances in software architecture practice for
distributed real-time embedded systems during the past two decades.
Read more...
Oct 22
2012
By Bill Pollak,
Transition Manager
Research, Technology, & System Solutions
A
search on the term "software architecture" on the web as it existed in
1992 yielded 88,700 results. In May, during a panel providing a 20-year
retrospective on software architecture hosted at the SEI Architecture Technology User Network (SATURN)
conference, moderator Rick Kazman noted that on the day of the panel
discussion—May 9, 2012— that same search yielded 2,380,000 results. This
30-fold increase stems from various factors, including the steady
growth in system complexity, the increased awareness of the importance
of software architecture on system quality attributes, and the quality
and impact of efforts by the SEI and other groups conducting research
and transition activities on software architecture. This blog
posting—the first in a series—provides a lightly edited transcription of
the presentation of the first panelist, Linda Northrop, director of the SEI’s Research, Technology, & System Solutions (RTSS) Program at the SEI, who provided an overview of the evolution of software architecture work at the SEI during the past twenty years.
Read more...
Oct 15
2012
By Kurt Wallnau
Senior Member of the Technical Staff
Research, Technology, and System Solutions and CERT Science of Cyber-Security
For more than 10 years, scientists, researchers, and engineers used the TeraGrid supercomputer network funded by the National Science Foundation (NSF)
to conduct advanced computational science. The SEI has joined a
partnership of 17 organizations and helped develop the successor to the
TeraGrid called the Extreme Science and Engineering Discovery Environment (XSEDE).
This posting, which is the first in a multi-part series, describes our
work on XSEDE that allows researchers open access—directly from their
desktops—to the suite of advanced computational tools and digital
resources and services provided via XSEDE. This series is not so much
concerned with supercomputers and supercomputing middleware, but rather
with the nature of software engineering practice at the scale of
socio-technical ecosystem.
Read more...
Oct 8
2012
By Suzanne Miller,
Senior Member of the Technical Staff
Acquisition Support Program
All
software engineering and management practices are based on cultural and
social assumptions. When adopting new practices, leaders often find
mismatches between those assumptions and the realities within their
organizations. The SEI has an analysis method called Readiness and Fit
Analysis (RFA) that allows the profiling of a set of practices to
understand their cultural assumptions and then to use the profile to
support an organization in understanding its fit with the practices’
cultural assumptions. RFA has been used for multiple technologies and
sets of practices, most notably for adoption of CMMI practices. The method for using RFA and the profile that supports CMMI for Development adoption is found in Chapter 12 of CMMI Survival Guide: Just Enough Process Improvement. This blog post discusses a brief summary of the principles behind RFA and describes the SEI Acquisition Support Program’s
work in extending RFA to support profiling and adoption risk
identification for Department of Defense (DoD) and other
highly-regulated organizations that are considering or are in the middle
of adopting agile methods.
Read more...
Oct 1
2012
By Andrew P. Moore
Senior Member of the Technical Staff
The CERT Program
Since 2001, researchers at the CERT Insider Threat Center
have documented malicious insider activity by examining media reports
and court transcripts and conducting interviews with the United States
Secret Service, victims’ organizations, and convicted felons. Among the
more than 700 insider threat cases that we’ve documented, our analysis
has identified more than 100 categories of weaknesses in systems,
processes, people or technologies that allowed insider threats to occur.
One aspect of our research has focused on identifying enterprise
architecture patterns that protect organization systems from malicious
insider threat. Enterprise architecture patterns are organization
patterns that involve the full scope of enterprise architecture
concerns, including people, processes, technology, and facilities. Our
goal with this pattern work is to equip organizations with the tools
necessary to institute controls that will reduce the incidence of
insider compromise. This blog post is the second in a series that describes our research to create and validate an insider threat mitigation pattern language that focuses on helping organizations balance the cost of security controls with the risk of insider compromise.
Read more...
Recent Comments