How Can You Tell If Software Is Vulnerable?
The CERT Vulnerability Analysis team helps engineers detect, eliminate, and avoid creating vulnerabilities in software.
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.
Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.
What Constitutes Secure Programming?
Our Secure Coding team identifies insecure coding practices and develops secure alternatives that software developers can use to take practical steps to reduce or eliminate vulnerabilities before deployment. Our current research includes the following:
Thread Role Analysis
This research aims to enable developers to state intended thread usage policy using simple annotations and apply sound link-time static analysis to check the consistency of the policy with the as-written code.
Compiler-Enforced Buffer Overflow Elimination
This research combines static and dynamic analysis to find language constructs that can result in out of bounds accesses and modify the compiler to eliminate potential buffer overflows.
Pointer Ownership Model
This research aims to eliminate vulnerabilities resulting from accessing freed memory, multiple frees, freeing memory not allocated by standard allocation functions, and memory leaks.
This research extends CERT secure coding standards and SCALe to mobile platforms, including Android, iPhone, iPad, and Windows Phone 8.
Secure Coding Standards
The Secure Coding Initiative coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.
What Makes a Network Secure?
The CERT Network Situational Awareness team develops cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks. Our current research includes the following topics: Scalable Intrusion Detection, Anomaly Detection, Network Profiling, Incident Handling, Advanced Persistent Threat / Intrusion Set Studies, Closed Network Defense, Indicator Expansion, Sophisticated Malware Detection, Metrics and Measurement, Network Defense Architecture and Engineering, Network Security Test Beds, and Network Security Prototyping.
What Makes Incident Management Effective?
Our Incident Management team supports the international response team community by helping organizations and national CSIRTs develop, operate, and improve incident management capabilities. Our current research topics include the following:
- Communication Study
- security and ontology
- incident management and CSIRT best practices
- CSIRT evaluation metrics, measurements, and tools
- incident management body of knowledge
- response strategies and best practices for various incident types
What Are the Latest Investigative Techniques?
The CERT Digital Intelligence and Investigation team creates technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations. Our current research topics include the following:
Leveraging Online Social Media to Discover Malicious Activity
In this research, DIID team members instrument a framework facilitating the automatic extrapolation of specific data from social websites to an analysis system that can correlate such data to assess current or potential malicious activities, provide attacker attribution, and identify victims or targets of a malicious act.
Automated Text Extraction and Video Exploitation Improvement
The Media Analysis Engine operates on a cloud architecture to effectively triage and perform automated analysis operations on various media.
What Are the Latest Patterns Discovered in Insider Threat Cases?
The CERT Insider Threat team enables effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats. Our current research is based on analysis in the Insider Threat Database and includes the following:
Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.
Our analysis cases help private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity. We study real insider threat cases to identify how to protect organizational assets. The team includes U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts who collect information on insider threat cases that occur in U.S. critical infrastructure sectors.
Modeling and Simulation
The CERT Division's insider threat modeling and simulation work combines empirical data collected by CERT staff members and system dynamics modeling and simulation to convey both the "big picture" and complexity of the insider threat problem.
Insider Threat Blog
Our team members regularly contribute to the Insider Threat blog to discuss our ongoing research of the insider threat.
Cybersecurity Watch Survey
This annual report describes the latest state of cybersecurity crime in the United States.
How Should You Incorporate Security into Software Development and Acquisition Processes?
Our Cybersecurity Engineering team addresses security and survivability throughout the software development and acquisition lifecycles. Our current research topics include the following:
This research and its resulting tool help organizations to build security, including privacy, into the early stages of the production and acquisition lifecycles.
Software Security Assurance Measurement and Analysis
The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.
Supply Chain Assurance
This research can help acquirers by describing an approach to assuring the security of supply chains.
Software Assurance Framework
This research project provides a way to model aspects of the assurance ecosystem, such as security, and examine the gaps, barriers, and incentives that affect how you form, adopt, and use assurance solutions.
Building Assured Systems Framework
This framework is a modeling approach that can help you evaluate research and development methods for building assured systems.
How Can Resilience Be Measured?
The CERT Resilience team creates tools, techniques, and methods that help organizations manage operational risk and improve operational resilience. Our current research topics include the following:
This research identifies process improvement capabilities that help organizations ensure their important assets continually and effectively support business processes and services.
Resilience Measurement and Analysis
This research identifies measures and analyses that organizations can use to determine the quality of their resilience processes.