CERT Releases Updated Insider Threat Guidebook
The CERT Division SEI announced the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which is available for download on the SEI website.
Six Best Practices for Securing a Robust DNS Infrastructure
The Domain Name System is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong.
Deets Named New Director of CERT Cybersecurity Division
The Software Engineering Institute today announced the appointment of Edward H. (Ned) Deets, III as director of the SEI’s CERT Cybersecurity Division.
Prioritizing Security Alerts: A DoD Case Study
The sheer effort required to triage the large number of potential code flaws identified by static analysis tools can hijack a software project’s budget and schedule.
Mapping the FFIEC Cybersecurity Assessment Tool (CAT) to the CRR
To help financial institutions assess their cyber resilience, we mapped FFIEC CAT statements to Cyber Resilience Review (CRR) questions.
Managing Third Party Risks to Financial Services Organizations
A resilience-based approach can help financial services organizations to manage cyber risks from outsourcing and comply with federal cybersecurity regulations.
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#614751: Hughes satellite modems contain multiple vulnerabilities
Original Release date - 02/15/2017
VU#745607: Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
Original Release date - 02/08/2017
VU#867968: Microsoft Windows SMB Tree Connect Response denial of service vulnerability
Original Release date - 02/02/2017
- Report a Vulnerability
- The CISO Academy In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy. White Paper - 02/23/2017
- Supply Chain and Commercial-off-the-Shelf (COTS) Assurance The Software Engineering Institute can help your organization apply techniques to reduce software supply chain risk. White Paper - 01/24/2017
- SQUARE Frequently Asked Questions (FAQ) This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle. White Paper - 01/05/2017