Wrubel, E., Creel, R., and O'Hearn, B., 2025: 5 Essential Questions for Implementing the Software Acquisition Pathway and the Tools to Tackle Them. Carnegie Mellon University, Software Engineering ...

Beginning November 10, defense contracts may require assessments under the CMMC program, which the SEI co-created, but implementation will be phased.

This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.

This report describes in detail what the PSP is and how it works. Starting with a brief discussion of the relationship of the PSP to general quality principles, the report describes how the PSP was ...

Sarvepalli, V., 2019: VPN - A Gateway for Vulnerabilities. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 24, 2025 ...

Brown, N., 2021: Taking DevSecOps to the Next Level with Value Stream Mapping. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Woody, C., 2024: Applying the SEI SBOM Framework. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 22, 2025, https ...

Robert, J., and Schmidt, D., 2024: 10 Benefits and 10 Challenges of Applying Large Language Models to DoD Software Acquisition. Carnegie Mellon University, Software ...

Novak, W., 2023: Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways. Carnegie Mellon University, Software Engineering Institute's ...

Alberts, C., Bandor, M., Wallen, C., and Woody, C., 2023: The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain. Carnegie Mellon ...

Gone but Not Forgotten: Improved Benchmarks for Machine Unlearning May 29, 2024 • White Paper By Keltin Grimes, Collin Abidi, Cole Frank, Shannon Gallagher This paper describes and proposes new ...

The Insider Threat Program Evaluation (ITPE) is an evidence-based, capability-level assessment. The ITPE is designed to benchmark an organization's insider threat program against a reference model ...