Software Engineering Institute

(Redirected from CERT (organisation))

Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University.[1][2] The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.

Software Engineering Institute
EstablishedNovember 14, 1984 (1984-11-14)
Research typeMultiprogram
BudgetUS$584 million for 2011–2015
Field of research
Software engineering
DirectorPaul D. Nielsen
Staff700
Address4500 Fifth Avenue
LocationPittsburgh, Pennsylvania, United States
40°26′48″N 79°57′00″W / 40.4466°N 79.9500°W / 40.4466; -79.9500
15213
Affiliations
Operating agency
Carnegie Mellon University
Websitesei.cmu.edu
Map
Software Engineering Institute is located in Pittsburgh
Software Engineering Institute
Location in Pittsburgh

Authority

edit

The Carnegie Mellon Software Engineering Institute is a federally funded research and development center headquartered on the campus of Carnegie Mellon University in Pittsburgh, Pennsylvania, United States. The SEI also has offices in Washington, DC; Arlington County, Virginia; and Los Angeles, California. The SEI operates with major funding from the U.S. Department of Defense. The SEI also works with industry and academia through research collaborations.[1]

On November 14, 1984, the U.S. Department of Defense elected Carnegie Mellon University as the host site of the Software Engineering Institute.[1] The institute was founded with an initial allocation of $6 million, with another $97 million to be allocated in the subsequent five years. The SEI's contract with the Department of Defense is subject to review and renewal every five years.

SEI focuses on several technical directions: software engineering, cybersecurity, assurance, and DoD critical component capabilities.[3]

Areas of work

edit

The SEI defines specific initiatives aimed at improving organizations' software engineering capabilities.

Management practices

edit

Organizations need to effectively manage the acquisition, development, and evolution (ADE) of software-intensive systems. Success in software engineering management practices helps organizations predict and control quality, schedule, cost, cycle time, and productivity. The best-known example of SEI in management practices is the SEI's Capability Maturity Model (CMM) for Software (now Capability Maturity Model Integration (CMMI)). The CMMI approach consists of models, appraisal methods, and training courses that have been proven to improve process performance. In 2006, Version 1.2 of the CMMI Product Suite included the release of CMMI for Development. CMMI for Development was the first of three constellations defined in Version 1.2: the others include CMMI for Acquisition and CMMI for Services. The CMMI for Services constellation was released in February 2009. Another management practice developed by CERT, which is part of the SEI, is the Resilience Management Model (CERT-RMM). The CERT-RMM is a capability model for operational resilience management. Version 1.0 of the Resilience Management Model was released in May 2010.

Engineering practices

edit

SEI work in engineering practices increases the ability of software engineers to analyze, predict, and control selected functional and non-functional properties of software systems. Key SEI tools and methods include the SEI Architecture Tradeoff Analysis Method (ATAM) method, the SEI Framework for Software Product Line Practice, and the SEI Service Migration and Reuse Technique (SMART).

Security

edit

The SEI is also the home of the CERT/CC (CERT Coordination Center), a federally funded computer security organization. The SEI CERT Program's primary goals are to ensure that appropriate technology and systems-management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures. The SEI CERT program is working with US-CERT to produce the Build Security In (BSI) website, which provides guidelines for building security into every phase of the software development lifecycle. The SEI has also conducted research on insider threats and computer forensics. Results of this research and other information now populate the CERT Virtual Training Environment.

Special programs

edit

SEI Partner Network

edit

The SEI Partner Network helps the SEI disseminate software engineering best practices. Organizations and individuals in the SEI Partner Network are selected, trained, and licensed by the SEI to deliver authentic SEI services, which include courses, consulting methods, and management processes. The network currently consists of nearly 250 partner organizations worldwide.

Conferences

edit

The SEI sponsors national and international conferences, workshops, and user-group meetings. Other events cover subjects including the acquisition of software-intensive systems, commercial off-the-shelf (COTS)-based systems, network security and survivability, software process research, software product lines, CMMI, and the SEI Team Software Process.

Education and training

edit
 
Main facility on Fifth Avenue in Pittsburgh.

SEI courses are currently offered at the SEI's locations in the United States and Europe. In addition, using licensed course materials, SEI Partners train individuals.

Membership program

edit

The SEI Membership Program helps the software engineering community to network. SEI Members include small business owners, software and systems programmers, CEOs, directors, and managers from both Fortune 500 companies and government organizations.[4]

Affiliate program

edit

Through the SEI Affiliate Program, organizations place technical experts with the SEI for periods ranging from 12 months to four years. Affiliates currently are working on projects with the SEI to identify, develop, and demonstrate improved software engineering practices.

Software Process Achievement award program

edit

In order to recognize outstanding achievements in improving an organization's ability to create and evolve software-dependent systems, the SEI and IEEE Computer Society created the Software Process Achievement Award program.[5] In addition to rewarding excellence, the purpose of this award is to foster continuous advancement in the practice of software engineering and to disseminate insights, experiences, and proven practices throughout the relevant research and practitioner communities.

Research and publications

edit

The SEI publishes reports that offer new technical information about software engineering topics, whether theoretical or applied. The SEI also publishes books on software engineering for industry, government and military applications and practices.

In addition, the SEI offers public courses, workshops, and conferences in process improvement, software architecture and product lines, and security.

Controversies

edit

On November 11, 2015, Roger Dingledine from the Tor Project accused[6] the Software Engineering Institute of aiding the Federal Bureau of Investigation in uncovering the identities of users of the Tor network. Later prosecution showed the hack was paid for by the Department of Defense and subpoenaed by the FBI.[7]

Focus of progressive protests

edit

SEI has been an occasional site of anti-war movement and peace movement protests,[8][9][10] many of which have been organized by Pittsburgh's Thomas Merton Center.

edit
 
The tunnel in SEI served as the entrance to Blackgate Prison in The Dark Knight Rises.

See also

edit

References

edit
  1. ^ a b c Linda Hutz Pesante (January 1, 2003). Anthony Ralston; Edwin D. Reilly (eds.). "Software engineering institute (SEI)". Encyclopedia of Computer Science. Chichester, West Sussex, UK: John Wiley and Sons Ltd.: 1611–1613. ISBN 978-0-470-86412-8. (1) The institute was competitively awarded to Carnegie Mellon in December 1984 by the US Department of Defense (DoD) to improve the state of the practice of software engineering. ... (2) the SEI moves mature solutions of proven value into widespread use; examples include the Capability Maturity Model (CMM) ... (3) bring engineering insight and management discipline to the practice of software engineering.  
  2. ^ "Master Government List of Federally Funded R&D Centers | NCSES | NSF". www.nsf.gov. Archived from the original on December 17, 2020. Retrieved March 8, 2023.
  3. ^ "2015 Year in Review" (PDF). Software Engineering Institute, Carnegie Mellon University. 2015. p. 4.
  4. ^ "Work With Us Page". Archived from the original on March 8, 2021. Retrieved March 26, 2018.
  5. ^ Software Process Award program Archived September 29, 2017, at the Wayback Machine.
  6. ^ "Did the FBI Pay a University to Attack Tor Users?". Archived from the original on March 8, 2021. Retrieved March 29, 2020.
  7. ^ "Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds". February 24, 2016. Archived from the original on March 28, 2019. Retrieved September 6, 2017.
  8. ^ "Democracy Now! | Carnegie Military University : How the Pentagon Funds Universities to Contribute to War". Democracy Now!. Archived from the original on September 4, 2020. Retrieved December 3, 2007.
  9. ^ "The Tartan Online : Pittsburgh walks for peace". Archived from the original on December 5, 2018. Retrieved December 3, 2007.
  10. ^ "1,200 demonstrate against Iraq War in Oakland". Pittsburgh Post-Gazette. March 24, 2007. Archived from the original on June 29, 2011. Retrieved December 3, 2007.

Further reading

edit
edit