Beginning November 10, defense contracts may require assessments under the CMMC program, which the SEI co-created, but implementation will be phased.

This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.

CERT Division at Carnegie Mellon University's Software Engineering Institute. He has supported national security efforts for over 10 years in civilian, military, and contractor roles. Before joining ...

Speakers at a September 4 event reflected on four decades of innovation in software, cybersecurity, and AI for defense—and what’s to come.

This book provides the most complete and current guidance on how to capture a software architecture in a commonly understandable form. Software architecture—the conceptual glue that holds every phase ...

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...

McGregor, J., and Cohen, S., 2022: Modeling Languages for Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's ...

Groce, P., 2021: Remote Work: Vulnerabilities and Threats to the Enterprise. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Software is vital to our country’s global competitiveness, innovation, and national security. It also ensures our modern standard of living and enables continued advances in defense, infrastructure, ...

Palat, J., 2022: A Hitchhiker’s Guide to ML Training Infrastructure. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Nichols, B., 2021: The Current State of DevSecOps Metrics. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 13, 2025 ...