Carol Woody

Dr. Carol Woody has been a senior member of the technical staff at the Software Engineering Institute, Carnegie Mellon University since 2001. Currently she is the technical lead of the cyber security engineering team whose research focuses on building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.

Carnegie Mellon University

Software Engineering Institute

4500 Fifth Avenue

Pittsburgh, PA 15213 Phone: 412-268-9137 E-mail:

List of CrossTalk articles:

Assessing DoD System Acquisition Supply Chain Risk Management (May/Jun 2017)

Abstract. Defense capabilities are supported by complex supply chains. This is true for weapons systems and large “systems of systems” that enable force projection — for example, a weapons system like the F-35 Fighter. It is also true for service supply chains — for example, the array of private logistics ...

Model-Based Engineering for Supply Chain Risk Management (Sep/Oct 2015)

Abstract. Expanded use of commercial components has increased the complexity of system assurance verification. Model-based engineering (MBE) offers a means to design, develop, analyze, and maintain a complex system architecture. Architecture Analysis & Design Language (AADL), which has tools for modeling and compliance verification, provides an effective capability to model ...

The Impact of Contextual Factors on the Security of Code (May/Jun 2015)

Abstract. Non-technical decisions made in policy, acquisition, governance, resources, processes, and every other aspect of managing software have a direct impact on the resulting operational security. However, these relationships are hidden because the structures we use to govern and organize software do not highlight the security decisions made throughout the ...

Evaluating Security Risks Using Mission Threads (Sep/Oct 2014)

Abstract. Mission threads describe operational process steps required to perform organizational functions. Researchers from the Carnegie Mellon Software Engineering Institute (SEI) explored the use of mission threads to connect desired operational capability to the underlying technology for analysis of system and software qualities such as security. The SEI has successfully ...