Cyber Risk Appetite
Defining your cyber risk appetite can give you value ranges for key performance indicators.
Reverse Engineering Malware Analysis Tool Released on Github
Static analysis tool automates common reverse engineering tasks.
CERT Guide to Coordinated Vulnerability Disclosure Released
The CERT Guide to Coordinated Vulnerability Disclosure is available as a free download from the CERT Division website.
Secure Coding Standards
The SEI's Bob Schiela explains how CERT Secure Coding Standards can help developers avoid software vulnerabilities before the code is released.
Securing Open Source Components
Nearly 2 billion vulnerable components are downloaded annually, and the average application has more than 20 open source vulnerabilities. Mark Sherman recommends the SPDO approach to secure open source components to diminish the risk and the impact.
Security Hardening the DevOps Way
Demand is growing for the art of security hardening. Aaron Volkmann tells how to execute a security hardening strategy with a DevOps mindset.
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#101048: Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability
Original Release date - 09/13/2017
VU#240311: Multiple Bluetooth implementation vulnerabilities affect many devices
Original Release date - 09/12/2017
VU#166743: Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities
Original Release date - 09/08/2017
- Report a Vulnerability
- Defining a Progress Metric for CERT-RMM Improvement Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities. Technical Note - 09/08/2017
- The CERT Guide to Coordinated Vulnerability Disclosure This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go awry and how to respond when it does so. Special Report - 08/15/2017
- Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. Special Report - 07/11/2017
Four Valuable Data Sources for Network Security Analytics
This webinar will focus on the development and application of combined data analytics and will offer several examples of analytics that combine domain resolution data, network device inventory and configuration data, network flow records, and intrusion detection system alerts.
Webinar - 10/04/2017