Abstract Details

<< Back to Schedule

10/13/2015  |   10:45 AM - 11:30 AM   |  Atlantic I

Struggles at the Frontiers: Achieving Software Assurance for Software-Reliant Systems

Software is a critical part of virtually all of today’s economic, social, and military systems, driving much of their complexity and emergent behavior. At the same time, most software is tightly integrated with hardware in systems that must operate in the physical world. The tight coupling of systems and software creates assurance challenges for engineering life-cycle activities, with the result that software-reliant systems often lack resiliency. Software vulnerabilities, malicious code, and software that does not function as promised pose significant risks to our national security and national interests. This presentation reviews the results of a study of efforts on large programs to enhance their approaches to effectively develop and sustain software-reliant systems. Specifically it addresses the gaps and struggles of building-in software assurance in complex large-scale systems that are composed of many components of differing origins and pedigree, and discusses some current initiatives that target solutions to these assurance issues. The challenges of assuring that large-scale software-reliant systems will operate only as intended and no more or less are formidable. Challenges include the globalization of the industrial base; the cost-consciousness and competitiveness of suppliers; concerns about the insertion of malicious functionality in software and programmable hardware; and heightened awareness of adversaries targeting organizations’ supply chains. Although most programs recognize the need to implement software and hardware assurance throughout the life cycle of their systems, they struggle to establish enterprise solutions to evaluate and assure the integrity and trustworthiness of their systems, components, and services, and to effectively conduct remediation actions where necessary. These struggles are significant challenges to the effective development, fielding, and sustainment of most software-reliant systems. The study indicates that these challenges further manifest themselves in the immaturity of the software engineering discipline when compared to other engineering disciplines; how systems and software engineers are educated in our universities and employed/organized by employers; the different methods, processes, and tools used by systems and software engineers; the increasing use of programmable hardware components throughout the life cycle; and the rapid advancement and leveraging of information technologies. Emerging realizations include the growing need to clarify the changing nature of systems and software engineering disciplines and the associated need to define, recruit, and grow an engineering workforce who have the software engineering competencies to build, acquire, and sustain software-reliant systems. For example, the growing dominance of “computation” as a source of functionality, complexity, and risk in the development and sustainment of assured software-systems makes it imperative to increase awareness of the overlap of roles, responsibilities, and required expertise of the historically separate disciplines of software engineering and systems engineering. Required assurance practices must be built in to the development and sustainment engineering processes throughout the life cycle, rather than controlled from outside the engineering processes; thus, we need to revisit how systems and software engineers are educated, developed, recruited, and managed in order to lessen current struggles in achieving the necessary software assurance for software-reliant systems.

Presentation:
This presentation has not yet been uploaded.

Handouts:
No handouts have been uploaded.

Kenneth Nidiffer (Primary Presenter), Software Engineering Institute, nidiffer@sei.cmu.edu;
Dr. Kenneth E. Nidiffer has over 55 years of government, industry, and academic experience in the field of software and systems engineering. Ken has successfully executed positions as a Colonel in the United States Air Force, Senior Vice-President at Fidelity Investments, Vice President of the Software and Systems Consortium, and Director of Technical Operations/Engineering at Northrop Grumman Corporation. He is currently the Director of Strategic Plans for Government Programs at the SEI. Ken received his BS degree in Chemical Engineering from Purdue University, Indiana; his MS degree in Astronautical Engineering from the Air Force Institute of Technology, Ohio; his MBA degree from Auburn University, Alabama; and his DSc in Systems Engineering from George Washington University, Washington, DC.

2013 Sponsors: IEEE and IEEE Computer Society