Software Engineering Institute (SEI) Podcast Series

In this podcast, Peter Feiler discusses a case study that demonstrates how an analytical architecture fault-modeling approach can be combined with confidence arguments to diagnose a time-sensitive design error in a control system and to provide evidence that proposed changes to the system address the problem. The analytical approach, based on the SAE Architecture Analysis and Design Language for its well-defined timing and fault-behavior semantics, demonstrates that such hard-to-test errors can be discovered and corrected early in the lifecycle, thereby reducing rework cost. The case study shows that by combining the analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately—increasing our confidence in the system quality. The case study analyzes an aircraft engine control system that manages fuel flow with a stepper motor. The original design was developed and verified in a commercial model-based development environment without discovering the potential for missed step commanding. During system tests, actual fuel flow did not correspond to the desired fuel flow under certain circumstances. The problem was traced to missed execution of commanded steps due to variation in execution time. Listen on Apple Podcasts.

A surprisingly large number of different types of testing exist and are used during the development and operation of software-reliant systems. While most testers, test managers, and other testing stakeholders are quite knowledgeable about a relatively small number of testing types, many people know very little about most of them and are unaware that others even exist. Understanding these different types of testing is important because different types of testing tend to uncover different types of defects and multiple testing types are needed to achieve sufficiently low levels of residual defects. Although not all of these testing types are relevant on all projects, a complete taxonomy can be used to help discover the ones that are appropriate and ensure that no relevant types of testing are accidentally overlooked. Such a taxonomy can also be useful as a way to organize and prioritize one's study of testing. In this podcast, Donald Firesmith introduces the taxonomy of testing types he created to help testers and testing stakeholders select the appropriate types of testing for their specific needs. Listen on Apple Podcasts.

Systems are increasingly software-reliant and interconnected, making design, analysis and evaluation harder than in the past. While new capabilities are welcome, they require more thorough validation. Complexity could mean that design flaws or defects could lead to hazardous conditions that are undiscovered and unresolved. In this podcast, Dr. Sarah Sheard discusses a two-year research project to investigate the nature of complexity, how it manifests in software-reliant systems, such as avionics, how to measure it, and how to tell when too much complexity might lead to safety and certifiability problems. Listen on Apple Podcasts.

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems. Listen on Apple Podcasts.

For several years, the Software Engineering Institute has researched the viability of Agile software development methods within Department of Defense programs and barriers to the adoption of those methods. In this podcast, SEI researcher Eileen Wrubel discusses how software sustainers leverage Agile methods and avoid barriers to using Agile methods. Listen on Apple Podcasts.

Most software systems have some "defects" that are identified by users. Some of these are truly defects in that the requirements were not properly implemented; some are caused by changes made to other systems; still others are requests for enhancement – improvements that would improve the users' experience. These "defects" are generally stored in a database and are worked off in a series of incrementally delivered updates. For most systems, it is not financially feasible to fix all of the concerns in the near term, and indeed some issues may never be addressed. The government program office has an obligation to choose wisely among a set of competing defects to be implemented, especially in a financially constrained environment. In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining releases. Listen on Apple Podcasts.

As the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, Dr. Anind Dey, director of the Human Computer Interaction Institute (HCII) at CMU, and Dr. Jeff Boleng, principal researcher at the SEI, introduce context-aware computing and discuss a collaboration to help dismounted soldiers using context derived from sensors on them and their mobile devices, to ensure that they have the information and sensor support they need to optimize their mission performance. Listen on Apple Podcasts.

As the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, the first in a two-part series, Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore other issues related to sensor-fueled data in the internet of things. Listen on Apple Podcasts.

Software vulnerabilities are defects or weaknesses in a software system that, if exploited, can lead to compromise of the control of a system or the information it contains. The problem of vulnerabilities in fielded software is pervasive and serious. In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division and determined that a large number of significant and pernicious software vulnerabilities likely had their origins early in the software development lifecycle in the requirements and design phases.In this podcast, SEI researchers Mike Konrad and Art Mansion discuss a project that was launched to investigate design-related vulnerabilities and quantify their effects. Listen on Apple Podcasts.

In this episode, the 12th and final podcast in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the 12th principle: at regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly. Listen on Apple Podcasts.