Nancy R. Mead
Software Engineering Institute
Nancy R. Mead is an SEI alumni employee.
Nancy R. Mead is a fellow at the Software Engineering Institute (SEI) and an adjunct professor of software engineering at Carnegie Mellon University. She is currently involved in the study of security requirements engineering and the development of software assurance curricula. She also served as director of education for the SEI from 1991 to 1994. Her research interests are in the areas of software security and software requirements engineering.
Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM's software engineering technology area and managed IBM Federal Systems' software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.
Mead has authored more than 150 publications and invited presentations. She serves on the editorial boards for the International Journal of Systems and Software Security and Protection and the Requirements Engineering Journal and is a member the IEEE TCSE Executive Committee and the Open University Advisory Board. She is a Fellow of the Institute of Electrical and Electronics Engineers, Inc. (IEEE) and the IEEE Computer Society, and she is a Distinguished Educator of the Association of Computing Machinery. Mead received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering, and in 2019 was named a Parnas Fellow at Lero, the Irish Software Research Centre.
Mead received her PhD in mathematics from the Polytechnic Institute of New York and received a BA and an MS in mathematics from New York University.
Publications by Nancy R. Mead
-
A Hybrid Threat Modeling Method
March 27, 2018 • Technical Note
Nancy R. MeadForrest ShullKrishnamurthy Vemuru (University of Virginia)
Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.
read -
Using Malware Analysis to Identify Overlooked Security Requirements
March 23, 2017 • Presentation
Nancy R. MeadJose A. Morales
This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws
read -
Panel: Secure Software Workforce Development Panel Session
January 03, 2017 • Presentation
Girish Seshagiri (Ishpi Information Technologies, Inc)Nancy R. MeadWilliam Newhouse (NIST)
This panel discussed programs designed to meet the growing need for software assurance professionals.
read -
Using Malware Analysis to Identify Overlooked Security Requirements (MORE)
January 03, 2017 • Presentation
Nancy R. Mead
In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.
read -
SEI Cyber Minute: Cyber Security Engineering
December 22, 2016 • Video
Nancy R. Mead
Watch Nancy Mead in this SEI Cyber Minute as she discusses "Cyber Security Engineering."
watch -
Cyber Security Engineering for Software and Systems Assurance
December 08, 2016 • Podcast
Nancy R. MeadCarol Woody, PhD
In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance.
learn more -
Cyber Security Engineering: A Practical Approach for Systems and Software Assurance
November 15, 2016 • Book
Nancy R. MeadCarol Woody, PhD
Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies.
read -
The SEI Fellow Series: Nancy Mead
August 10, 2016 • Podcast
Nancy R. Mead
This podcast is the first in a series highlighting interviews with SEI Fellows.
learn more -
Report Writer and Security Requirements Finder: User and Admin Manuals
June 07, 2016 • Special Report
Nancy R. MeadAnand Sankalp (Carnegie Mellon University)Gupta Anurag (Carnegie Mellon)
This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
read -
A Software Assurance Curriculum for Future Engineers
September 24, 2015 • Podcast
Nancy R. Mead
In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
learn more -
Using Malware Analysis to Improve Security Requirements on Future Systems
August 25, 2015 • Conference Paper
Nancy R. MeadJose A. Morales
In this paper, the authors propose to improve how security requirements are identified.
read -
Industry/University Collaboration in Software Engineering Education: Refreshing and Retuning Our Strategies
April 08, 2015 • Conference Paper
Nancy R. Mead
In this paper, Nancy Mead describes a panel session that explored strategies for industry/university collaboration in software engineering education.
read -
A Method and Case Study for Using Malware Analysis to Improve Security Requirements
January 09, 2015 • Article
Nancy R. MeadJose A. MoralesGregory Paul Alice
In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
read -
Using Malware Analysis to Tailor SQUARE for Mobile Platforms
November 18, 2014 • Technical Note
Gregory Paul AliceNancy R. Mead
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
read -
Eliciting Unstated Requirements
August 26, 2014 • Presentation
Nancy R. MeadMichael D. KonradRobert W. Stoddard
The tutorial presents the traditional KJ method for eliciting unstated user needs and extensions made to allow KJ to be used in a virtual environment.
read -
An Evaluation of A-SQUARE for COTS Acquisition
May 13, 2014 • Technical Note
Sidhartha ManiNancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
read -
Software Assurance
May 07, 2014 • Book Chapter
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)Carol Woody
In this book chapter, the authors discuss modern principles of software assurance and identify a number of relevant process models, frameworks, and best practices.
read -
Foundations for Software Assurance
December 16, 2013 • White Paper
Carol WoodyNancy R. MeadDan Shoemaker (University of Detroit Mercy)
In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.
read -
Software Assurance Measurement – State of the Practice
November 29, 2013 • Technical Note
Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead
In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.
read -
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods
August 05, 2013 • White Paper
Nancy R. MeadTravis Christian
In this paper, the authors provide background information on penetration testing processes and practices.
read -
Teaching Security Requirements Engineering Using SQUARE
July 31, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
read -
Development of a Master of Software Assurance Reference Curriculum - 2013 IJSSE
July 31, 2013 • White Paper
Andrew J. Kornecki (Embry-Riddle Aeronautical University)James McDonald (Monmouth University)Julia H. Allen
In this paper, the authors present an overview of the Master of Software Assurance curriculum, including its history, student prerequisites, and outcomes
read -
The Development of a Graduate Curriculum for Software Assurance
July 31, 2013 • White Paper
Mark A. Ardis (Stevens Institute of Technology)Nancy R. Mead
In this paper, the authors describe the work of the Master of Software Assurance curriculum project, including sources, process, products, and more.
read -
Requirements Prioritization Case Study Using AHP
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can select a suitable requirements prioritization method and the results of trying one method.
read -
Requirements Elicitation Case Studies Using IBIS, JAD, and ARM
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a tradeoff analysis that can be used to select a suitable requirements elicitation method.
read -
The Common Criteria
July 05, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses how Common Criteria is evaluated, it also presents a standard that is related to developing security requirements.
read -
Measuring the Software Security Requirements Engineering Process
July 03, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
read -
Integrating Software Assurance Knowledge into Conventional Curricula
May 23, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.
read -
Models for Assessing the Cost and Value of Software Assurance
May 21, 2013 • White Paper
Antonio DrommiDan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)
In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
read -
Requirements Engineering Annotated Bibliography
May 21, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead provides a bibliography of sources related to requirements engineering.
read -
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository
May 21, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.
read -
Making the Business Case for Software Assurance
May 21, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead provides an overview of the Business Case content area.
read -
The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability
May 16, 2013 • White Paper
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)
In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.
read -
Building a Body of Knowledge for ICT Supply Chain Risk Management
May 16, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).
read -
Software Assurance Education Overview
May 15, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses the growing demand for skilled professionals who can build security and correct functionality into software.
read -
Getting Secure Software Assurance Knowledge into Conventional Practice
May 14, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors describe three educational initiatives in support of software assurance education.
read -
A Common Sense Way to Make the Business Case for Software Assurance
May 14, 2013 • White Paper
Antonio DrommiDan Shoemaker (University of Detroit Mercy)Jeff Ingalsbe (University of Detroit Mercy)
In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
read -
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge
May 14, 2013 • White Paper
Dan Shoemaker (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors describe two efforts that support national cybersecurity education goals.
read -
Foundations for Software Assurance
May 14, 2013 • White Paper
Carol WoodyDan Shoemaker (University of Detroit Mercy)Nancy R. Mead
In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.
read -
Software Security Engineering: A Guide for Project Managers (white paper)
May 13, 2013 • White Paper
Gary McGrawJulia H. AllenNancy R. Mead
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
read -
Requirements Elicitation Introduction
May 13, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one.
read -
Requirements Prioritization Introduction
May 13, 2013 • White Paper
Nancy R. Mead
In this paper, Nancy Mead discusses using a systematic prioritization approach to prioritize security requirements.
read -
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets
May 13, 2013 • White Paper
Eric HoughHassan OsmanJonathan Caulkins
In this paper, the authors introduce a novel method of optimizing using integer programming (IP).
read -
Software Assurance Competency Model
March 11, 2013 • Technical Note
Thomas B. Hilburn (Embry-Riddle Aeronautical University)Mark A. Ardis (Stevens Institute of Technology)Glenn Johnson ((ISC)2)
In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
read -
Guest Editorial Preface for 2013 Special Issue of the International Journal of Secure Software Engineering
January 01, 2013 • Article
Nancy R. MeadIvan Flechais (University of Oxford)Dan Shoemaker (University of Detroit Mercy)
In this preface, the guest editors of this special edition provide a context for the articles that comprise the issue.
read -
Principles and Measurement Models for Software Assurance
January 01, 2013 • Book Chapter
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)Carol Woody
In this book chapter, the authors present a measurement model with seven principles that capture the fundamental managerial and technical concerns of development and sustainment.
read -
Software Security Engineering Course Material
October 04, 2012 • Educational Material
Nancy R. Mead
This course focuses on fundamental concepts, methods, and practices for developing secure software systems.
read -
Combining Security and Privacy in Requirements Engineering
December 31, 2011 • Book Chapter
Saeed Abu-Nimeh (Damballa)Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
read -
Software Assurance Curriculum Project Volume IV: Community College Education
September 01, 2011 • Technical Report
Nancy R. MeadElizabeth K. Hawthorne (Union County College)Mark A. Ardis (Stevens Institute of Technology)
In this report, the authors focus on community college courses for software assurance.
read -
Software Assurance Curriculum Master Bibliography and Course References
June 01, 2011 • User's Guide
Julia H. AllenNancy R. MeadMark A. Ardis (Stevens Institute of Technology)
In this report, the authors provide the master bibliography that is used with the software assurance curriculum.
read -
Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi
March 01, 2011 • Technical Report
Nancy R. MeadJulia H. AllenMark A. Ardis (Stevens Institute of Technology)
In this report, the authors provide sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
read -
Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems
February 01, 2011 • Technical Note
Dan Shoemaker (University of Detroit Mercy)Nancy R. MeadJeff Ingalsbe (University of Detroit Mercy)
In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.
read -
Software Assurance: A Master's Level Curriculum
October 26, 2010 • Podcast
Nancy R. MeadThomas B. Hilburn (Embry-Riddle Aeronautical University)Richard C. Linger (Oak Ridge National Laboratory)
In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.
learn more -
Development of a Master of Software Assurance Reference Curriculum - 2010 IJSSE
October 01, 2010 • Article
Nancy R. MeadJulia H. AllenMark A. Ardis (Stevens Institute of Technology)
In this article, the authors summarize the Master of Software Assurance curriculum project, including its history, outcomes, a core body of knowledge, and curriculum architecture.
read -
Guest Editorial Preface for 2010 Special Issue on Software Security Engineering Education
October 01, 2010 • Article
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)
In this preface, the authors describe the rest of the issue, which discusses how to bring software security education to the mainstream.
read -
Security Requirements Reusability and the SQUARE Methodology
September 01, 2010 • Technical Note
Travis ChristianNancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
read -
Building Assured Systems Framework
September 01, 2010 • Technical Report
Nancy R. MeadJulia H. Allen
This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
read -
Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum
August 01, 2010 • Technical Report
Nancy R. MeadJulia H. AllenMark A. Ardis (Stevens Institute of Technology)
In this report, the authors present a master of software assurance curriculum that educational institutions can use to create a degree program or track.
read -
Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines
August 01, 2010 • Technical Report
Nancy R. MeadThomas B. Hilburn (Embry-Riddle Aeronautical University)Richard C. Linger (Oak Ridge National Laboratory)
In this report, the authors describe seven courses for an undergraduate curriculum specialization for software assurance.
read -
Security Requirements Engineering
July 14, 2010 • White Paper
Nancy R. Mead
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
read -
Adapting the SQUARE Process for Privacy Requirements Engineering
July 01, 2010 • Technical Note
Ashwini Bijwe (Carnegie Mellon University)Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
read -
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition
February 22, 2010 • White Paper
Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
read -
Workshop: How to Get Started in Software Assurance Education
February 08, 2010 • Conference Paper
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)
In this workshop, software assurance education is introduced to faculty who are interested in adding these concepts to existing and new educational programs.
read -
Privacy Risk Assessment Case Studies in Support of SQUARE
July 01, 2009 • Special Report
Nancy R. MeadVarokas PanusuwanPrashanth Batlagundu
In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.
read -
Making the Business Case for Software Assurance
April 01, 2009 • Special Report
Nancy R. MeadJulia H. AllenW. Arthur Conklin
In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.
read -
Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses
January 01, 2009 • Book Chapter
Nancy R. MeadDan Shoemaker (University of Detroit Mercy)
In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics
September 05, 2008 • Book Chapter
Nancy R. Mead
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
read -
Identifying Software Security Requirements Early, Not After the Fact
July 08, 2008 • Podcast
Nancy R. MeadJulia H. Allen
In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.
learn more -
SQUARE-Lite: Case Study on VADSoft Project
June 01, 2008 • Special Report
Ashwin GayashVenkatesh ViswanathanDeepa Padmanabhan
In this 2008 report, the authors describe SQUARE and SQUARE-Lite, and using SQUARE-Lite to develop security requirements for a financial application.
read -
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
May 01, 2008 • Technical Note
Nancy R. MeadVenkatesh ViswanathanDeepa Padmanabhan
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
read -
Software Security Engineering: A Guide for Project Managers (book)
March 01, 2008 • Book
Julia H. AllenSean BarnumRobert J. Ellison
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
read -
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods
August 01, 2007 • Technical Note
Nancy R. Mead
In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering
August 22, 2006 • Book Chapter
Nancy R. Mead
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
read -
Security Quality Requirements Engineering (SQUARE): Case Study Phase III
May 01, 2006 • Special Report
Lydia ChungFrank HungEric Hough
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
read -
Security Quality Requirements Engineering Technical Report
November 01, 2005 • Technical Report
Nancy R. MeadEric HoughTed Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
read -
Recommended Practices - Chapter from Secure Coding in C and C++
August 19, 2005 • Book Chapter
Noopur DavisChad DoughertyNancy R. Mead
In this book chapter, the authors recommend specific development practices for improving the overall security of your C/C++ application.
read -
System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II
May 01, 2005 • Special Report
Dan GordonNeha WattasEugene Yu
In this report, the authors describe the second phase of an application of the SQUARE Methodology on an asset management system.
read -
Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System
December 01, 2004 • Special Report
Peter ChenMarjon DeanDon Ojoko-Adams
In this 2004 report, the authors describe the first case study that applied the SQUARE methodology to an organization.
read -
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies
November 01, 2004 • Technical Note
Nick XieNancy R. MeadPeter Chen
In this 2004 report, the authors describe a cost/benefit analysis for estimations in small companies' information security improvement projects.
read -
Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends (FY 2004)
October 01, 2004 • Technical Report
John K. BergeyEdwin J. MorrisJeannine Siviy
This report describes the IR&D projects that were conducted during fiscal year 2004 (October 2003 through September 2004).
read -
Industrial Input to the Computing Curriculum
September 26, 2004 • Book Chapter
Nancy R. Mead
In this book chapter, the authors discuss successful collaborations between industry and universities that improve software engineering education.
read -
Requirements Engineering for Survivable Systems
September 01, 2003 • Technical Note
Nancy R. Mead
In this 2003 report, Nancy Mead describes the state of requirements engineering for survivable systems.
read -
International Liability Issues for Software Quality
July 01, 2003 • Special Report
Nancy R. Mead
In this 2003 report, Nancy Mead focuses on international liability as it relates to information security for critical infrastructure applications.
read -
Life-Cycle Models for Survivable Systems
October 01, 2002 • Technical Report
Richard C. Linger (Oak Ridge National Laboratory)Howard F. LipsonJohn McHugh
In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
read -
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations
July 01, 2002 • Special Report
Heidi J. EllisAna M. Moreno (Universidad Politecnica de Madrid)Nancy R. Mead
In this 2002 report, the authors describe a study of reeducating non-software professionals and practitioners to become software engineers.
read -
Foundations for Survivable Systems Engineering
May 20, 2002 • White Paper
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Nancy R. Mead
In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
read -
Can We Ever Build Survivable Systems from COTS Components?
December 01, 2001 • Technical Note
Howard F. LipsonNancy R. MeadAndrew P. Moore
In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.
read -
Survivable Network Analysis Method
September 01, 2000 • Technical Report
Nancy R. MeadRobert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read -
Case Study in Survivable Network System Analysis
September 01, 1998 • Technical Report
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
read -
Survivable Network Systems: An Emerging Discipline
November 01, 1997 • Technical Report
David FisherRichard C. Linger (Oak Ridge National Laboratory)Howard F. Lipson
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
read -
Best Training Practices Within the Software Engineering Industry
November 01, 1996 • Technical Report
Nancy R. MeadLawrence TobinSuzanne D. Couturiaux
This report provides the results of a benchmarking study to identify the best training practices within the software engineering community.
read -
A Case Study in Requirements for Survivable Systems
January 01, 1996 • White Paper
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
read