Incorporate Our Curricula and Materials into Your Program
Software Assurance Curriculum
The Master of Software Assurance Reference Curriculum is the first curriculum ever to be developed that focuses on assuring the functionality, dependability, and security of software and systems.
Survivability and Information Assurance (SIA) Curriculum
This curriculum in survivability and information assurance (SIA) offers a problem-solving methodology built on key SIA principles, which are independent of specific technologies.
Software Assurance for Executives
Our course materials give executives and managers a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, and sustainment, governance, as well as standards in support of software assurance.
Software Assurance Competency Model
This model is a foundation for assessing and advancing the capability of software assurance professionals. It is designed to help organizations and individuals determine software assurance competency across a range of knowledge areas and units.
Lecture Materials and Artifacts
Lecture materials and artifacts in the following categories are available for use in a software assurance program or track: SQUARE, Secure Programming, Secure Software Management, Software Security Engineering, Case Studies, and Static Analysis for Software Quality.
Include Security Topics in Your Educational Program
The following products are relevant to security education:
Building Security into Software
Security Quality Requirements Engineering (SQUARE) Methodology
SQUARE is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle.
Secure Coding Standards Research
Our researchers coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.
The DidFail tool uses static analysis to detect potential leaks of sensitive information within a set of Android apps.
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.
Integer Security Tool
Our researchers are working on a number of solutions for addressing the issue of integer security, including including the "as-if infinitely ranged" AIR prototype.
Secure Coding Validation Suite
The Secure Coding Validation Suite is a set of tests that validate the rules defined in ISO Technical Specification 17961.
CERT Secure Coding Training
We train coders to use the CERT Secure Coding Standards to improve their coding and help avoid common pitfalls (e.g., avoid coding in vulnerabilities). We have written books that guide teachers and users about these standards, and we address the topic of secure coding in our many articles, research papers, and SEI technical reports.
Apply a process improvement approach to manage operational risk and resilience, security, business continuity, and IT operations.
These tools, techniques, and methods for risk-based strategic assessment and planning of information security can help you assess your organization's information security needs.
Combating the Insider Threat
Insider Threat Best Practices
Use these practices to mitigating IP theft, IT sabotage, and fraud in your organization.
Insider Threat Datasets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.
Take a Course
Introduction to the CERT Resilience Management Model
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM) V1.1.
CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT Resilience Management Model (CERT-RMM) V1.1.
Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.
CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
Improve your organizational resilience by attending a year-long series of workshops at a Software Engineering Institute (SEI) facility. You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide.
OCTAVE Approach Instructor Training
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course.
Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.
Secure Coding in Java
This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation.