CERT-SEI

CERT Division

Secure Coding to Prevent Vulnerabilities

In this blog post, Robert Seacord explores the importance of a well-documented and enforceable coding standard in helping programmers circumvent pitfalls and avoid vulnerabilities.
" class="gotostory">Read More

Two Secure Coding Tools for Android App Analysis

This blog post from Will Klieber is the second in a series on Secure Coding for Android that details our work to develop techniques and tools for analyzing code for mobile computing platforms.
" class="gotostory">Read More

A New Approach for Prioritizing Malware Analysis

In this blog post, the second in a series, Dr. Morales highlights results of analysis that demonstrated the validity (with 98 percent accuracy) of an approach that helps analysts distinguish between the malicious and benign nature of a binary file.
" class="gotostory">Read More

CERT Publishes New C Coding Standard

The CERT C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems prioritizes the worst offenses and aligns with the C11 standard.
" class="gotostory">Read More

AADL and Aerospace

In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL at Aerospace Corporation. This podcast is the second in a series of interviews from the AADL Standards Committee meeting in Pittsburgh.
" class="gotostory">Read More

May 15 Webinar to Focus on Smart Grid Maturity Model

The event will introduce the Smart Grid Maturity Model (SGMM), a common language and framework for grid modernization and a comprehensive, systematic approach for utilities modernizing the grid. Jeffere H. Ferris of IBM is featured presenter.
" class="gotostory">Read More

Heartbleed Q&A

This blog posting presents questions asked by audience members during a Heartbleed webinar held in late April and the answers developed by our researchers.
" class="gotostory">Read More

Needed: Improved Collaboration Between Software & Systems Engineers

This post, the first in a series from Sarah Sheard, identifies similarities and differences between software and systems engineering and describes the benefits both could realize through a more collaborative approach.
" class="gotostory">Read More

CERT Announces Training Dates for Insider Threat Program Manager Certificate

Registration is now open for the CERT Insider Threat Program Manager (ITPM) Certificate training and exam.
" class="gotostory">ITPM Certificate

Wide-Ranging SATURN 2014 Draws Near-Record Attendance

Big data, continuous delivery, and architecture-enabled agility were the watchwords of this year’s conference in Portland where attendees from 20 countries and 111 organizations discussed a range of emerging topics pertinent to practicing software architects.
" class="gotostory">Read More

The Latest Research from the SEI

In this blog post, principal researcher Douglas C. Schmidt highlights recently published SEI technical reports and notes.
" class="gotostory">Read More

A Generalized Model for Automated DevOps

In this blog post, the second in a series, C. Aaron Cois presents a generalized model for automated DevOps and describes the significant potential advantages for a modern software development team.
" class="gotostory">Read More

Agile in the Department of Defense: Sixth Principle

In this episode, SEI researchers Suzanne Miller and Mary Ann Lapham discuss face-to-face conversation, the most efficient and effective method of conveying information to and within a development team.
" class="gotostory">Read More

Establishing Trust in the Wireless Emergency Alerts Service

Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),“trust” has emerged as a key issue for all involved.
" class="gotostory">Read More

Architecture Analysis of Unmanned Aerial Vehicles Using AADL: A Real-World Perspective

This blog post presents independent research that aims to evaluate the safety concerns of several unmanned aerial vehicle systems using AADL.
" class="gotostory">Read More

SEI to Host 11th ACE Educators Workshops

2014 ACE event will incorporate the SEI’s two-day Advanced Software Architecture Workshop
" class="gotostory">Read More

New Cross-Sector Group to Advance the Practice of Cyber Intelligence

The Cyber Intelligence Research Consortium aims to help organizations make better judgments and quicker decisions related to cyber intelligence.
" class="gotostory">Read More

Is Your Organization Ready for Agile

In this blog post, the latest in a series, Suzanne Miller introduces a method to help organizations understand which Agile practices are already in use to formulate a more effective adoption strategy.
" class="gotostory">Read More

Android, Heartbleed, Testing, and DevOps: An SEI Blog Mid-Year Review

This post takes a look back at our most popular areas of work (at least according to you, our readers) and highlights our most popular blog posts for the first half of 2014, as well as links to additional related resources that readers might find of interest.
" class="gotostory">Read More

The Latest Research from the SEI

This blog post highlights recently published SEI technical reports and notes in the areas of secure coding, CERT Resilience Management Model, malicious-code reverse engineering, systems engineering, and incident management.
" class="gotostory">Read More

Four Principles of Engineering Scalable, Big Data Systems

Ian Gorton presents four principles to help architects validate major design decisions and guide them through the complex trade-offs required of all big data systems.
" class="gotostory">Read More

HTML5 for Mobile Software Applications at the Edge

Grace Lewis describes research aimed at evaluating the use of HTML5 to develop mobile software applications for use in tactical edge requirements.
" class="gotostory">Read More

HTML5 for Mobile Software Applications at the Edge

Grace Lewis describes research aimed at evaluating the use of HTML5 to develop mobile software applications for use in tactical edge requirements.
" class="gotostory">Read More

The Changing Relationship of Systems and Software in Satellites: A Case Study

This blog posting, the second in a series from Sarah Sheard about the relationship of software engineering and systems engineering, shows how software technologies have come to dominate what formerly were hardware-based systems.
" class="gotostory">Read More

A Taxonomy for Managing Operational Cybersecurity Risk

This blog post highlights a recent research effort to create a taxonomy that provides organizations a common language and set of terminology they can use to discuss, document, and mitigate operational cybersecurity risks.
" class="gotostory">Read More

SEI Hosts Cybersecurity Address by DOJ’s John P. Carlin

Assistant Attorney General for National Security calls for better cooperation among industry, academia, and government; lauds Pittsburgh as center of expertise
" class="gotostory">Read More

Agile Collaboration Group Spurs Knowledge Sharing

Saves members time and shortcuts the learning curve for applying Agile methods
" class="gotostory">Read More

Principles of Big Data Systems: You Can’t Manage What You Don’t Monitor

This post continues the series on the four principles of building big data systems and describes how to address one of the challenges of big data, namely, how to monitor in the face of scale and complexity.
" class="gotostory">Read More

Systems Engineering in Defense and Non-Defense Industries

Better systems engineering supports better software development, and both support better acquisition project performance. This blog post analyzes project performance based on systems engineering activities in the defense and non-defense industries.
" class="gotostory">Read More

Architecture Analysis with AADL

Register for this free webinar on Thursday, September 11, at 1:30 p.m. (EDT) to see how the Architecture Analysis and Design Language (AADL), may be used to design and validate a safety critical system.
" class="gotostory">Read More

Research Explores Automated Buffer Overflow Protection

Buffer overflow is the leading cause of software security vulnerabilities. In this blog post, David Keaton details research to create automated buffer overflow protection.
" class="gotostory">Read More

SEI Blog 04-16-14

Test CS 9
" class="gotostory">Read More

Agile Metrics: Seven Categories

If the benefits of agile approaches are to be realized, personnel responsible for overseeing software acquisitions must be fluent in metrics used to monitor these programs. This blog post research to create a reference for personnel who oversee software development acquisition for major systems built by developers applying agile methods. This post also presents seven categories for tracking agile metrics.
" class="gotostory">Read More

Eliciting & Analyzing Unstated Requirements

The rise of sociotechnical ecosystems allows us to work in a mind and data space that extends beyond anything that we could have imagined 20 or 30 years ago, but such complexity makes it difficult to elicit requirements. This blog post highlights research to develop an approach for determining unstated needs of stakeholders in these large, diverse systems.
" class="gotostory">Read More

Educators Gather at SEI for 11th Annual ACE Workshop

The Architecture-Centric Engineering Workshop for Educators fosters an exchange of ideas among educators of software architecture and software product lines. This year’s workshop addressed issues of advanced software architecture.
" class="gotostory">Read More

Evolutionary Improvements of Quality Attributes: Performance in Practice

In this blog post, Neil Ernst summarizes research results on slicing (refining) performance in two production software systems as well as ratcheting (periodic increase of a specific response measure) of scenario components to allocate QAR work.
" class="gotostory">Read More

HTML5, Agile, Insider Threat, Reliability, and Future Software Architectures

In this blog post, Douglas C. Schmidt highlights the latest published research from SEI technologists.
" class="gotostory">Read More

Leading and advancing software and cybersecurity to solve the nation's toughest problems

Research and Publications

Training

Learn More About the SEI:

NEWS

  • CERT's Will Dormann Provides Insight on the AVG Toolbar Vulnerability
    Media Coverage - 07/10/2014

EVENTS

  • FloCon 2015
    FloCon 2015 is a network security conference that takes place in Portland, Oregon, in January 2015. Registration is now open, and we are accepting abstracts for presentations, posters, and demonstrations that support this year's conference theme, "Formalizing the Art."
    Conferences - 01/12/2015

WEBINARS

Blogs

PODCASTS

Establishing Trust in the Wireless Emergency Alerts Service

HTML5 for Mobile Apps at the Edge

In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in the battlefield. Podcast - 08/14/2014
Establishing Trust in the Wireless Emergency Alerts Service

Applying Agile in the DoD: Seventh Principle

In this podcast, Suzanne Miller and Mary Ann Lapham explore the application of the seventh Agile principle in the Department of Defense, working software is the primary measure of progress. Podcast - 07/24/2014