Software Engineering Institute (SEI) Podcast Series

Organizations "are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the organizations' decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services." In this podcast, Edna Conway, Chief Security Officer, Global Value Chain and Cisco, and John Haller, a member of the CERT Cyber Assurance team, discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. Listen on Apple Podcasts.

Intelligence preparation for Operational Resilience (IPOR) is a structured framework that decision makers can use to: •identify intelligence needs •consume the information received by intelligence sources •make informed decisions about the organization and courses of action In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Listen on Apple Podcasts.

In the past decade, the U.S. Air Force has built up great capability with the Distributed Common Ground System (AF DCGS), the Air Force's primary weapon system for intelligence, surveillance, reconnaissance, planning, direction, collection, processing, exploitation, analysis, and dissemination. AF DCGS employs a global communications architecture that connects multiple intelligence platforms and sensors. In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability. Listen on Apple Podcasts.

Threat modeling, which has been popularized by Microsoft in the last decade, provides vulnerability analysts a means to analyze a system and identify various attack surfaces and use that knowledge to bolster a system against vulnerabilities. In this podcast, Art Manion and Allen Householder of CERT's vulnerability analysis team, talk about threat modeling and its use in improving security of the Internet of Things. Listen on Apple Podcasts.

Due to advances in hardware and software technologies, Department of Defense (DoD) systems today are highly capable and complex. However, they also face increasing scale, computation, and security challenges. Compounding these challenges, DoD systems were historically designed using stove-piped architectures that lock the government into a small number of system integrators, each devising proprietary point solutions that are expensive to develop and sustain over the lifecycle. Although these stove-piped solutions have been problematic (and unsustainable) for years, the budget cuts occurring under sequestration are motivating the DoD to reinvigorate its focus on identifying alternative means to drive down costs, create more affordable acquisition choices, and improve acquisition program performance. A promising approach to meet these goals is open systems architecture (OSA). In this podcast, Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large monolithic business and technical architectures into manageable and modular solutions that can integrate innovation more rapidly and lower total ownership costs. Listen on Apple Podcasts.

The Department of Defense (DoD) must focus on sustaining legacy weapons systems that are no longer in production, but are expected to remain a key component of our defense capability for decades to come. Despite the fact that these legacy systems are no longer in the acquisition phase, software upgrade cycles are needed to refresh their capabilities every 18 to 24 months. In addition, significant modernization can often be made by more extensive, focused software upgrades with relatively modest hardware changes. In this podcast, Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across its software engineering centers. These examples are tied to SEI research on capability maturity models, agility, and the Architecture Analysis and Design Language (AADL) modeling notation. Listen on Apple Podcasts.

Safety-critical systems are becoming extremely software-reliant. Software complexity can increase total acquisition costs as much as 16 percent. The Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project aims to identify and remove complexity in software models. At the same time, safety-critical development is shifting from traditional programming (e.g., Ada, C) to modeling languages (e.g., Simulink, SCADE). In this podcast, Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models. Listen on Apple Podcasts.

We know from existing SEI work on attribute-driven design, Quality Attribute Workshops, and the Architecture Tradeoff Analysis Method that a focus on quality attributes prevents costly rework. Such a long-term perspective, however, can be hard to maintain in a high-tempo, agile delivery model, which is why the SEI continues to recommend an architecture-centric engineering approach, regardless of the software methodology chosen. As part of our work in value-driven incremental delivery, we conducted exploratory interviews with teams in these high-tempo environments to characterize how they managed architectural quality attribute requirements (QARs). These requirements—such as performance, security, and availability—have a profound impact on system architecture and design, yet are often hard to divide, or slice, into the iteration-sized user stories common to iterative and incremental development. This difficulty typically exists because some attributes, such as performance, touch multiple parts of the system. In this podcast, Neil Ernst discusses research on slicing (refining) performance in two production software systems and ratcheting (periodic increase of a specific response measure) of scenario components to allocate QAR work. Listen on Apple Podcasts.

Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When researchers on the CERT Secure Coding Team began writing the SEI CERT Oracle Coding Standard for Java, they thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because Java was designed with security in mind. They also assumed that a more secure language would need fewer rules than a less secure one. However, Java has 168 coding rules compared to just 116 for C. Why? Are there problems with our C or Java rules, or are Java programs, on average, just as susceptible to vulnerabilities as C programs? In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C. Listen on Apple Podcasts.

In our studies of many large-scale software systems, we have observed that defective files seldom exist alone. They are usually architecturally connected, and their architectural structures exhibit significant design flaws that propagate bugginess among files. We call these flawed structures the architecture roots, a type of technical debt that incurs high maintenance penalties. Removing the architecture roots of bugginess requires refactoring, but the benefits of refactoring have historically been difficult for architects to quantify or justify. In this podcast, Rick Kazman and Carol Woody discuss an approach to model and analyze software architecture as a set of design rule spaces). Using data extracted from the project's development artifacts, this approach identifies the files implicated in architecture flaws and suggest refactorings based on removing these flaws. Listen on Apple Podcasts.