Security Hardening the DevOps Way
Demand is growing for the art of security hardening. Aaron Volkmann tells how to execute a security hardening strategy with a DevOps mindset.
What is Blockchain? What is Bitcoin?
Why are government and industry organizations from banking to defense investing in blockchain research and development? Eliezer Kanal explores the promise and the risks.
How to Think Like an Analyst
What does it mean to think like an analyst? This blog post introduces a framework for security operations center staff and others.
SEI Cyber Minute: Code Flaw Alert Classification
Can you apply statistical methods to triage and prioritize static analysis alerts when there may be too many alerts to address them all?
Stempfley Named New Director of CERT Division
The Software Engineering Institute has announced the appointment of Roberta G. (Bobbie) Stempfley as director of the SEI’s CERT Division.
FloCon 2018 to Move Beyond Flow Data
Expanded technical program will explore big-data security analytics on a range of data sets.
Ransomware: Best Practices for Prevention and Response
What has fueled the rise in ransomware, and what steps should you take to protect against an attack?
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency
Original Release date - 07/27/2017
VU#838200: Telerik Web UI contains cryptographic weakness
Original Release date - 07/25/2017
VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account
Original Release date - 07/20/2017
- Report a Vulnerability
- Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. Special Report - 07/11/2017
- DidFail: Coverage and Precision Enhancement This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps. Technical Report - 07/06/2017
- Thinking about Intrusion Kill Chains as Mechanisms We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature. Presentation - 05/02/2017
CERT Data Science in Cybersecurity Symposium
In this symposium we will highlight tooling and methodology advances, review a number of government use cases where data science has been used to great effect, and provide a demonstration of the capabilities that these tools can provide.
Workshop - 08/10/2017