Software Engineering Institute

Software Engineering Institute
Established	November 14, 1984
Research type	Multiprogram
Budget	US$584 million for 2011–2015
Field of research	Software engineering
Director	Paul D. Nielsen
Staff	700
Address	4500 Fifth Avenue
Location	Pittsburgh, Pennsylvania, United States ; 40°26′48″N79°57′00″W / 40.4466°N 79.9500°W Coordinates: 40°26′48″N79°57′00″W / 40.4466°N 79.9500°W
ZIP code	15213
Affiliations	Department of Defense ; Office of the Under Secretary of Defense for Research and Engineering ;
Operating agency	Carnegie Mellon University
Website	sei.cmu.edu
Map
	Location in Pittsburgh

Last updated March 09, 2023

Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University.^[1] The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.^[2]

Authority

The Carnegie Mellon Software Engineering Institute is a federally funded research and development center headquartered on the campus of Carnegie Mellon University in Pittsburgh, Pennsylvania, United States. The SEI also has offices in Washington, DC; Arlington County, Virginia; and Los Angeles, California. The SEI operates with major funding from the U.S. Department of Defense. The SEI also works with industry and academia through research collaborations.^[2]^{[ citation needed ]}

On November 14, 1984, the U.S. Department of Defense elected Carnegie Mellon University as the host site of the Software Engineering Institute.^[3] The institute was founded with an initial allocation of $6 million, with another $97 million to be allocated in the subsequent five years. The SEI's contract with the Department of Defense is subject to review and renewal every five years.

The SEI program of work is conducted in several principal areas: cybersecurity, software assurance, software engineering and acquisition, DevOps, and component capabilities critical to the Department of Defense.^[4]

Areas of work

The SEI defines specific initiatives aimed at improving organizations' software engineering capabilities.

Management practices

Organizations need to effectively manage the acquisition, development, and evolution (ADE) of software-intensive systems. Success in software engineering management practices helps organizations predict and control quality, schedule, cost, cycle time, and productivity. The best-known example of SEI in management practices is the SEI's Capability Maturity Model (CMM) for Software (now Capability Maturity Model Integration (CMMI)). The CMMI approach consists of models, appraisal methods, and training courses that have been proven to improve process performance. In 2006, Version 1.2 of the CMMI Product Suite included the release of CMMI for Development. CMMI for Development was the first of three constellations defined in Version 1.2: the others include CMMI for Acquisition and CMMI for Services. The CMMI for Services constellation was released in February 2009. Another management practice developed by CERT, which is part of the SEI, is the Resilience Management Model (CERT-RMM). The CERT-RMM is a capability model for operational resilience management. Version 1.0 of the Resilience Management Model was released in May 2010.

Engineering practices

SEI work in engineering practices increases the ability of software engineers to analyze, predict, and control selected functional and non-functional properties of software systems. Key SEI tools and methods include the SEI Architecture Tradeoff Analysis Method (ATAM) method, the SEI Framework for Software Product Line Practice, and the SEI Service Migration and Reuse Technique (SMART).

Security

The SEI is also the home of the CERT/CC (CERT Coordination Center), a federally funded computer security organization. The SEI CERT Program's primary goals are to ensure that appropriate technology and systems-management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures. The SEI CERT program is working with US-CERT to produce the Build Security In (BSI) website, which provides guidelines for building security into every phase of the software development lifecycle. The SEI has also conducted research on insider threats and computer forensics. Results of this research and other information now populate the CERT Virtual Training Environment.

Special programs

SEI Partner Network

The SEI Partner Network helps the SEI disseminate software engineering best practices. Organizations and individuals in the SEI Partner Network are selected, trained, and licensed by the SEI to deliver authentic SEI services, which include courses, consulting methods, and management processes. The network currently consists of nearly 250 partner organizations worldwide.

Conferences

The SEI sponsors national and international conferences, workshops, and user-group meetings. Other events cover subjects including acquisition of software-intensive systems, commercial off-the-shelf (COTS)-based systems, network security and survivability, software process research, software product lines, CMMI, and the SEI Team Software Process.

Education and training

SEI courses are currently offered at the SEI's locations in the United States and Europe. In addition, using licensed course materials, SEI Partners train individuals.

Membership program

The SEI Membership Program helps the software engineering community to network. SEI Members include small business owners, software and systems programmers, CEOs, directors, and managers from both Fortune 500 companies and government organizations^[5]

Affiliate program

Through the SEI Affiliate Program, organizations place technical experts with the SEI for periods ranging from 12 months to four years. Affiliates currently are working on projects with the SEI to identify, develop, and demonstrate improved software engineering practices.

Software Process Achievement award program

In order to recognize outstanding achievement in improving an organization's ability to create and evolve software-dependent systems, the SEI and IEEE Computer Society created the Software Process Achievement Award program.^[6] In addition to rewarding excellence, the purpose of this award is to foster continuous advancement in the practice of software engineering and to disseminate insights, experiences, and proven practices throughout the relevant research and practitioner communities.

Research and publications

The SEI publishes reports that offer new technical information about software engineering topics, whether theoretical or applied. The SEI also publishes books on software engineering for industry, government and military applications and practices.

In addition, the SEI offers public courses, workshops, and conferences in process improvement, software architecture and product lines, and security.

Controversies

On November 11, 2015, the head of the Tor Project accused^[7] the Software Engineering Institute of aiding Federal Bureau of Investigation in uncovering the identities of users of the Tor network. Later prosecution showed the hack was paid for by the Department of Defense and subpoena by the FBI.^[8]

Focus of progressive protests

SEI has been an occasional site of anti-war movement and peace movement protests,^[9]^[10]^[11] many of which have been organized by Pittsburgh's Thomas Merton Center.

References in popular culture

SEI served as the Blackgate Prison in the 2012 film The Dark Knight Rises .

Related Research Articles

The Capability Maturity Model (CMM) is a development model created in 1986 after a study of data collected from organizations that contracted with the U.S. Department of Defense, who funded the research. The term "maturity" relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes.

Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania. The institution was originally established in 1900 by Andrew Carnegie as the Carnegie Technical Schools. In 1912, it became the Carnegie Institute of Technology and began granting four-year degrees. In 1967, it became the current-day Carnegie Mellon University through its merger with the Mellon Institute of Industrial Research, founded in 1913 by Andrew Mellon and Richard B. Mellon and formerly a part of the University of Pittsburgh.

Watts S. Humphrey was an American pioneer in software engineering who was called the "father of software quality."

The Personal Software Process (PSP) is a structured software development process that is designed to help software engineers better understand and improve their performance by bringing discipline to the way they develop software and tracking their predicted and actual development of the code. It clearly shows developers how to manage the quality of their products, how to make a sound plan, and how to make commitments. It also offers them the data to justify their plans. They can evaluate their work and suggest improvement direction by analyzing and reviewing development time, defects, and size data. The PSP was created by Watts Humphrey to apply the underlying principles of the Software Engineering Institute's (SEI) Capability Maturity Model (CMM) to the software development practices of a single developer. It claims to give software engineers the process skills necessary to work on a team software process (TSP) team.

Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U.S. Government contracts, especially in software development. CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization. CMMI defines the following maturity levels for processes: Initial, Managed, Defined, Quantitatively Managed, and Optimizing. Version 2.0 was published in 2018. CMMI is registered in the U.S. Patent and Trademark Office by CMU.

Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of quality management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.

Carnegie Mellon Silicon Valley is a degree-granting branch campus of Carnegie Mellon University located in the heart of Silicon Valley in Mountain View, California. It was established in 2002 at the NASA Ames Research Center in Moffett Field.

Richard Turner is a distinguished service professor in the School of Systems and Enterprises of Stevens Institute of Technology in Hoboken, New Jersey.

Software assurance (SwA) is defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner."

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with business and government to improve security of software and the internet as a whole.

Carnegie Mellon University in Australia is the Australian campus of Carnegie Mellon University's H. John Heinz III College established in 2006 in the city centre of Adelaide, South Australia.

Robert C. Seacord is an American computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.

The Information Networking Institute (INI) was established by Carnegie Mellon in 1989 as the nation's first research and education center devoted to information networking.

Ultra-large-scale system (ULSS) is a term used in fields including Computer Science, Software Engineering and Systems Engineering to refer to software intensive systems with unprecedented amounts of hardware, lines of source code, numbers of users, and volumes of data. The scale of these systems gives rise to many problems: they will be developed and used by many stakeholders across multiple organizations, often with conflicting purposes and needs; they will be constructed from heterogeneous parts with complex dependencies and emergent properties; they will be continuously evolving; and software, hardware and human failures will be the norm, not the exception. The term 'ultra-large-scale system' was introduced by Northrop and others to describe challenges facing the United States Department of Defense. The term has subsequently been used to discuss challenges in many areas, including the computerization of financial markets. The term 'ultra-large-scale system' (ULSS) is sometimes used interchangeably with the term 'large-scale complex IT system' (LSCITS). These two terms were introduced at similar times to describe similar problems, the former being coined in the USA and the latter in the UK.

<span class="mw-page-title-main">Roger R. Bate</span> American academic and United States Air Force general

Roger Redmond Bate was a brigadier general, Rhodes Scholar, professor, and scientist who has held a variety of positions with the Air Force, Texas Instruments, and the Software Engineering Institute at Carnegie Mellon University.

An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

Bill Curtis is a software engineer best known for leading the development of the Capability Maturity Model and the People CMM in the Software Engineering Institute at Carnegie Mellon University, and for championing the spread of software process improvement and software measurement globally. In 2007 he was elected a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to software process improvement and measurement. He was named to the 2022 class of ACM Fellows, "for contributions to software process, software measurement, and human factors in software engineering".

The Cyber Resilience Review (CRR) is an assessment method developed by the United States Department of Homeland Security (DHS). It is a voluntary examination of operational resilience and cyber security practices offered at no cost by DHS to the operators of critical infrastructure and state, local, tribal, and territorial governments. The CRR has a service-oriented approach, meaning that one of the foundational principles of the CRR is that an organization deploys its assets to support specific operational missions. The CRR is offered in a facilitated workshop format and as a self-assessment package. The workshop version of the CRR is led by a DHS facilitator at a critical infrastructure facility. The workshop typically takes 6–8 hours to complete and draws on a cross section of personnel from the critical infrastructure organization. All information collected in a facilitated CRR is protected from disclosure by the Protected Critical Infrastructure Information Act of 2002. This information cannot be disclosed through a Freedom of Information Act request, used in civil litigation, or be used for regulatory purposes. The CRR Self-Assessment Package allows an organization to conduct an assessment without the need for direct DHS assistance. It is available for download from the DHS Critical Infrastructure Cyber Community Voluntary Program website. The package includes an automated data answer capture and report generation tool, a facilitation guide, comprehensive explanation of each question, and a crosswalk of CRR practices to the criteria of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The questions asked in the CRR and the resulting report are the same in both versions of the assessment. DHS partnered with the CERT Division of the Software Engineering Institute at Carnegie Mellon University to design and deploy the CRR. The goals and practices found in the assessment are derived from the CERT Resilience Management Model (CERT-RMM) Version 1.0. The CRR was introduced in 2009 and received a significant revision in 2014.

<span class="mw-page-title-main">Larry Druffel</span>

Larry E. Druffel is an American engineer, Director Emeritus and visiting scientist at the Software Engineering Institute (SEI) at Carnegie Mellon University. He has published over 40 professional papers/reports and authored a textbook. He is best known for leadership in: (1) bringing engineering discipline and supporting technology to software design and development, and (2) addressing network and software security risks.

The External Dependencies Management Assessment is a voluntary, in-person, facilitated assessment created by the United States Department of Homeland Security. The EDM Assessment is intended for the owners and operators of critical infrastructure organizations in the United States. It measures and reports on the ability of the subject organization to manage external dependencies as they relate to the supply and operation of information and communications technology (ICT). This area of risk management is also sometimes called Third Party Risk Management or Supply Chain Risk Management.

References

↑ "Master Government List of Federally Funded R&D Centers | NCSES | NSF". www.nsf.gov. Archived from the original on December 17, 2020. Retrieved March 8, 2023.
1 2 Rosenblatt (July 7, 2020). "CMU's Software Engineering Institute awarded $2.7 billion Department of Defense contract". Pittsburgh Post-Gazette. Archived from the original on October 19, 2021. Retrieved October 19, 2021.
↑ O'Toole, James. "CMU Wins Software War." Pittsburgh Post Gazette, November 15, 1984. https://news.google.com/newspapers?id=RYRIAAAAIBAJ&sjid=mm4DAAAAIBAJ&pg=4978%2C3800166 Archived March 12, 2016, at the Wayback Machine
↑ "Our Work | Software Engineering Institute". Archived from the original on September 16, 2017. Retrieved February 14, 2016.
↑ "Work With Us Page". Archived from the original on March 8, 2021. Retrieved March 26, 2018.
↑ Software Process Award program Archived September 29, 2017, at the Wayback Machine .
↑ "Did the FBI Pay a University to Attack Tor Users?". Archived from the original on March 8, 2021. Retrieved March 29, 2020.
↑ "Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds". Archived from the original on March 28, 2019. Retrieved September 6, 2017.
↑ "Democracy Now! | Carnegie Military University : How the Pentagon Funds Universities to Contribute to War". Democracy Now! . Archived from the original on September 4, 2020. Retrieved December 3, 2007.
↑ "The Tartan Online : Pittsburgh walks for peace". Archived from the original on December 5, 2018. Retrieved December 3, 2007.
↑ "1,200 demonstrate against Iraq War in Oakland". Pittsburgh Post-Gazette. March 24, 2007. Archived from the original on June 29, 2011. Retrieved December 3, 2007.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Master Government List of Federally Funded R&D Centers | NCSES | NSF". www.nsf.gov. Archived from the original on December 17, 2020. Retrieved March 8, 2023.

[DoDFunding-2] 1 2 Rosenblatt (July 7, 2020). "CMU's Software Engineering Institute awarded $2.7 billion Department of Defense contract". Pittsburgh Post-Gazette. Archived from the original on October 19, 2021. Retrieved October 19, 2021.

[3] O'Toole, James. "CMU Wins Software War." Pittsburgh Post Gazette, November 15, 1984. https://news.google.com/newspapers?id=RYRIAAAAIBAJ&sjid=mm4DAAAAIBAJ&pg=4978%2C3800166 Archived March 12, 2016, at the Wayback Machine

[4] "Our Work | Software Engineering Institute". Archived from the original on September 16, 2017. Retrieved February 14, 2016.

[5] "Work With Us Page". Archived from the original on March 8, 2021. Retrieved March 26, 2018.

[6] Software Process Award program Archived September 29, 2017, at the Wayback Machine .

[7] "Did the FBI Pay a University to Attack Tor Users?". Archived from the original on March 8, 2021. Retrieved March 29, 2020.

[8] "Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds". Archived from the original on March 28, 2019. Retrieved September 6, 2017.

[9] "Democracy Now! | Carnegie Military University : How the Pentagon Funds Universities to Contribute to War". Democracy Now! . Archived from the original on September 4, 2020. Retrieved December 3, 2007.

[10] "The Tartan Online : Pittsburgh walks for peace". Archived from the original on December 5, 2018. Retrieved December 3, 2007.

[11] "1,200 demonstrate against Iraq War in Oakland". Pittsburgh Post-Gazette. March 24, 2007. Archived from the original on June 29, 2011. Retrieved December 3, 2007.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

v t e Carnegie Mellon University
Academics	College of Engineering College of Fine Arts Dietrich College of Humanities and Social Sciences H. John Heinz III College of Information Systems and Public Policy Mellon College of Science School of Computer Science Tepper School of Business Margaret Morrison Carnegie College (defunct)
Branch campuses	Australia Qatar Rwanda Silicon Valley
Student life	Traditions Greek Life Scotch'n'Soda Theatre Miller ICA The Tartan WRCT University Athletic Association Alma Mater
Research	Pittsburgh Supercomputing Center Software Engineering Institute Robotics Institute Human Computer Interaction Institute Hunt Institute for Botanical Documentation Computational Biology Department Language Technologies Institute Pittsburgh Life Sciences Greenhouse Carnegie School
People	Andrew Carnegie Mellon family Alumni and faculty
Projects and legacies	Alice Andrew Project BLISS CMMI Mach 3M computer Center for PostNatural History Conflict Kitchen Robot Hall of Fame Waffle Shop: A Reality Show YinzCam

Authority control
General	ISNI VIAF WorldCat
National libraries	Germany Israel United States Australia