Nancy R. Mead
Software Engineering Institute
Nancy R. Mead is a fellow and principal researcher at the Software Engineering Institute (SEI). She is currently involved in the study of security requirements engineering and the development of software assurance curricula. Her research interests include software security, software requirements engineering, and software architectures. Mead is also an adjunct professor of software engineering in the Master of Software Engineering Program at Carnegie Mellon University. She served as director of education for the SEI from 1991 to 1994.
Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM's software engineering technology area and managed IBM Federal Systems" software engineering education department. She developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.
Mead has authored more than 150 publications and invited presentations. She serves on the editorial boards for the International Journal on Secure Software Engineering and the Requirements Engineering Journal and is a member of numerous advisory boards and committees. She is a Fellow of the Institute of Electrical and Electronics Engineers, Inc. (IEEE) and the IEEE Computer Society, and she is a Distinguished Educator of the Association of Computing Machinery. Mead received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering.
Mead is also the founding Steering Committee Chair of the Conference on Software Engineering Education and Training (CSEE&T). The conference has given the Nancy Mead Award for Excellence in Software Engineering Education since 2010, with Mary Shaw as the first recipient. The award is presented to individuals who demonstrate outstanding contributions to software engineering education, training, and professionalism.
Mead received her PhD in mathematics from the Polytechnic Institute of New York, and earned a BA and an MS in mathematics from New York University.
Publications by Nancy R. Mead
-
A Hybrid Threat Modeling Method
March 27, 2018 • Technical Note
Nancy R. Mead, Forrest Shull, Krishnamurthy Vemuru (University of Virginia), Ole Villadsen (Carnegie Mellon University)
Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.
read -
Using Malware Analysis to Identify Overlooked Security Requirements
March 23, 2017 • Presentation
Nancy R. Mead, Jose A. Morales
This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws
read -
Panel: Secure Software Workforce Development Panel Session
January 03, 2017 • Presentation
Girish Seshagiri (Ishpi Information Technologies, Inc), Nancy R. Mead, William Newhouse (NIST), James W. Over
This panel discussed programs designed to meet the growing need for software assurance professionals.
read -
Using Malware Analysis to Identify Overlooked Security Requirements (MORE)
January 03, 2017 • Presentation
Nancy R. Mead
In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.
read -
SEI Cyber Minute: Cyber Security Engineering
December 22, 2016 • Video
Nancy R. Mead
Watch Nancy Mead in this SEI Cyber Minute as she discusses "Cyber Security Engineering."
watch -
Cyber Security Engineering for Software and Systems Assurance
December 08, 2016 • Podcast
Nancy R. Mead, Carol Woody, PhD
In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance.
learn more -
Cyber Security Engineering: A Practical Approach for Systems and Software Assurance
November 15, 2016 • Book
Nancy R. Mead, Carol Woody, PhD
Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies.
read -
The SEI Fellow Series: Nancy Mead
August 10, 2016 • Podcast
Nancy R. Mead
This podcast is the first in a series highlighting interviews with SEI Fellows.
learn more -
Report Writer and Security Requirements Finder: User and Admin Manuals
June 07, 2016 • Special Report
Nancy R. Mead, Anand Sankalp (Carnegie Mellon University), Gupta Anurag (Carnegie Mellon), Priyam Swati (Carnegie Mellon University), Yaobin Wen (Carnegie Mellon University), Walid El Baroni (Carnegie Mellon University)
This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
read -
The SEI Fellows Series: Nancy Mead
January 04, 2016 • Podcast
Nancy R. Mead
This podcast, featuring an interview with Dr. Nancy Mead, is the first in a series highlighting interviews with SEI Fellows.
learn more -
A Software Assurance Curriculum for Future Engineers
September 24, 2015 • Podcast
Nancy R. Mead
In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
learn more -
Using Malware Analysis to Improve Security Requirements on Future Systems
August 25, 2015 • Conference Paper
Nancy R. Mead, Jose A. Morales
In this paper, the authors propose to improve how security requirements are identified.
read -
Industry/University Collaboration in Software Engineering Education: Refreshing and Retuning Our Strategies
April 08, 2015 • Conference Paper
Nancy R. Mead
In this paper, Nancy Mead describes a panel session that explored strategies for industry/university collaboration in software engineering education.
read -
A Method and Case Study for Using Malware Analysis to Improve Security Requirements
January 09, 2015 • Article
Nancy R. Mead, Jose A. Morales, Gregory Paul Alice
In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
read -
Using Malware Analysis to Tailor SQUARE for Mobile Platforms
November 18, 2014 • Technical Note
Gregory Paul Alice, Nancy R. Mead
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
read -
Eliciting Unstated Requirements
August 26, 2014 • Presentation
Nancy R. Mead, Michael D. Konrad, Robert W. Stoddard
The tutorial presents the traditional KJ method for eliciting unstated user needs and extensions made to allow KJ to be used in a virtual environment.
read -
An Evaluation of A-SQUARE for COTS Acquisition
May 13, 2014 • Technical Note
Sidhartha Mani, Nancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
read -
Software Assurance
May 07, 2014 • Book Chapter
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Carol Woody
In this book chapter, the authors discuss modern principles of software assurance and identify a number of relevant process models, frameworks, and best practices.
read -
Foundations for Software Assurance
December 16, 2013 • White Paper
Carol Woody, Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.
read -
Software Assurance Measurement – State of the Practice
November 29, 2013 • Technical Note
Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.
read -
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods
August 05, 2013 • White Paper
Nancy R. Mead, Travis Christian
In this paper, the authors provide background information on penetration testing processes and practices.
read -
Teaching Security Requirements Engineering Using SQUARE
July 31, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
read -
Development of a Master of Software Assurance Reference Curriculum - 2013 IJSSE
July 31, 2013 • White Paper
Andrew J. Kornecki (Embry-Riddle Aeronautical University), James McDonald (Monmouth University), Julia H. Allen, Mark A. Ardis (Stevens Institute of Technology), Nancy R. Mead, Richard C. Linger (Oak Ridge National Laboratory), Thomas B. Hilburn (Embry-Riddle Aeronautical University)
In this paper, the authors present an overview of the Master of Software Assurance curriculum, including its history, student prerequisites, and outcomes
read -
The Development of a Graduate Curriculum for Software Assurance
July 31, 2013 • White Paper
Mark A. Ardis (Stevens Institute of Technology), Nancy R. Mead
In this paper, the authors describe the work of the Master of Software Assurance curriculum project, including sources, process, products, and more.
read -
Requirements Prioritization Case Study Using AHP
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can select a suitable requirements prioritization method and the results of trying one method.
read -
Requirements Elicitation Case Studies Using IBIS, JAD, and ARM
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can be used to select a suitable requirements elicitation method.
read -
The Common Criteria
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses how Common Criteria is evaluated, it also presents a standard that is related to developing security requirements.
read -
Measuring the Software Security Requirements Engineering Process
July 03, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
read -
Integrating Software Assurance Knowledge into Conventional Curricula
May 23, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.
read -
Models for Assessing the Cost and Value of Software Assurance
May 21, 2013 • White Paper
Antonio Drommi, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), John Bailey, Nancy R. Mead
In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
read -
Requirements Engineering Annotated Bibliography
May 21, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead provides a bibliography of sources related to requirements engineering.
read -
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository
May 21, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead,
In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.
read -
Making the Business Case for Software Assurance
May 21, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead provides an overview of the Business Case content area.
read -
The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability
May 16, 2013 • White Paper
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.
read -
Building a Body of Knowledge for ICT Supply Chain Risk Management
May 16, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).
read -
Software Assurance Education Overview
May 15, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses the growing demand for skilled professionals who can build security and correct functionality into software.
read -
Getting Secure Software Assurance Knowledge into Conventional Practice
May 14, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), , Nancy R. Mead
In this paper, the authors describe three educational initiatives in support of software assurance education.
read -
A Common Sense Way to Make the Business Case for Software Assurance
May 14, 2013 • White Paper
Antonio Drommi, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), John Bailey, Nancy R. Mead
In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
read -
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge
May 14, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors describe two efforts that support national cybersecurity education goals.
read -
Foundations for Software Assurance
May 14, 2013 • White Paper
Carol Woody, Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.
read -
Software Security Engineering: A Guide for Project Managers (white paper)
May 13, 2013 • White Paper
Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
read -
Requirements Elicitation Introduction
May 13, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one.
read -
Requirements Prioritization Introduction
May 13, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses using a systematic prioritization approach to prioritize security requirements.
read -
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets
May 13, 2013 • White Paper
Eric Hough, Hassan Osman, Jonathan Caulkins, Nancy R. Mead
In this paper, the authors introduce a novel method of optimizing using integer programming (IP).
read -
Software Assurance Competency Model
March 11, 2013 • Technical Note
Thomas B. Hilburn (Embry-Riddle Aeronautical University), Mark A. Ardis (Stevens Institute of Technology), Glenn Johnson ((ISC)2), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Nancy R. Mead
In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
read -
Guest Editorial Preface for 2013 Special Issue of the International Journal of Secure Software Engineering
January 01, 2013 • Article
Nancy R. Mead, Ivan Flechais (University of Oxford), Dan Shoemaker (University of Detroit Mercy), Carol Woody
In this preface, the guest editors of this special edition provide a context for the articles that comprise the issue.
read -
Principles and Measurement Models for Software Assurance
January 01, 2013 • Book Chapter
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Carol Woody
In this book chapter, the authors present a measurement model with seven principles that capture the fundamental managerial and technical concerns of development and sustainment.
read -
Software Security Engineering Course Material
October 04, 2012 • Educational Material
Nancy R. Mead
This course focuses on fundamental concepts, methods, and practices for developing secure software systems.
read -
Combining Security and Privacy in Requirements Engineering
December 31, 2011 • Book Chapter
Saeed Abu-Nimeh (Damballa), Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
read -
Software Assurance Curriculum Project Volume IV: Community College Education
September 01, 2011 • Technical Report
Nancy R. Mead, Elizabeth K. Hawthorne (Union County College), Mark A. Ardis (Stevens Institute of Technology)
In this report, the authors focus on community college courses for software assurance.
read -
Software Assurance Curriculum Master Bibliography and Course References
June 01, 2011 • User's Guide
Julia H. Allen, Nancy R. Mead, Mark A. Ardis (Stevens Institute of Technology), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory)
In this report, the authors provide the master bibliography that is used with the software assurance curriculum.
read -
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi
March 01, 2011 • Technical Report
Nancy R. Mead, Julia H. Allen, Mark A. Ardis (Stevens Institute of Technology), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory)
In this report, the authors provide sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
read -
Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems
February 01, 2011 • Technical Note
Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead, Jeff Ingalsbe (University of Detroit Mercy)
In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.
read -
Software Assurance: A Master's Level Curriculum
October 26, 2010 • Podcast
Nancy R. Mead, Thomas B. Hilburn (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory), Julia H. Allen
In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.
learn more -
Development of a Master of Software Assurance Reference Curriculum - 2010 IJSSE
October 01, 2010 • Article
Nancy R. Mead, Julia H. Allen, Mark A. Ardis (Stevens Institute of Technology), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory), James McDonald (Monmouth University)
In this article, the authors summarize the Master of Software Assurance curriculum project, including its history, outcomes, a core body of knowledge, and curriculum architecture.
read -
Guest Editorial Preface for 2010 Special Issue on Software Security Engineering Education
October 01, 2010 • Article
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this preface, the authors describe the rest of the issue, which discusses how to bring software security education to the mainstream.
read -
Security Requirements Reusability and the SQUARE Methodology
September 01, 2010 • Technical Note
Travis Christian, Nancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
read -
Building Assured Systems Framework
September 01, 2010 • Technical Report
Nancy R. Mead, Julia H. Allen
This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
read -
Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum
August 01, 2010 • Technical Report
Nancy R. Mead, Julia H. Allen, Mark A. Ardis (Stevens Institute of Technology), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory), James McDonald (Monmouth University)
In this report, the authors present a master of software assurance curriculum that educational institutions can use to create a degree program or track.
read -
Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines
August 01, 2010 • Technical Report
Nancy R. Mead, Thomas B. Hilburn (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory)
In this report, the authors describe seven courses for an undergraduate curriculum specialization for software assurance.
read -
Security Requirements Engineering
July 14, 2010 • White Paper
Nancy R. Mead
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
read -
Adapting the SQUARE Process for Privacy Requirements Engineering
July 01, 2010 • Technical Note
Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
read -
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition
February 22, 2010 • White Paper
Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
read -
Workshop: How to Get Started in Software Assurance Education
February 08, 2010 • Conference Paper
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this workshop, software assurance education is introduced to faculty who are interested in adding these concepts to existing and new educational programs.
read -
Privacy Risk Assessment Case Studies in Support of SQUARE
July 01, 2009 • Special Report
Varokas Panusuwan, Prashanth Batlagundu, Nancy R. Mead
In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.
read -
SQUARE Up Your Security Requirements Engineering with SQUARE
May 14, 2009 • Webinar
Nancy R. Mead
In this 2009 webinar, Nancy Mead provides an overview of the CERT SQUARE process, and discusses current activities and plans.
watch -
Making the Business Case for Software Assurance
April 01, 2009 • Special Report
Nancy R. Mead, Julia H. Allen, W. Arthur Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe (University of Detroit Mercy), James Rainey, Dan Shoemaker (University of Detroit Mercy)
In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.
read -
Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses
January 01, 2009 • Book Chapter
Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics
September 05, 2008 • Book Chapter
Nancy R. Mead
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
read -
Identifying Software Security Requirements Early, Not After the Fact
July 08, 2008 • Podcast
Nancy R. Mead, Julia H. Allen
In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.
learn more -
SQUARE-Lite: Case Study on VADSoft Project
June 01, 2008 • Special Report
Ashwin Gayash, Venkatesh Viswanathan, Deepa Padmanabhan, Nancy R. Mead
In this 2008 report, the authors describe SQUARE and SQUARE-Lite, and using SQUARE-Lite to develop security requirements for a financial application.
read -
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
May 01, 2008 • Technical Note
Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
read -
Software Security Engineering: A Guide for Project Managers (book)
March 01, 2008 • Book
Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
read -
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods
August 01, 2007 • Technical Note
Nancy R. Mead
In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering
August 22, 2006 • Book Chapter
Nancy R. Mead
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
read -
Security Quality Requirements Engineering (SQUARE): Case Study Phase III
May 01, 2006 • Special Report
Lydia Chung, Frank Hung, Eric Hough, Don Ojoko-Adams, Nancy R. Mead
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
read -
Security Quality Requirements Engineering Technical Report
November 01, 2005 • Technical Report
Nancy R. Mead, Eric Hough, Ted Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
read -
Recommended Practices - Chapter from Secure Coding in C and C++
August 19, 2005 • Book Chapter
Noopur Davis, Chad Dougherty, Nancy R. Mead,
In this book chapter, the authors recommend specific development practices for improving the overall security of your C/C++ application.
read -
System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II
May 01, 2005 • Special Report
Dan Gordon, Neha Wattas, Eugene Yu, Ted Stehney II, Nancy R. Mead
In this report, the authors describe the second phase of an application of the SQUARE Methodology on an asset management system.
read -
Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System
December 01, 2004 • Special Report
Peter Chen, Marjon Dean, Don Ojoko-Adams, Hassan Osman, Lilian Lopez, Nick Xie, Nancy R. Mead
In this 2004 report, the authors describe the first case study that applied the SQUARE methodology to an organization.
read -
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies
November 01, 2004 • Technical Note
Nick Xie, Nancy R. Mead, Peter Chen, Marjon Dean, Lilian Lopez, Don Ojoko-Adams, Hassan Osman
In this 2004 report, the authors describe a cost/benefit analysis for estimations in small companies' information security improvement projects.
read -
Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends (FY 2004)
October 01, 2004 • Technical Report
John K. Bergey, Edwin J. Morris, Jeannine Siviy, Dennis B. Smith, William O'Brien, Carol Woody, Sven Dietrich, Donald Firesmith, Eileen C. Forrester, Angel Jordan, Rick Kazman, Grace Lewis, Howard F. Lipson, Nancy R. Mead
This report describes the IR&D projects that were conducted during fiscal year 2004 (October 2003 through September 2004).
read -
Industrial Input to the Computing Curriculum
September 26, 2004 • Book Chapter
Nancy R. Mead
In this book chapter, the authors discuss successful collaborations between industry and universities that improve software engineering education.
read -
Requirements Engineering for Survivable Systems
September 01, 2003 • Technical Note
Nancy R. Mead
In this 2003 report, Nancy Mead describes the state of requirements engineering for survivable systems.
read -
International Liability Issues for Software Quality
July 01, 2003 • Special Report
Nancy R. Mead
In this 2003 report, Nancy Mead focuses on international liability as it relates to information security for critical infrastructure applications.
read -
Life-Cycle Models for Survivable Systems
October 01, 2002 • Technical Report
Richard C. Linger (Oak Ridge National Laboratory), Howard F. Lipson, John McHugh, Nancy R. Mead, Carol A. Sledge
In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
read -
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations
July 01, 2002 • Special Report
Heidi J. Ellis, Ana M. Moreno (Universidad Politecnica de Madrid), Nancy R. Mead, Stephen B. Seidman
In this 2002 report, the authors describe a study of reeducating non-software professionals and practitioners to become software engineers.
read -
Foundations for Survivable Systems Engineering
May 20, 2002 • White Paper
Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead, Andrew P. Moore
In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
read -
Can We Ever Build Survivable Systems from COTS Components?
December 01, 2001 • Technical Note
Howard F. Lipson, Nancy R. Mead, Andrew P. Moore
In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.
read -
Survivable Network Analysis Method
September 01, 2000 • Technical Report
Nancy R. Mead, Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Thomas A. Longstaff, John McHugh
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read -
Case Study in Survivable Network System Analysis
September 01, 1998 • Technical Report
Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Thomas A. Longstaff, Nancy R. Mead
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
read -
Survivable Network Systems: An Emerging Discipline
November 01, 1997 • Technical Report
David Fisher, Richard C. Linger (Oak Ridge National Laboratory), Howard F. Lipson, Thomas A. Longstaff, Nancy R. Mead, Robert J. Ellison
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
read -
Best Training Practices Within the Software Engineering Industry
November 01, 1996 • Technical Report
Nancy R. Mead, Lawrence Tobin, Suzanne D. Couturiaux
This report provides the results of a benchmarking study to identify the best training practices within the software engineering community.
read -
A Case Study in Requirements for Survivable Systems
January 01, 1996 • White Paper
Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Thomas A. Longstaff, Nancy R. Mead
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
read