By Douglas C. Schmidt
Happy Memorial Day. As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in architecture analysis, patterns for insider threat monitoring, source code analysis and insider threat security reference architecture. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.
What’s New in V2 of the Architecture Analysis & Design Language Standard?
By Peter H. Feiler, Joe Seibel, & Lutz Wrage
This report provides an overview of changes and improvements to the Architecture Analysis & Design Language (AADL) standard for describing both the software architecture and the execution platform architectures of performance-critical, embedded, and real-time systems.
A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
By Andrew P. Moore, Michael Hanley & Dave Mundie
This report presents an example of an enterprise architectural pattern, “Increased Monitoring for Intellectual Property (IP) Theft by Departing Insiders,” to help organizations plan, prepare, and implement a means to mitigate the risk of insider theft of IP.
Source Code Analysis Laboratory (SCALe)
By Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda & Jefferson Welch
This report details the CERT Program's Source Code Analysis Laboratory (SCALe), a proof-of-concept demonstration that software systems can be conformance tested against secure coding standards, and provides an analysis of selected software systems.
Insider Threat Security Reference Architecture
Joji Montelibano & Andrew P. Moore
This technical report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat to organizations from its own insiders. The ITSRA draws from existing best practices and standards as well as from analysis of real insider threat cases to provide actionable guidance for organizations to improve their posture against the insider threat.
For the latest SEI technical reports and papers, please visit