How Can You Tell If Software Is Vulnerable?
Our work in Vulnerability Analysis helps engineers detect, eliminate, and avoid creating vulnerabilities in software.
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.
Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.
What Constitutes Secure Programming?
We perform research and development in the area of secure coding to create tools to support the creation of secure code right from the start and others to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). Current secure coding research includes the following:
Thread Role Analysis
Thread role analysis research focuses on flaws involving incorrect thread usage. These flaws lead to vulnerabilities such as race conditions and deadlock.
Compiler-Enforced Buffer Overflow Elimination
C and C++ are prone to errors that can lead to buffer overflows and other exploitable vulnerabilities. We are researching how to solve these problems intelligently.
Mobile Standards and Analysis
The Mobile Standards and Analysis research extends CERT Secure Coding Standards and our software analysis (SCALe) research and development to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8.
Secure Coding Standards
We coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.
Pointer Ownership Model
Incorrect use of pointers is a common source of bugs and vulnerabilities in C and C++. We are working on an approach that helps developers ensure that their designs and code are secure.
Integer overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. Our researchers have worked on a number of solutions for addressing the issue of integer security.
What Makes a Network Secure?
We develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks. Our current research in this area includes the following topics: Scalable Intrusion Detection, Anomaly Detection, Network Profiling, Incident Handling, Advanced Persistent Threat / Intrusion Set Studies, Closed Network Defense, Indicator Expansion, Sophisticated Malware Detection, Metrics and Measurement, Network Defense Architecture and Engineering, Network Security Test Beds, and Network Security Prototyping.
What Makes Incident Management Effective?
We support the international response team community by helping organizations and national CSIRTs develop, operate, and improve incident management capabilities. Read about our incident management work or lean about the related current research topics:
- Communication Study
- security and ontology
- incident management and CSIRT best practices
- CSIRT evaluation metrics, measurements, and tools
- incident management body of knowledge
- response strategies and best practices for various incident types
What Are the Latest Investigative Techniques?
We create technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations. Read more about our forensics work, and the research into leveraging online social media to discover malicious activity and automating text extraction and video exploitation improvement.
What Are the Latest Patterns Discovered in Insider Threat Cases?
Our work in the field of insider threat enables effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats. Our current research is based on analysis in the Insider Threat Database and includes the following:
Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.
Our analysis cases help private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity. We study real insider threat cases to identify how to protect organizational assets. The team includes U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts who collect information on insider threat cases that occur in U.S. critical infrastructure sectors.
Modeling and Simulation
The CERT Division's insider threat modeling and simulation work combines empirical data collected by CERT staff members and system dynamics modeling and simulation to convey both the "big picture" and complexity of the insider threat problem.
Cybersecurity Watch Survey
This annual report describes the latest state of cybersecurity crime in the United States.
How Should You Incorporate Security into Software Development and Acquisition Processes?
Our work in the area of cybersecurity engineering addresses security and survivability throughout the software development and acquisition lifecycles. Our current research topics include the following:
Secure Lifecycle Solutions
Secure Lifecycle Solutions engineering processes lead to efficient, successful, and secure product development and deployment.
This research and its resulting tool help organizations to build security, including privacy, into the early stages of the production and acquisition lifecycles.
Software Security Assurance Measurement and Analysis
The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.
Supply Chain Assurance
This research can help acquirers by describing an approach to assuring the security of supply chains.
Software Assurance Framework
This research project provides a way to model aspects of the assurance ecosystem, such as security, and examine the gaps, barriers, and incentives that affect how you form, adopt, and use assurance solutions.
Building Assured Systems Framework
This framework is a modeling approach that can help you evaluate research and development methods for building assured systems.
How Can Resilience Be Measured?
As part of our work in resilience, we develop methods that help organizations manage operational risk and improve operational resilience. Our research in resilience management identifies process improvement capabilities that help organizations ensure their important assets continually and effectively support business processes and services.