Nancy R. Mead

Software Engineering Institute

Nancy R. Mead is a fellow and principal researcher at the Software Engineering Institute (SEI). She is currently involved in the study of security requirements engineering and the development of software assurance curricula. Her research interests include software security, software requirements engineering, and software architectures. Mead is also an adjunct professor of software engineering in the Master of Software Engineering Program at Carnegie Mellon University. She served as director of education for the SEI from 1991 to 1994.

Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM's software engineering technology area and managed IBM Federal Systems" software engineering education department. She developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.

Mead has authored more than 150 publications and invited presentations. She serves on the editorial boards for the International Journal on Secure Software Engineering and the Requirements Engineering Journal and is a member of numerous advisory boards and committees. She is a Fellow of the Institute of Electrical and Electronics Engineers, Inc. (IEEE) and the IEEE Computer Society, and she is a Distinguished Educator of the Association of Computing Machinery. Mead received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering.

Mead is also the founding Steering Committee Chair of the Conference on Software Engineering Education and Training (CSEE&T). The conference has given the Nancy Mead Award for Excellence in Software Engineering Education since 2010, with Mary Shaw as the first recipient. The award is presented to individuals who demonstrate outstanding contributions to software engineering education, training, and professionalism.

Mead received her PhD in mathematics from the Polytechnic Institute of New York, and earned a BA and an MS in mathematics from New York University.

Publications by Nancy R. Mead

A Hybrid Threat Modeling Method

March 27, 2018 • Technical Note

Nancy R. Mead Forrest Shull Krishnamurthy Vemuru (University of Virginia)

Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.
read
Using Malware Analysis to Identify Overlooked Security Requirements

March 23, 2017 • Presentation

Nancy R. Mead Jose A. Morales

This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws
read
Panel: Secure Software Workforce Development Panel Session

January 03, 2017 • Presentation

Girish Seshagiri (Ishpi Information Technologies, Inc)Nancy R. Mead William Newhouse (NIST)

This panel discussed programs designed to meet the growing need for software assurance professionals.
read
Using Malware Analysis to Identify Overlooked Security Requirements (MORE)

January 03, 2017 • Presentation

Nancy R. Mead

In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.
read
SEI Cyber Minute: Cyber Security Engineering

December 22, 2016 • Video

Nancy R. Mead

Watch Nancy Mead in this SEI Cyber Minute as she discusses "Cyber Security Engineering."
watch
Cyber Security Engineering for Software and Systems Assurance

December 08, 2016 • Podcast

Nancy R. Mead Carol Woody, PhD

In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance.
learn more
Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

November 15, 2016 • Book

Nancy R. Mead Carol Woody, PhD

Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies.
read
The SEI Fellow Series: Nancy Mead

August 10, 2016 • Podcast

Nancy R. Mead

This podcast is the first in a series highlighting interviews with SEI Fellows.
learn more
Report Writer and Security Requirements Finder: User and Admin Manuals

June 07, 2016 • Special Report

Nancy R. Mead Anand Sankalp (Carnegie Mellon University)Gupta Anurag (Carnegie Mellon)

This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
read
A Software Assurance Curriculum for Future Engineers

September 24, 2015 • Podcast

Nancy R. Mead

In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
learn more
Using Malware Analysis to Improve Security Requirements on Future Systems

August 25, 2015 • Conference Paper

Nancy R. Mead Jose A. Morales

In this paper, the authors propose to improve how security requirements are identified.
read
Industry/University Collaboration in Software Engineering Education: Refreshing and Retuning Our Strategies

April 08, 2015 • Conference Paper

Nancy R. Mead

In this paper, Nancy Mead describes a panel session that explored strategies for industry/university collaboration in software engineering education.
read
A Method and Case Study for Using Malware Analysis to Improve Security Requirements

January 09, 2015 • Article

Nancy R. Mead Jose A. Morales Gregory Paul Alice

In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
read
Using Malware Analysis to Tailor SQUARE for Mobile Platforms

November 18, 2014 • Technical Note

Gregory Paul Alice Nancy R. Mead

This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
read
Eliciting Unstated Requirements

August 26, 2014 • Presentation

Nancy R. Mead Michael D. Konrad Robert W. Stoddard

The tutorial presents the traditional KJ method for eliciting unstated user needs and extensions made to allow KJ to be used in a virtual environment.
read
An Evaluation of A-SQUARE for COTS Acquisition

May 13, 2014 • Technical Note

Sidhartha Mani Nancy R. Mead

An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
read
Software Assurance

May 07, 2014 • Book Chapter

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)Carol Woody

In this book chapter, the authors discuss modern principles of software assurance and identify a number of relevant process models, frameworks, and best practices.
read
Foundations for Software Assurance

December 16, 2013 • White Paper

Carol Woody Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.
read
Software Assurance Measurement – State of the Practice

November 29, 2013 • Technical Note

Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead

In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.
read
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods

August 05, 2013 • White Paper

Nancy R. Mead Travis Christian

In this paper, the authors provide background information on penetration testing processes and practices.
read
Teaching Security Requirements Engineering Using SQUARE

July 31, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
read
Development of a Master of Software Assurance Reference Curriculum - 2013 IJSSE

July 31, 2013 • White Paper

Andrew J. Kornecki (Embry-Riddle Aeronautical University)James McDonald (Monmouth University)Julia H. Allen

In this paper, the authors present an overview of the Master of Software Assurance curriculum, including its history, student prerequisites, and outcomes
read
The Development of a Graduate Curriculum for Software Assurance

July 31, 2013 • White Paper

Mark A. Ardis (Stevens Institute of Technology)Nancy R. Mead

In this paper, the authors describe the work of the Master of Software Assurance curriculum project, including sources, process, products, and more.
read
Requirements Prioritization Case Study Using AHP

July 05, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead describes a tradeoff analysis that can select a suitable requirements prioritization method and the results of trying one method.
read
Requirements Elicitation Case Studies Using IBIS, JAD, and ARM

July 05, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead describes a tradeoff analysis that can be used to select a suitable requirements elicitation method.
read
The Common Criteria

July 05, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead discusses how Common Criteria is evaluated, it also presents a standard that is related to developing security requirements.
read
Measuring the Software Security Requirements Engineering Process

July 03, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
read
Integrating Software Assurance Knowledge into Conventional Curricula

May 23, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.
read
Models for Assessing the Cost and Value of Software Assurance

May 21, 2013 • White Paper

Antonio Drommi Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)

In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
read
Requirements Engineering Annotated Bibliography

May 21, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead provides a bibliography of sources related to requirements engineering.
read
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository

May 21, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.
read
Making the Business Case for Software Assurance

May 21, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead provides an overview of the Business Case content area.
read
The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability

May 16, 2013 • White Paper

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.
read
Building a Body of Knowledge for ICT Supply Chain Risk Management

May 16, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).
read
Software Assurance Education Overview

May 15, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead discusses the growing demand for skilled professionals who can build security and correct functionality into software.
read
Getting Secure Software Assurance Knowledge into Conventional Practice

May 14, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors describe three educational initiatives in support of software assurance education.
read
A Common Sense Way to Make the Business Case for Software Assurance

May 14, 2013 • White Paper

Antonio Drommi Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)

In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
read
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge

May 14, 2013 • White Paper

Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors describe two efforts that support national cybersecurity education goals.
read
Foundations for Software Assurance

May 14, 2013 • White Paper

Carol Woody Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead

In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.
read
Software Security Engineering: A Guide for Project Managers (white paper)

May 13, 2013 • White Paper

Gary McGraw Julia H. Allen Nancy R. Mead

In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
read
Requirements Elicitation Introduction

May 13, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead discusses elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one.
read
Requirements Prioritization Introduction

May 13, 2013 • White Paper

Nancy R. Mead

In this paper, Nancy Mead discusses using a systematic prioritization approach to prioritize security requirements.
read
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets

May 13, 2013 • White Paper

Eric Hough Hassan Osman Jonathan Caulkins

In this paper, the authors introduce a novel method of optimizing using integer programming (IP).
read
Software Assurance Competency Model

March 11, 2013 • Technical Note

Thomas B. Hilburn (Embry-Riddle Aeronautical University)Mark A. Ardis (Stevens Institute of Technology)Glenn Johnson ((ISC)2)

In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
read
Guest Editorial Preface for 2013 Special Issue of the International Journal of Secure Software Engineering

January 01, 2013 • Article

Nancy R. Mead Ivan Flechais (University of Oxford)Dan Shoemaker (University of Detroit Mercy)

In this preface, the guest editors of this special edition provide a context for the articles that comprise the issue.
read
Principles and Measurement Models for Software Assurance

January 01, 2013 • Book Chapter

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)Carol Woody

In this book chapter, the authors present a measurement model with seven principles that capture the fundamental managerial and technical concerns of development and sustainment.
read
Software Security Engineering Course Material

October 04, 2012 • Educational Material

Nancy R. Mead

This course focuses on fundamental concepts, methods, and practices for developing secure software systems.
read
Combining Security and Privacy in Requirements Engineering

December 31, 2011 • Book Chapter

Saeed Abu-Nimeh (Damballa)Nancy R. Mead

In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
read
Software Assurance Curriculum Project Volume IV: Community College Education

September 01, 2011 • Technical Report

Nancy R. Mead Elizabeth K. Hawthorne (Union County College)Mark A. Ardis (Stevens Institute of Technology)

In this report, the authors focus on community college courses for software assurance.
read
Software Assurance Curriculum Master Bibliography and Course References

June 01, 2011 • User's Guide

Julia H. Allen Nancy R. Mead Mark A. Ardis (Stevens Institute of Technology)

In this report, the authors provide the master bibliography that is used with the software assurance curriculum.
read
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi

March 01, 2011 • Technical Report

Nancy R. Mead Julia H. Allen Mark A. Ardis (Stevens Institute of Technology)

In this report, the authors provide sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
read
Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems

February 01, 2011 • Technical Note

Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead Jeff Ingalsbe (University of Detroit Mercy)

In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.
read
Software Assurance: A Master's Level Curriculum

October 26, 2010 • Podcast

Nancy R. Mead Thomas B. Hilburn (Embry-Riddle Aeronautical University)Richard C. Linger (Oak Ridge National Laboratory)

In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.
learn more
Development of a Master of Software Assurance Reference Curriculum - 2010 IJSSE

October 01, 2010 • Article

Nancy R. Mead Julia H. Allen Mark A. Ardis (Stevens Institute of Technology)

In this article, the authors summarize the Master of Software Assurance curriculum project, including its history, outcomes, a core body of knowledge, and curriculum architecture.
read
Guest Editorial Preface for 2010 Special Issue on Software Security Engineering Education

October 01, 2010 • Article

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)

In this preface, the authors describe the rest of the issue, which discusses how to bring software security education to the mainstream.
read
Building Assured Systems Framework

September 01, 2010 • Technical Report

Nancy R. Mead Julia H. Allen

This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
read
Security Requirements Reusability and the SQUARE Methodology

September 01, 2010 • Technical Note

Travis Christian Nancy R. Mead

In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
read
Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines

August 01, 2010 • Technical Report

Nancy R. Mead Thomas B. Hilburn (Embry-Riddle Aeronautical University)Richard C. Linger (Oak Ridge National Laboratory)

In this report, the authors describe seven courses for an undergraduate curriculum specialization for software assurance.
read
Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum

August 01, 2010 • Technical Report

Nancy R. Mead Julia H. Allen Mark A. Ardis (Stevens Institute of Technology)

In this report, the authors present a master of software assurance curriculum that educational institutions can use to create a degree program or track.
read
Security Requirements Engineering

July 14, 2010 • White Paper

Nancy R. Mead

In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
read
Adapting the SQUARE Process for Privacy Requirements Engineering

July 01, 2010 • Technical Note

Ashwini Bijwe (Carnegie Mellon University)Nancy R. Mead

In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
read
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition

February 22, 2010 • White Paper

Nancy R. Mead

In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
read
Workshop: How to Get Started in Software Assurance Education

February 08, 2010 • Conference Paper

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)

In this workshop, software assurance education is introduced to faculty who are interested in adding these concepts to existing and new educational programs.
read
Privacy Risk Assessment Case Studies in Support of SQUARE

July 01, 2009 • Special Report

Varokas Panusuwan Nancy R. Mead Prashanth Batlagundu

In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.
read
Making the Business Case for Software Assurance

April 01, 2009 • Special Report

Nancy R. Mead Julia H. Allen W. Arthur Conklin

In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.
read
Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses

January 01, 2009 • Book Chapter

Nancy R. Mead Dan Shoemaker (University of Detroit Mercy)

In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.
read
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics

September 05, 2008 • Book Chapter

Nancy R. Mead

In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
read
Identifying Software Security Requirements Early, Not After the Fact

July 08, 2008 • Podcast

Nancy R. Mead Julia H. Allen

In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.
learn more
SQUARE-Lite: Case Study on VADSoft Project

June 01, 2008 • Special Report

Ashwin Gayash Venkatesh Viswanathan Deepa Padmanabhan

In this 2008 report, the authors describe SQUARE and SQUARE-Lite, and using SQUARE-Lite to develop security requirements for a financial application.
read
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

May 01, 2008 • Technical Note

Nancy R. Mead Venkatesh Viswanathan Deepa Padmanabhan

In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
read
Software Security Engineering: A Guide for Project Managers (book)

March 01, 2008 • Book

Julia H. Allen Sean Barnum Robert J. Ellison

In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
read
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

August 01, 2007 • Technical Note

Nancy R. Mead

In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
read
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering

August 22, 2006 • Book Chapter

Nancy R. Mead

In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
read
Security Quality Requirements Engineering (SQUARE): Case Study Phase III

May 01, 2006 • Special Report

Lydia Chung Frank Hung Eric Hough

In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
read
Security Quality Requirements Engineering Technical Report

November 01, 2005 • Technical Report

Nancy R. Mead Eric Hough Ted Stehney II

In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
read
Recommended Practices - Chapter from Secure Coding in C and C++

August 19, 2005 • Book Chapter

Noopur Davis Chad Dougherty Nancy R. Mead

In this book chapter, the authors recommend specific development practices for improving the overall security of your C/C++ application.
read
System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II

May 01, 2005 • Special Report

Dan Gordon Neha Wattas Eugene Yu

In this report, the authors describe the second phase of an application of the SQUARE Methodology on an asset management system.
read
Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System

December 01, 2004 • Special Report

Peter Chen Marjon Dean Don Ojoko-Adams

In this 2004 report, the authors describe the first case study that applied the SQUARE methodology to an organization.
read
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies

November 01, 2004 • Technical Note

Nick Xie Nancy R. Mead Peter Chen

In this 2004 report, the authors describe a cost/benefit analysis for estimations in small companies' information security improvement projects.
read
Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends (FY 2004)

October 01, 2004 • Technical Report

John K. Bergey Edwin J. Morris Jeannine Siviy

This report describes the IR&D projects that were conducted during fiscal year 2004 (October 2003 through September 2004).
read
Industrial Input to the Computing Curriculum

September 26, 2004 • Book Chapter

Nancy R. Mead

In this book chapter, the authors discuss successful collaborations between industry and universities that improve software engineering education.
read
Requirements Engineering for Survivable Systems

September 01, 2003 • Technical Note

Nancy R. Mead

In this 2003 report, Nancy Mead describes the state of requirements engineering for survivable systems.
read
International Liability Issues for Software Quality

July 01, 2003 • Special Report

Nancy R. Mead

In this 2003 report, Nancy Mead focuses on international liability as it relates to information security for critical infrastructure applications.
read
Life-Cycle Models for Survivable Systems

October 01, 2002 • Technical Report

Richard C. Linger (Oak Ridge National Laboratory)Howard F. Lipson John McHugh

In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
read
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations

July 01, 2002 • Special Report

Heidi J. Ellis Ana M. Moreno (Universidad Politecnica de Madrid)Nancy R. Mead

In this 2002 report, the authors describe a study of reeducating non-software professionals and practitioners to become software engineers.
read
Foundations for Survivable Systems Engineering

May 20, 2002 • White Paper

Robert J. Ellison Richard C. Linger (Oak Ridge National Laboratory)Nancy R. Mead

In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
read
Can We Ever Build Survivable Systems from COTS Components?

December 01, 2001 • Technical Note

Howard F. Lipson Nancy R. Mead Andrew P. Moore

In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.
read
Survivable Network Analysis Method

September 01, 2000 • Technical Report

Nancy R. Mead Robert J. Ellison Richard C. Linger (Oak Ridge National Laboratory)

This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read
Case Study in Survivable Network System Analysis

September 01, 1998 • Technical Report

Robert J. Ellison Richard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff

In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
read
Survivable Network Systems: An Emerging Discipline

November 01, 1997 • Technical Report

David Fisher Richard C. Linger (Oak Ridge National Laboratory)Howard F. Lipson

This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
read
Best Training Practices Within the Software Engineering Industry

November 01, 1996 • Technical Report

Nancy R. Mead Lawrence Tobin Suzanne D. Couturiaux

This report provides the results of a benchmarking study to identify the best training practices within the software engineering community.
read
A Case Study in Requirements for Survivable Systems

January 01, 1996 • White Paper

Robert J. Ellison Richard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff

This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
read