Keep Up with the Latest

Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.

Take a Course

Introduction to the CERT Resilience Management Model
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM) v1.1.

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
By participating in the workshop series, you will work with industry and government experts and other industry-leading organizations on one of the most significant challenges facing businesses: managing operational risk.

CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT Resilience Management Model (CERT-RMM) v1.1.

Security Requirements Engineering Using the SQUARE Method
This workshop presents an overview of security requirements engineering and the SQUARE methodology.

Malware Analysis Apprenticeship
This five-day, hands on course provides participants with an opportunity to learn best practices for analyzing malicious code.

Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis.

Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Learn About Our Tools

We have team as created tools and techniques to helps engineers detect, eliminate, and avoid creating vulnerabilities in software.

Our researchers develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

We have created technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations. Visit our forensics tools repository and contact us if you have any questions.

In the field of secure coding, we have developed downloadable (free and open-source) tools that help software developers reduce the number of vulnerabilities in their code, including static taint flow analysis for Android app sets, a tool to secure the use of C and C++ integers, and static analyzers for C and C++ code.

Explore Our Research

We conduct research in a variety of areas. Explore our research pages, and contact us to discuss how we can collaborate to advance this research or discuss new research opportunities. In addition, you can collaborate with us on our ongoing project to improve our initial static taint flow analysis for Android app sets. For existing coding standards under development, such as C, C++, Java, Perl, and the Android platform, join the secure coding wiki to get involved. Contact us to contribute to the development of new secure coding standards for languages including Ada, C#, Fortran, Python, JavaScript, and SPARK or the iOS or Windows 8 smartphone platforms.

Read About FloCon 2015

FloCon 2015, an annual network security conference, takes place in Portland, Oregon January 12-15, 2015, at the Hilton Portland & Executive Tower.