SEI Cyber Minute: Code Flaw Alert Classification
Can you apply statistical methods to triage and prioritize static analysis alerts when there may be too many alerts to address them all?
Stempfley Named New Director of CERT Division
The Software Engineering Institute has announced the appointment of Roberta G. (Bobbie) Stempfley as director of the SEI’s CERT Division.
SEI Cyber Minute: Adding Security to Agile's Scrum
The SEI's Mark Sherman explains the benefits of addressing software security issues during the scrum.
Machine Learning in Cybersecurity
Machine learning is playing a critical role across technologies and practices we are developing to reduce the opportunity for and limit the damage of cyber attacks.
FloCon 2018 to Move Beyond Flow Data
Expanded technical program will explore big-data security analytics on a range of data sets.
Ransomware: Best Practices for Prevention and Response
What has fueled the rise in ransomware, and what steps should you take to protect against an attack?
Enterprise Risk Management
The SEI's Summer Folwer explains why the need for a dedicated chief risk officer has never been greater.
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#489392: Acronis True Image fails to update itself securely
Original Release date - 06/19/2017
VU#846320: Samsung Magician fails to update itself securely
Original Release date - 06/15/2017
VU#768399: HPE SiteScope contains multiple vulnerabilities
Original Release date - 06/13/2017
- Report a Vulnerability
- Thinking about Intrusion Kill Chains as Mechanisms We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature. Presentation - 05/02/2017
- Prototype Software Assurance Framework (SAF): Introduction and Overview In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. Technical Note - 04/06/2017
- Using Malware Analysis to Identify Overlooked Security Requirements This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws Presentation - 03/23/2017