Software Engineering Institute

SEI researchers developed the Security Engineering Risk Analysis (SERA) Framework, a security risk-analysis approach that addresses software security risks as early in the development lifecycle, to advance the state-of-the-practice. The SERA Framework incorporates two important technical perspectives: (1) system and software engineering and (2) operational security. The framework requires system and software engineers to consider operational security risks early in the lifecycle. This approach blends multiple technical disciplines to define an engineering-oriented risk-analysis practice consistent with the NIST Risk Management Framework (RMF).