- Work Areas
Welcome to CERT
New Publications
About CERT
Our mission at the CERT Division is to anticipate and solve the nation's cybersecurity challenges.
- Training
- About Us
Cybersecurity Engineering
Acquisition Article Published in Crosstalk
In the May/June 2017 issue of Crosstalk, the authors discuss the growing challenge of cyber risks in the defense supply chain.
Cybersecurity Engineering
SEI Book Series in Software Engineering
Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.
Cybersecurity Engineering
Paper Analyzes the Generated Code from AADL
In this paper, David Keaton describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.
Cybersecurity Engineering
Predicting Software Assurance Using Quality and Reliability Measures
Our newly published report explains how a combination of software development and quality techniques can be used to improve software security and predict software assurance.
Cybersecurity Engineering
SQUARE for Mobile Platforms
Learn how an extension to the SQUARE process was proposed and how applying it to the Android K-9 Mail application developed new requirements for combating malware.
Cybersecurity Engineering
Engage with Us
We can help you with your security and software assurance needs in a number of ways.
Cybersecurity Engineering
Software Assurance for Executives
Software Assurance for Executives video modules and slide sets provide information and guidance on all stages of the software assurance lifecycle, as well as emerging topics such as cloud computing and standards that support software assurance.
Cybersecurity Engineering
CERT Is Hiring
Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today.
Our Mission: We address security, software assurance, and survivability throughout the development and acquisition lifecycles by creating methods, solutions, and training that can be integrated into your existing practices.
Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the lifecycle was $0.5 million. In addition, Microsoft's own data show that when security was considered throughout the Windows Vista development lifecycle, vulnerabilities were reduced by 45%.
The CERT Cybersecurity Engineering team addresses security and survivability throughout the development and acquisition lifecycles, especially in the early stages. Our products and curricula can be integrated into your existing practices.
We develop methods for building security in.
Our Security Quality Requirements Engineering (SQUARE) process, Survivability Analysis Framework, and Building Assured Systems Framework, each help you to build assured systems. We also have tools that adapt the SQUARE process to consider privacy (P-SQUARE) and acquisition (A-SQUARE).
We develop methods for analyzing your development lifecycle.
Our Complexity Modeling and Analysis research helps you analyze complexity and integration issues throughout the development lifecycle to ensure that development is proceeding as planned. We can also help you link security decisions to mission-critical needs.
We develop ways to reduce risk in your supply chain.
Our Supply Chain Assurance research shows you how to reduce risk from software defects, while leveraging the significant opportunities supply chains afford.
We develop tools for measuring and analyzing software security.
Our Software Security Measurement and Analysis research, including our Integrated Measurement and Analysis Framework (IMAF) and Mission Risk Diagnostic (MRD) approaches, helps you establish and measure the confidence that a software-reliant product is sufficiently secure to meet operational needs.
We create software assurance curricula for use in training programs or academic courses.
Our Curricula and Course Materials provide a basis on which organizations and educational institutions can build their own programs. The Software Assurance Competency Model creates a foundation for assessing and advancing the capability of software assurance professionals.Engage with Us
We can help you with your security and software assurance needs in a number of ways.
News & Announcements
- 05/11/2017 SEI to Host High School Cybersecurity Challenge Three-day event will introduce kids to the tools and methods used to stop hackers.
Publications & Media
- 05/02/2017 Thinking about Intrusion Kill Chains as Mechanisms We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature.
- 05/01/2017 Assessing DoD System Acquisition Supply Chain Risk Management In this Crosstalk article, the authors discuss the growing challenge of cyber risks in the defense supply chain.
- 04/06/2017 Prototype Software Assurance Framework (SAF): Introduction and Overview In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.
- 01/24/2017 Supply Chain and Commercial-off-the-Shelf (COTS) Assurance The Software Engineering Institute can help your organization apply techniques to reduce software supply chain risk.
- 01/05/2017 SQUARE Frequently Asked Questions (FAQ) This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.
Most Recent Podcast
RE'14 Tutorial on Gathering Unstated Requirements
SEI researchers will present a tutorial at the 22nd IEEE International Requirements Engineering Conference (RE'14) to describe KJ+, a method for determining the unstated needs of varied stakeholders. Register by July 14 to take advantage of the early-bird discounted rate.
Curriculum Recognized by the IEEE Computer Society and the Association for Computing Machinery
The IEEE Computer Society and the Association for Computing Machinery recognized the Master of Software Assurance Reference Curriculum in an IEEE press release.
Security Quality Requirements Engineering (SQUARE)
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
Software Assurance Curriculum
Our software assurance curriculum and competency model help to prepare the next generation of software security experts.
Survivability Analysis Framework
In this report, the authors describe the Survivability Analysis Framework, which is used to evaluate critical operational capabilities.
Supply Chain Assurance
Our work in supply chain assurance can help you reduce the risk from software defects while leveraging the significant opportunities afforded by supply chains.
Software Security Assurance Measurement and Analysis
Our research into measuring and analyzing software security assurance helps you to establish and measure justified confidence that software-reliant products are sufficiently secure to meet your operational needs.
- Legal
- Terms of Use
- Privacy Statement
- Intellectual Property
Contact Us