headlines
July 29, 2010
Spotlight On: Insider Threat from Trusted Business Partners Published
This article focuses on cases in the CERT Insider Threat Center database in which malicious insiders were employed by a trusted business partner of the victim organization. These cases involve outsourcing as well as individual contractors and consultants.
July 27, 2010
New Podcast Released
Securing systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity.
July 8, 2010
CERT/CC Enhancing Collaboration Between National CSIRTs
The CERT/CC has created both a wiki and an operational mailing list for authorized technical staff at national CSIRTs. These tools will promote collaboration and information exchange about technical projects and other relevant work.
July 2, 2010
Upcoming SEI Webinar on the CERT Resilience Management Model
On July 28, 2010, Rich Caralli will present "Transforming Your Operational Resilience Management Capabilities: CERT's Resilience Management Model" as part of the Software Engineering Institute's webinar series.
June 29, 2010
New Podcast Released
Complex, distributed, multi-year investigations of computer crimes require sophisticated methods, techniques, and tools.
June 9, 2010
National CSIRTs to Meet in Miami
On June 19-20, the CERT/CC is hosting a meeting of CSIRTs with national responsibility in Miami, Florida. Attendees will discuss the unique challenges facing national CSIRTs and will share information about projects and solutions.
June 9, 2010
Fuzz Testing Tool Available
The CERT Basic Fuzzing Framework (BFF) is a Linux-based tool for fuzz testing software that runs on Linux. This free tool is now available for download.
June 7, 2010
Java Concurrency Guidelines Report Published
The CERT Oracle Secure Coding Standard for Java provides guidelines for secure coding in the Java programming language. This report documents the portion of those Java guidelines that are related to concurrency.
June 7, 2010
Second Edition of Specifications for Managed Strings Report Published
This report describes a managed string library for the C programming language.
June 2, 2010
Survivability Analysis Framework Technical Note Published
The technical note describes the Survivability Analysis Framework (SAF), which can be used to examine the elements of an operational process and evaluate the survivability of an organization.
May 25, 2010
New Podcast Released
To help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing.
May 24, 2010
Resilience Management Model Report Published
The CERT®-RMM report describes the key concepts, components, and process area relationships of the model, which is an innovative way to approach the challenge of managing operational resilience in complex, risk-evolving environments.
May 21, 2010
Technical Report About Network Behavior Published
The report, Identifying Anomalous Port-Specific Network Behavior, describes a method for detecting behavior that may be a precursor to internet-wide attacks.
April 27, 2010
New Podcast Released
Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.
April 5, 2010
2009 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
April 5, 2010
New Insider Threat Presentation Published
"The Key to Successful Monitoring for Detection of Insider Attacks," presentated at RSA Conference 2010 in San Francisco, California, is now available.
March 30, 2010
New Podcast Released
Being able to respond effectively when faced with a disruptive event requires that staff members learn to become more resilient.
March 5, 2010
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
March 2, 2010
New Podcast Released
CISOs must leave no room for anyone to deny that they understand what is expected of them when developing secure software.
February 25, 2010
2010 Vulnerability Discovery Workshop Held
On February 1, 2010, CERT held a workshop with vulnerability researchers and software vendors to discuss ideas, tools, and techniques used to find vulnerabilities.
February 18, 2010
MITRE CWE and CERT Secure Coding Standards
This paper describes the Common Weakness Enumeration (CWE) and the CERT secure coding standards and explains the relationship between them.
February 18, 2010
Instrumented Fuzz Testing Using AIR Integers Published
This paper presents the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions.
February 12, 2010
Results of 2010 CyberSecurity Watch Survey Released
This survey, a cooperative effort of multiple organizations, collected answers from more than 500 respondents, including business and government executives, professionals, and consultants.
February 2, 2010
New Podcast Released
Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations.
January 20, 2010
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
January 12, 2010
New Podcast Released
The SGMM provides a roadmap to guide an organization's transformation to the smart grid.
December 22, 2009
New Podcast Released
Addressing privacy during software development is just as important as addressing security.
December 4, 2009
SQUARE Tool Is Now Available
A free tool is now available for download that you can use to support Security Quality Requirements Engineering (SQUARE).
December 1, 2009
New Podcast Released
Network defenders and business leaders can use NetSA measures and evidence to better protect their networks.
November 17, 2009
CERT Tactical Response and Analysis Challege Tests Cybersecurity Skills
Twenty-nine competing teams from 20 countries participated in the Tactical Response and Analysis Challenge (TRAC) conducted by the SEI's CERT Program as part of the weeklong International Cyber Defense Workshop (ICDW), which concluded November 13, 2009.
November 10, 2009
New Podcast Released
Providing critical services during times of stress depends on documented, tested business continuity plans.
November 9, 2009
Spotlight On: Insider Theft of Intellectual Property inside the U.S. Involving Foreign Governments or Organizations
This report is the third in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider theft of intellectual property inside the U.S. involving foreign governments or organizations.
October 27, 2009
Deadline for FloCon Abstracts Extended
The deadline to submit abstracts for presentations and demonstrations for FloCon 2010 has been extended to Monday, November 9.
October 23, 2009
Secure Design Patterns
This newly updated technical report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
October 20, 2009
New Podcast Released
A defined, managed process for third party relationships is essential, particularly when business is disrupted.
September 29, 2009
New Podcast Released
The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
September 8, 2009
New Podcast Released
Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense.
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")
