Security and Software Engineering

Research Center

A partnership between Industry, Academia, and Government working to solve the security problems of tomorrow today.

We propose to establish a Security and Software Engineering Research Center (S²ERC) to address the need for initiating and disseminating security and software engineering research technology nationwide. Advances in software engineering are critical not only to the technical capabilities and performance of the software product, but also for the development process of systems such as missile guidance, fire control, radar, satellites, navigation, GPS, sensors, communications and computer-aided medical diagnoses and robotics.  Modern society is critically dependent on a wide range of software systems.  It is well known that software is typically delivered late and over budget, often missing a marketing window of opportunity.  Software failures make headlines because minimally they inconvenience people, and in the worst case they cause catastrophic results.  The software industry, a dominant factor in the U.S. economy, can retain its fair share of this industry if it can achieve an appropriate level of software quality consistently and economically. 

Defending our software systems is an elusive art. The arsenal to defend our devices from attack is constantly lagging behind the latest methods used by attackers to break into them and subsequently into our networks. As the impetus behind malicious attacks shifts from fun to profit, researchers have seen increasing sophistication in the techniques employed by attackers. Additionally, the proliferation of networked applications and the movement of functionality to end-systems allows applications to achieve better scalability and usability. However, it also makes them vulnerable as trust is pushed to the fringes of the Internet where end-nodes are more likely to be compromised than core systems.

Making software secure and reliable with limited resources is extremely difficult. Even though we are in our sixth decade of using software as a problem-solving tool, there still is no "best" approach for the timely and cost-effective construction of software.  There are many important open issues facing researchers in software engineering and security as security-critical systems are engineered for this millennium. The mission of the S²ERC will be to conduct applied research on security and software technology problems of interest to our members to enable software technology gains within member organizations.

Documents: