Educators

If you're an educator, you want to learn how best to teach students about developing secure software in today's security-challenged world. We have many resources to help you do just that. Ask yourself the following key questions and read on.

Read our FAQ to learn more about the CERT Division;watch videos and see other artifacts that summarize our latestĀ research. If you have questions, please feel free to contact us.

Have You Studied Our Latest Curricula?

Our Cybersecurity Engineering researchers address security and survivability throughout the software development and acquisition lifecycles.

Software Assurance for Executives
These materials provide executives and managers with a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, as well as sustainment, governance, and standards in support of software assurance.

Master of Software Assurance Curriculum
The Master of Software Assurance Reference Curriculum is the first curriculum ever to be developed that focuses on assuring the functionality, dependability, and security of software and systems.

Survivability and Information Assurance (SIA) Curriculum
This curriculum in survivability and information assurance (SIA) offers a problem-solving methodology built on key SIA principles, which are independent of specific technologies.

Have You Included These Important Topics in Your Syllabus?

Secure Coding

Secure Coding Standards
Our secure coding researchers coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

Android app security analysis, as well as Integer Security, Compiler-Enforced Buffer Overflow Elimination, Thread Role Analysis, pointer use, and secure string handling are secure coding topics that are important for students to learn about. To help you teach these subjects, we offer free and open source educational presentations, white papers, conference papers, blog posts; we also offer free, open source software tools that address these topics.

Insider Threat

Insider Threat Research
Much of our insider threat research draws on a database of hundreds of real insider threat cases collected from news media, industry reports, and other public sources. Once segmented and coded, the data drives anonymized, custom studies of many aspects of the insider threat problem.

Insider Threat Best Practices
The CERT Division has created 19 best practices for mitigating IP theft, IT sabotage, and fraud.

Incident Management

CSIRT Development
These products and services are available to the global CSIRT community.

National CSIRT Support
The CERT Division recognizes the unique issues facing national computer security incident response teams (CSIRTs) and provides information and resources that help provide mechanisms for cooperation and collaboration among the organizations that fill this role around the globe.

Risk Management

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
OCTAVE is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning.

Operational Resilience

Resilience Measurement and Analysis
This research identifies measures and analyses that organizations can use to determine the quality of their resilience processes.

CERT Resilience Management Model
Read about the CERT-RMM, a capability model for operational resilience management.

Requirements Management

Security Quality Requirements Engineering (SQUARE) Methodology
SQUARE is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle.

Incorporate Our Curricula and Materials into Your Program

Software Assurance Curriculum
The Master of Software Assurance Reference Curriculum is the first curriculum ever to be developed that focuses on assuring the functionality, dependability, and security of software and systems.

Survivability and Information Assurance (SIA) Curriculum
This curriculum in survivability and information assurance (SIA) offers a problem-solving methodology built on key SIA principles, which are independent of specific technologies.

Software Assurance for Executives
Our course materials give executives and managers a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, and sustainment, governance, as well as standards in support of software assurance.

Software Assurance Competency Model
This model is a foundation for assessing and advancing the capability of software assurance professionals. It is designed to help organizations and individuals determine software assurance competency across a range of knowledge areas and units.

Lecture Materials and Artifacts
Lecture materials and artifacts in the following categories are available for use in a software assurance program or track: SQUARE, Secure Programming, Secure Software Management, Software Security Engineering, Case Studies, and Static Analysis for Software Quality.

Include Security Topics in Your Educational Program

The following products are relevant to security education:

Building Security into Software

Security Quality Requirements Engineering (SQUARE) Methodology
SQUARE is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle.

Secure Coding

Secure Coding Standards Research
Our researchers coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

DidFail
The DidFail tool uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

Rosecheckers Tool
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.

Integer Security Tool
Our researchers are working on a number of solutions for addressing the issue of integer security, including including the "as-if infinitely ranged" AIR prototype.

Secure Coding Validation Suite
The Secure Coding Validation Suite is a set of tests that validate the rules defined in ISO Technical Specification 17961.

CERT Secure Coding Training
We train coders to use the CERT Secure Coding Standards to improve their coding and help avoid common pitfalls (e.g., avoid coding in vulnerabilities). We have written books that guide teachers and users about these standards, and we address the topic of secure coding in our many articles, research papers, and SEI technical reports.

Managing Risks

CERT-RMM
Apply a process improvement approach to manage operational risk and resilience, security, business continuity, and IT operations.

OCTAVE
These tools, techniques, and methods for risk-based strategic assessment and planning of information security can help you assess your organization's information security needs.

Combating the Insider Threat

Insider Threat Best Practices
Use these practices to mitigating IP theft, IT sabotage, and fraud in your organization.

Insider Threat Datasets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.

Take a Course

Introduction to the CERT Resilience Management Model
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM) V1.1.

CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT Resilience Management Model (CERT-RMM) V1.1.

Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
Improve your organizational resilience by attending a year-long series of workshops at a Software Engineering Institute (SEI) facility. You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide.

OCTAVE Approach Instructor Training
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course.

Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Secure Coding in Java
This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation.

Implement a Software Assurance Educational Track

Implement a Master's in Software Assurance program or track.

Contribute to Our Secure Coding Standards

Contribute to our Secure Coding Standards by joining the secure coding wiki, or submit materials to help support the Software Assurance education community.

Ask Us to Help You

Contact us to train your employees, develop curricula for degree programs or employee training programs, assess your organization, or measure your organization's risks.

Have your students use our tools (e.g., DidFail) to learn about and discover software vulnerabilities that result from insecure coding. Contact us if you have questions about how to use DidFail or any of the other Secure Coding tools.

Contact us if you would like your students to work with us to develop secure coding rules and guidelines for Android, iOS, or Windows 8 smartphone applications.

If you might like your students to develop static analyzers for code to check compliance with the CERT secure coding rules and guidelines, contact us. We sometimes have opportunities for Master's thesis projects.

Connect on Social Media

Connect with the software assurance community on LinkedIn.