Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
Leading and advancing software and cybersecurity to solve the nation's toughest problems

Research and Publications

  • 2017 Emerging Technology Domains Risk Survey This report summarizes our understanding of future technologies. It helps US-CERT identify vulnerabilities, promote good security practices, and understand vulnerability risk. Technical Report - 10/05/2017
  • R-EACTR: A Framework for Designing Realistic Cyber Warfare Exercises Introduces a design framework for cyber warfare exercises. It ensures that in designing team-based exercises, realism is factored into every aspect of the participant experience. Technical Report - 09/29/2017
  • Architecture Practices for Complex Contexts This doctoral thesis, completed at Vrije Universiteit Amsterdam, focuses on software architecture practices for systems of systems, including data-intensive systems. White Paper - 09/26/2017
  • Defining a Progress Metric for CERT-RMM Improvement Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities. Technical Note - 09/08/2017


Learn More About the SEI:


  • CERT Division's Summer Fowler: Equifax data breach — here's what we can learn from it
    Media Coverage - 09/13/2017


    Error in element (see logs)




Establishing Trust in the Wireless Emergency Alerts Service

DNS Blocking to Disrupt Malware

In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets. Podcast - 10/12/2017
Establishing Trust in the Wireless Emergency Alerts Service

Best Practices: Network Border Protection

In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. Podcast - 09/21/2017
Establishing Trust in the Wireless Emergency Alerts Service

Verifying Software Assurance with IBM’s Watson

In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review. Podcast - 09/07/2017