Submissions from 2013
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations, Matthew L. Collins, Derrick Spooner, Dawn Cappelli, Andrew P. Moore, and Randall F. Trzeciak
Quantifying Uncertainty in Expert Judgment: Initial Results, Dennis Goldenson and Robert W. Stoddard
Software Assurance Competency Model, Thomas B. Hilburn, Mark Ardis, Glen Johnson, Andrew J. Kornecki, and Nancy Mead
Application Virtualizaton as a Strategy for Cyber Foraging in Resource-Constrained Environments, Grace A. Lewis and Dominik Messinger
The MAL: A Malware Analysis Lexicon, David McIntire and David Mundie
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders, Andrew P. Moore, David McIntire, David Mundie, and David Zubrow
PSP-VDC: An Adaptation of the PSP that Incorporates Verified Design by Contract, Silvana Moreno, Álvaro Tasistro, Diego Vallespir, and William R. Nichols
Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources, George J. Silowash and Christopher King
Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders, George J. Silowash and Todd Lewellen
Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection, George J. Silowash, Todd Lewellen, Daniel L. Costa, and Todd B. Lewellen
Submissions from 2012
Risk-Based Measurement and Analysis: Application to Software Security, Christopher J. Alberts, Julia H. Allen, and Robert W. Stoddard
Mission Risk Diagnostic (MRD) Method Description, Christopher J. Alberts and Audrey J. Dorofee
Analyzing Cases of Resilience Success and Failure—A Research Study, Julia H. Allen, Pamela D. Curtis, Nader Mehravari, Andrew P. Moore, Kevin G. Partridge, Robert W. Stoddard, and Randall F. Trzeciak
Report from the First CERT-RMM Users Group Workshop Series, Julia H. Allen and Lisa Young
Results of SEI Line-Funded Exploratory New Starts Projects, Len Bass, Nanette Brown, Gene M. Cahill, William Casey, Sagar Chaki, Corey Cohen, Dionisio de Niz, David French, Arie Gurfinkel, Rick Kazman, Edwin J. Morris, Brad Myers, William R. Nichols, Robert Nord, Ipek Ozkaya, Raghvinder Sangwan, Soumya Simanta, Ofer Strichman, and Peppo Valetto
Competency Lifecycle Roadmap: Toward Performance Readiness, Sandra Behrens, Christopher J. Alberts, and Robin M. Ruefle
DoD Information Assurance and Agile: Challenges and Recommendations Gathered Through Interviews with Agile Program Managers and DoD Accreditation Reviewers, Stephany Bellomo and Carol C. Woody
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector, Adam Cummings, Todd Lewellen, David McIntire, Andrew P. Moore, and Randall F. Trzeciak
A Virtual Upgrade Validation Method for Software-Reliant Systems, Dionisio de Niz, Peter H. Feiler, and David Gluch
The Business Case for Systems Engineering Study: Assessing Project Performance from Sparse Data, Joseph P. Elm
The Business Case for Systems Engineering Study: Results of the Systems Engineering Effectiveness Survey, Joseph P. Elm and Dennis Goldenson
Reliability Improvement and Validation Framework, Peter H. Feiler, John Goodenough, Arie Gurfinkel, Charles B. Weinstock, and Lutz Wrage
What’s New in V2 of the Architecture Analysis & Design Language Standard?, Peter H. Feiler, Joe Seibel, and Lutz Wrage
Principles of Trust for Embedded Systems, David Fisher
SEPG Europe 2012 Conference Proceedings, Jose Maria Garcia, Javier Garcia-Guzman, Javier Garzas, Amit Arun Javadekar, Patrick Kirwan, Joaquin Lasheras, Fuensanta Medina-Dominguez, Erich Meier, Arturo Mora-Soto, Ana M. Moreno, Radouane Oudrhiri, Fabrizio Pellizzetti, Alejandro Ruiz-Robles, Maria-Isabel Sanchez-Segura, Prasad M. Shrasti, and Aman Kumar Singhal
Toward a Theory of Assurance Case Confidence, John Goodenough, Charles B. Weinstock, and Ari Z. Klein
Resource Allocation in Dynamic Environments, Jeffrey Hansen, Scott Hissam, B. Craig Meyers, Gabriel A. Moreno, Daniel Plakosh, Joe Seibel, and Lutz Wrage
Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File, Allen D. Householder
Probability-Based Parameter Selection for Black-Box Fuzz Testing, Allen D. Householder and Jonathan M. Foote
Spotlight On: Malicious Insiders and Organized Crime Activity, Christopher King
The Role of Standards in Cloud- Computing Interoperability, Grace A. Lewis
Insider Threat Security Reference Architecture, Joji Montelibano and Andrew P. Moore
A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders, Andrew P. Moore, Michael Hanley, and David Mundie
Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions, Timothy Morrow, Robert Seacord, John K. Bergey, and Philip Miller
TSP Symposium 2012 Proceedings, William R. Nichols, Álvaro Tasistro, Diego Vallespir, João Pascoal Faria, Mushtaq Raza, Pedro Castro Henriques, César Duarte, Elias Fallon, Lee Gazlay, Shigeru Kusakabe, Yoichi Omori, Keijiro Araki, Fernanda Grazioli, and Silvana Moreno
Interoperability in the e-Government Context, Marc Novakouski and Grace A. Lewis
Best Practices for Artifact Versioning in Service-Oriented Systems, Marc Novakouski, Grace A. Lewis, William B. Anderson, and Jeff Davenport
The Evolution of a Science Project: A Preliminary System Dynamics Model of a Recurring Software-Reliant Acquisition Behavior, William E. Novak, Andrew P. Moore, and Christopher J. Alberts
Source Code Analysis Laboratory (SCALe), Robert Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, and Jefferson Welch
Common Sense Guide to Mitigating Insider Threats, 4th Edition, George J. Silowash, Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy Shimeall, and Lori Flynn
Cloud Computing at the Tactical Edge, Soumya Simanta, Grace A. Lewis, Edwin J. Morris, Kiryong Ha, and Mahadev Satyanarayanan
Communication Among Incident Responders–A Study, Brett Tjaden and Robert Floodeen
Network Profiling Using Flow, Austin Whisnant and Sid Faber
Submissions from 2011
A Framework for Evaluating Common Operating Environments: Piloting, Lessons Learned, and Opportunities, Cecilia Albert and Steven Rosemergy
Measures for Managing Operational Resilience, Julia H. Allen and Pamela D. Curtis
Using Defined Processes as a Context for Resilience Measures, Julia H. Allen, Pamela D. Curtis, and Linda Parker Gates
Results of SEI Independent Research and Development Projects (FY 2010), William Anderson, Archie D. Andrews, Nanette Brown, Cory Cohen, Christopher Craig, Tim Daly, Dionisio De Niz, Andres Diaz-Pace, Peter H. Feiler, David Fisher, David Gluch, Jeffrey Hansen, Jorgen Hansson, John J. Hudak, Karthik Lakshmanan, Richard C. Linger, Howard F. Lipson, Gabriel A. Moreno, Edwin J. Morris, Onur Mutlu, Robert Nord, Ipek Ozkaya, Daniel Plakosh, Mark G. Pleszkoch, Raj Rajkumar, Joe Seibel, Soumya Simanta, Charles B. Weinstock, and Lutz Wrage
Trusted Computing in Embedded Systems Workshop, Archie D. Andrews Jr. and Jonathan M. McCune
A Closer Look at 804: A Summary of Considerations for DoD Program Managers, Stephany Bellomo
Architecting Service-Oriented Systems, Philip Bianco, Grace A. Lewis, Paulo Merson, and Soumya Simanta
An Acquisition Perspective on Product Evaluation, Grady Campbell and Harry Levinson
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, Sagar Chaki, Rita C. Creel, Jeff Davenport, Mike Kinney, Benjamin McCormick, and Mary Popeck
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, 2011 Update, Sagar Chaki, Rita C. Creel, Jeff Davenport, Mike Kinney, and Mary Popeck
Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), Robert W. Ferguson, Dennis Goldenson, James M. McCurley, Robert W. Stoddard, David Zubrow, and Debra Anderson
Trust and Trusted Computing Platforms, David Fisher, Jonathan M. McClune, and Archie D. Andrews Jr.
A Decision Framework for Selecting Licensing Rights for Noncommercial Computer Software in the DoD Environment, Charlene Gross
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0, John Haller, Samuel A. Merrell, Matthew J. Butkovic, and Bradford J. Willke
An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases, Michael Hanley, Tyler Dean, Will Schroeder, Matt Houy, Randall F. Trzeciak, and Juan Montelibano
Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination, Michael Hanley and Joji Montelibano
Network Monitoring for Web-Based Threats, Matthew Heckathorn
An Investigation of Techniques for Detecting Data Anomalies in Earned Value Management Data, Mark Kasunic, James McCurley, Dennis Goldenson, and David Zubrow
Issues and Opportunities for Improving the Quality and Use of Data in the Department of Defense, Mark Kasunic, David Zubrow, and Erin A. Harper
IEEE Computer Society/Software Engineering Institute Software Process Achievement (SPA) Award 2009, Satyendra Kumar and Ramakrishnan M
Agile Methods: Selected DoD Management and Acquisition Concerns, Mary Ann Lapham, Suzanne Garcia-Miller, Lorraine Nemeth-Adams, Nanette Brown, Bart L. Hackemack, Charles (Bud) Hammons, Linda Levine, and Alfred R. Schenker
Proceedings of the Fourth International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems (MESOA 2010), Grace A. Lewis, Dennis B. Smith, and Kostas Kontogiannis
Function Extraction (FX) Research for Computation of Software Behavior: 2010 Development and Application of Semantic Reduction Theorems for Behavior Analysis, Richard C. Linger, Tim Daly, and Mark G. Pleszkoch
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi, Nancy R. Mead, Julia H. Allen, Mark Ardis, Thomas B. Hilburn, Andrew J. Kornecki, and Richard C. Linger
Software Assurance Curriculum Project Volume IV: Community College Education, Nancy R. Mead, Elizabeth K. Hawthorne, and Mark A. Ardis
A Preliminary Model of Insider Theft of Intellectual Property, Andrew P. Moore, Dawn Cappelli, Thomas C. Caron, Eric D. Shaw, Derrick Spooner, and Randall F. Trzeciak
Understanding and Leveraging a Supplier’s CMMI® Efforts: A Guidebook for Acquirers (Revised for V1.3), Lawrence T. Osiecki, D. Michael Phillips, and John Scibilia
CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1, Kevin G. Partridge and Lisa Young
CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1, Kevin G. Partridge and Lisa Young
CMMI for Acquisition (CMMI-ACQ) Primer, Version 1.3, Mike Phillips
CERT® Resilience Management Model Capability Appraisal Method (CAM) Version 1.1, Resilient Enterprise Management Team, CERT Program, Carnegie Mellon University
Appraisal Requirements for CMMI® Version 1.3 (ARC, V1.3), SCAMPI Upgrade Team
Standard CMMI Appraisal Method for Process Improvement (SCAMPI) A, Version 1.3: Method Definition Document, SCAMPI Upgrade Team
Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems, Dan Shoemaker, Nancy R. Mead, and Jeff Ingalsbe
Smart Grid Maturity Model, Version 1.2: Model Definition, The SGMM Team
Submissions from 2010
Integrated Measurement and Analysis Framework for Software Security, Christopher J. Alberts, Julia H. Allen, and Robert W. Stoddard
Risk Management Framework, Christopher J. Alberts and Audrey J. Dorofee
Measuring Operational Resilience Using the CERT Resilience Management Model, Julia H. Allen and Noopur Davis
Software Product Lines: Report of the 2010 U.S. Army Software Product Line Workshop, John K. Bergey, Gary J. Chastek, Sholom Cohen, Patrick Donohoe, Lawrence G. Jones, and Linda Northrop
Adapting the SQUARE Process for Privacy Requirements Engineering, Ashwini Bijwe and Nancy R. Mead
Evaluating the Software Design of a Complex System of Systems, Stephen Blanchette Jr., Steven Crossen, and Barry Boehm
A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project, Lisa Brownsword, Carol C. Woody, Christopher J. Alberts, and Andrew P. Moore
Specifications for Managed Strings, Second Edition, Hal Burch, Fred Long, Raunak Rungta, Robert C. Seacord, and David Svoboda
CERT® Resilience Management Model, Version 1.0, Richard Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, and Lisa R. Young
Extending Team Software Process (TSP) to Systems Engineering: A NAVAIR Experience Report, Anita Carleton, James W. Over, Jeff Schwalb, Delwyn Kellogg, and Timothy A. Chick
COVERT: A Framework for Finding Buffer Overflows in C Programs via Software Verification, Sagar Chaki and Arie Gurfinkel
Team Software Process (TSP) Coach Mentoring Program Guidebook Version 1.1, Timothy A. Chick, Robert Cannon, James McHale, William R. Nichols, Marsha Pomeroy-Huff, Jefferson Welch, and Alan Willett
Security Requirements Reusability and the SQUARE Methodology, Travis Christian and Nancy R. Mead
Relating Business Goals to Architecturally Significant Requirements for Software Systems, Paul Clements and Len Bass
CMMI for Acquisition, Version 1.3, CMMI Product Team
CMMI for Development, Version 1.3, CMMI Product Team
CMMI for Services, Version 1.3, CMMI Product Team
Data Rights for Proprietary Software Used in DoD Programs, Julie Cohen, Bonnie Troup, and Henry Ouyang
Managing Variation in Services in a Software Product Line Context, Sholom Cohen and Robert Krut
As-If Infinitely Ranged Integer Model, Second Edition, Roger Dannenberg, Will Dormann, David Keaton, Thomas Plum, Robert Seacord, David Svoboda, Alex Volkovitsky, and Timothy Wilson
Software Supply Chain Risk Management: From Products to Systems of Systems, Robert J. Ellison, Christopher J. Alberts, Rita C. Creel, Audrey J. Dorofee, and Carol C. Woody
Evaluating and Mitigating Software Supply Chain Security Risks, Robert J. Ellison, John Goodenough, Charles B. Weinstock, and Carol C. Woody