By Douglas C. Schmidt
As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in assuring software reliability, future architectures, Agile software teams, insider threat, and HTML5. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.
Assuring Software Reliability
By Robert J. Ellison
The 2005 Department of Defense Guide for Achieving Reliability, Availability, and Maintainability (RAM) recommended an emphasis on engineering analysis with formal design reviews with less reliance on RAM predictions. A number of studies have shown the limitations of current system development practices for meeting these recommendations. This document describes ways that the analysis of the potential impact of software failures (regardless of cause) can be incorporated into development and acquisition practices through the use of software assurance.
Download the PDF
Patterns and Practices for Future Architectures
By Eric Werner, Scott McMillan, & Jonathan Chu
Graph algorithms are widely used in Department of Defense (DoD) applications including intelligence analysis, autonomous systems, cyber intelligence and security, and logistics optimization. These analytics must execute at larger scales and higher rates to accommodate the growing velocity, volume, and variety of data sources. The implementations of these algorithms that achieve the highest levels of performance are complex and intimately tied to the underlying architecture. New and emerging computing architectures require new and different implementations of these well-known graph algorithms, yet it is increasingly expensive and difficult for developers to implement algorithms that fully leverage their capabilities. This project investigates approaches that will make high-performance graph analytics on new and emerging architectures more accessible to users. The project is researching the best practices, patterns, and abstractions that will enable the development of a software graph library that separates the concerns of expressing graph algorithms from the details of the underlying computing architectures. The approach started with a fundamental graph analytics function: the breadth-first search (BFS). This technical note compares different BFS algorithms for central and graphics processing units, examining the abstractions used and comparing the complexity of the implementations against the performance achieved.
Download the PDF
Agile Software Teams: How They Engage with Systems Engineering on DoD Acquisition Programs
By Eileen Wrubel, Suzanne Miller, Mary Ann Lapham, & Timothy A. Chick
This technical note, part of an ongoing series on Agile in the Department of Defense (DoD), addresses key issues that occur when Agile software teams engage with systems engineering functions in the development and acquisition of software-reliant systems. Published acquisition guidance still largely focuses on a system perspective, and fundamental differences exist between systems engineering and software engineering approaches. Those differences are compounded when Agile becomes a part of the mix, rather than adhering to more traditional waterfall-based development lifecycles.
For this technical note, the SEI gathered more data from users of Agile methods in the DoD and delved deeper into the existing body of knowledge about Agile and systems engineering before addressing them. Topics considered here include various interaction models for integrating systems engineering functions with Agile engineering teams, automation, insight and oversight, training, the role of Agile advocates/sponsors and coaches, the use of pilot programs, stakeholder involvement, requirements evolution, verification and validation activities, and the means by which Agile teams align their increments with program milestones. This technical note offers insight into how systems engineers and Agile software engineers can better collaborate when taking advantage of Agile as they deliver incremental mission capability.
Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector
By the CERT Insider Threat Team
The research documented in this report seeks to advance the understanding of the unintentional insider threat (UIT) that results from phishing and other social engineering cases, specifically those involving malicious software (malware). The research team collected and analyzed publicly reported phishing cases involving malware and performed an initial analysis of the industry sectors impacted by this type of incident.
This report provides that analysis as well as case examples and potential recommendations for mitigating UITs stemming from phishing and other social engineering incidents. The report also compares security offices’ current practice of UIT monitoring to the current manufacturing and healthcare industries’ practice of tracking near misses of adverse events.
Download the PDF
Evaluation of the Applicability of HTML5 for Mobile Applications in Resource-Constrained Edge Environments
By Bryan Yan (Carnegie Mellon University – Institute for Software Research) and Grace Lewis
Mobile applications increasingly are being used by first responders and soldiers to support their missions. These users operate in resource-constrained, edge environments characterized by dynamic context, limited computing resources, intermittent network connectivity, and high levels of stress. In addition to efficient battery management, mobile applications operating in edge environments require efficient resource usage of onboard sensors to capture, store, and send data across networks that may be intermittent. The traditional method for building mobile applications is to use native software development kits (SDKs) on a particular mobile platform, such as Android or iOS. However, HTML5 has recently evolved to a stage where it supports many of the development features that native SDKs support.
The advantages of using HTML5 include not only cross-platform development and deployment, but also that mobile edge applications would not have to be deployed on mobile devices, potentially leading to an easier distribution and testing process because they simply run inside the web browser that already exists on the device. This technical note presents an analysis of the feasibility of using HTML5 for developing mobile edge applications, as well as the use of bridging frameworks for filling in gaps in HTML5 development features.
This note also provides a discussion of the software architecture implications of HTML5 mobile application development. The work presented in this note is the result of an independent study in Carnegie Mellon University’s Master of Information Technology - Embedded Software Engineering (MSIT-ESE) program.
Download the PDF
For the latest SEI technical reports and notes, please visit