Software engineering organizations now are in an environment that is more uncertain—due in large part to the increasingly distributed nature of software development.
How well those organizations navigate through this environment will determine their success or failure, and effective navigation requires a new view of risk analysis and management. The SEI tackles risk analysis and management in distributed development at both the project and organization levels, throughout the software development life cycle.
Software development organizations are concerned about direct attacks on a software supply chain to insert malicious code. However, it is more likely that defects or vulnerabilities will be inadvertently inserted during development. And, unfortunately, today's complex supply chains tend to increase the risk of that occurring. The SEI offers approaches to identify and mitigate risks due to complex software supply chains.
The integration phase is a major source of cost and risk in software-reliant systems. Studies show that half of all defects in software development are found in this phase, at the time when they are more costly and time-consuming to address. While half of software defects are found during integration, however, more than two-thirds are introduced in the earliest development phases—that is, requirements and design. The SEI offers approaches to find and address defects earlier in the development life cycle.
Successful software sustainment consists of more than modifying and updating source code to correct errors or add new system features. The SEI offers methods, models, and guidance to manage all of the aspects required to support, maintain, and operate the software aspects of a system.