New Podcast: The Build Security In Maturity Model
Gary McGraw, Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from 78 high-performing organizations.
New Article on Model-Based Engineering
In this CrossTalk article, the authors discuss how model-based engineering (MBE) offers a means to design, develop, analyze, and maintain a complex system architecture.
New Podcast About Software Assurance Education
In this podcast, Dr. Nancy Mead discusses how, with support from Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
Recent Paper Analyzes the Generated Code from AADL
In this paper, David Keaton describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.
Predicting Software Assurance Using Quality and Reliability Measures
Our newly published report explains how a combination of software development and quality techniques can be used to improve software security and predict software assurance.
SQUARE for Mobile Platforms
Learn how an extension to the SQUARE process was proposed and how applying it to the Android K-9 Mail application developed new requirements for combating malware.
Engage with Us
We can help you with your security and software assurance needs in a number of ways.
New Technical Report: Introduction to SERA
This recent report describes SERA, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
Software Assurance for Executives
Software Assurance for Executives video modules and slide sets provide information and guidance on all stages of the software assurance lifecycle, as well as emerging topics such as cloud computing and standards that support software assurance.
Our Mission: We address security, software assurance, and survivability throughout the development and acquisition lifecycles by creating methods, solutions, and training that can be integrated into your existing practices.
Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the lifecycle was $0.5 million. In addition, Microsoft's own data show that when security was considered throughout the Windows Vista development lifecycle, vulnerabilities were reduced by 45%.
The CERT Cybersecurity Engineering team addresses security and survivability throughout the development and acquisition lifecycles, especially in the early stages. Our products and curricula can be integrated into your existing practices.