By Douglas C. Schmidt
As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in information assurance and agile, the Team Software Process (TSP), CERT secure coding standards, resource allocation, fuzzing, cloud computing interoperability, and cloud computing at the tactical edge. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.
The topic of this paper is the natural tension between rapid fielding and response to change (characterized as agility) and DoD information assurance policy. The authors gathered information for the paper primarily by conducting interviews with several DoD project managers and information assurance representatives.
TSP Symposium 2012 Proceedings
By William Nichols, Álvaro Tasistro (Universidad ORT Uruguay), Diego Vallespir (Universidad de la República), João Pascoal Faria (University of Porto), Mushtaq Raza (University of Porto), Pedro C. Henriques (Strongstep – Innovation in Software Quality), César Duarte (Strongstep – Innovation in Software Quality), Elias Fallon (Cadence Design Systems, Inc.), Lee Gazlay (Cadence Design Systems, Inc.), Shigeru Kusakabe (Kyushu University), Yoichi Omori (Kyushu University), Keijiro Araki (Kyushu University), Fernanda Grazioli (Universidad de la República), Silvana Moreno (Universidad de la República)
The 2012 TSP Symposium was organized by the SEI and took place September 18 to 20 in St. Petersburg, FL. The goal of the TSP Symposium is to bring together practitioners and academics who share a common passion to change the world of software engineering for the better through disciplined practice. The conference theme was “Delivering Agility with Discipline.” This report contains the six papers selected by the TSP Symposium Technical Program Committee.
Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions
By Timothy Morrow, Robert C. Seacord, John K. Bergey, & Philip Miller
This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT C Secure Coding Standard.
Resource Allocation in Dynamic Environments
By Jeffrey Hansen, Scott Hissam, B. Craig Meyers, Gabriel Moreno, Daniel Plakosh, Joe Seibel, & Lutz Wrage
When warfighting missions are conducted in a dynamic environment, the allocation of resources needed for mission operation can change from moment to moment. This report addresses two challenges of resource allocation in dynamic environments: overstatement of resource needs and unpredictable network availability.
Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File
By Allen D. Householder
This report describes an algorithm that efficiently reverts bits from the fuzzed file to those found in the original seed file, keeping only the minimal bits required to recreate the crash under investigation.
The Role of Standards in Cloud-Computing Interoperability
By Grace Lewis
This report explores the role of standards in cloud-computing interoperability. It covers cloud-computing basics and standard-related efforts, discusses several use cases, and provides recommendations for cloud-computing adoption.
Cloud Computing at the Tactical Edge
By Grace Lewis
This technical note presents a strategy to overcome the challenges of obtaining sufficient computation power to run applications needed for warfighting and disaster relief missions. It discusses the use of cloudlets-- localized, stateless servers running one or more virtual machines--on which soldiers can offload resource-intensive computations from their handheld mobile devices.
For the latest SEI technical reports and papers, please visit