The Evolving Role of the Chief Risk Officer
May 18 event examines challenges facing the CRO role and the new SEI CRO Certificate Program.
The SEI's Randy Trzeciak discusses the 5th edition of the CERT Guide to Mitigating Insider Threats.
Defending Against DDOS Attacks
Four practices to help defend against DDoS attacks
Best Practices for NTP Services
NTP servers, long considered a foundational service of the Internet, have more recently been used to amplify large-scale DDoS attacks. This blog post explores the challenges of NTP and prescribes best practices for securing accurate time with this protocol.
SEI CERT Division and State Department Team Up on Sub-Saharan Cybersecurity Effort
International Cybersecurity Initiatives team works with Côte d’Ivoire to develop capacity
Three Practice Areas for Using Positive Incentives to Reduce Insider Threat
Positive incentives can complement traditional practices by encouraging employees to act in the best interests of the organization.
Software Engineering Institute Makes CERT C++ Coding Standard Freely Available
The SEI has released the 2016 edition of the SEI CERT C++ Coding Standard as a free website download.
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow
Original Release date - 04/17/2017
VU#334207: DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP
Original Release date - 04/11/2017
VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Original Release date - 04/10/2017
- Report a Vulnerability
- Prototype Software Assurance Framework (SAF): Introduction and Overview In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. Technical Note - 04/06/2017
- Using Malware Analysis to Identify Overlooked Security Requirements This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws Presentation - 03/23/2017
- Building Secure Software for Mission Critical Systems This presentation explores the expanding landscape of vulnerabilities that accompanies the increasing reliance on software and then examines some key steps to help mitigate the increased risk. Presentation - 03/23/2017