U.S. Military continues focus on software engineering for artificial intelligence (AI) and cyber security

Summary points:

• The SEI advances secure, high-quality software for defense and critical infrastructure.
• Contract supports research in trusted computing, artificial intelligence (AI), DevSecOps, cyber threat response, and secure systems engineering.
• SEI created the industry-standard Capability Maturity Model Integration (CMMI), and continues to pioneer software quality and cyber security through its CERT division.

HANSCOM AIR FORCE BASE, Mass. – U.S. military information technology experts are continuing their support for software engineering to develop high-quality, secure, and reliable digital code for national defense and critical infrastructure.

Officials of the U.S. Air Force Life Cycle Management Center at Hanscom Air Force Base, Mass., announced a $1.5 billion five-year sole-source contract Monday to Carnegie Mellon University in Pittsburgh to operate the Software Engineering Institute (SEI) research center.

The contract is for research, development, and prototyping of advanced technology to meet U.S. military and national security needs. The SEI, founded in 1984, is a federally funded research and development center operated by Carnegie Mellon University and sponsored by the U.S. Department of Defense (DOD).

In addition to software engineering, the SEI focuses on cyber security and trusted computing; software architecture and engineering; artificial intelligence (AI); DevSecOps and agile adoption; system resilience and assurance; military acquisition and sustainment of software; threat analysis; cyber security incident response; security engineering; and vulnerability analysis. DevSecOps refers to the practice of integrating security considerations throughout the entire software development life cycle.

Cyber security

The SEI's CERT division is one of its most recognized arms, created in response to the Morris worm in 1988. It is a leading cyber security research center that develops methods and tools to counter sophisticated cyber threats. CERT also focuses on computer and network security and resilience by partnering with government, industry, law enforcement, and academia.

Among the SEI's most notable achievements is developing the Capability Maturity Model (CMM/CMMI) that defines five maturity levels for software development, and helps rate an organization's prowess in software engineering disciplines. SEI levels are used widely in government and defense software contracts.

The gold standard in software engineering, for example, is the SEI's level 5, which indicates a company continually pursues software innovations and improvements; and analyzes root causes of defects.

Rating software expertise

SEI level 4 indicates that a company quantitatively manages its software processes; level 3 indicates a company documents and standardizes its software-development processes; level 2 indicates a company has established basic software project management practices; and level 1 indicates a company's software processes are unpredictable, poorly controlled, and reactive.

The SEI also has done important work in software architecture and modeling, and has developed tools and frameworks for secure software design and acquisition best practices.

On this contract Carnegie Mellon will do the work in Pittsburgh, and should be finished by June 2030. For more information contact the Software Engineering Institute online at www.sei.cmu.edu, or the Air Force Life Cycle Management Center at www.aflcmc.af.mil.