headlines
February 2, 2010
New Podcast Released
Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations.
January 20, 2010
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
January 12, 2010
New Podcast Released
The SGMM provides a roadmap to guide an organization's transformation to the smart grid.
December 22, 2009
New Podcast Released
Addressing privacy during software development is just as important as addressing security.
December 4, 2009
SQUARE Tool Is Now Available
A free tool is now available for download that you can use to support Security Quality Requirements Engineering (SQUARE).
December 1, 2009
New Podcast Released
Network defenders and business leaders can use NetSA measures and evidence to better protect their networks.
November 17, 2009
CERT Tactical Response and Analysis Challege Tests Cybersecurity Skills
Twenty-nine competing teams from 20 countries participated in the Tactical Response and Analysis Challenge (TRAC) conducted by the SEI's CERT Program as part of the weeklong International Cyber Defense Workshop (ICDW), which concluded November 13, 2009.
November 10, 2009
New Podcast Released
Providing critical services during times of stress depends on documented, tested business continuity plans.
November 9, 2009
Spotlight On: Insider Theft of Intellectual Property inside the U.S. Involving Foreign Governments or Organizations
This report is the third in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider theft of intellectual property inside the U.S. involving foreign governments or organizations.
October 27, 2009
Deadline for FloCon Abstracts Extended
The deadline to submit abstracts for presentations and demonstrations for FloCon 2010 has been extended to Monday, November 9.
October 23, 2009
Secure Design Patterns
This newly updated technical report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
October 20, 2009
New Podcast Released
A defined, managed process for third party relationships is essential, particularly when business is disrupted.
September 29, 2009
New Podcast Released
The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
September 8, 2009
New Podcast Released
Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense.
August 25, 2009
Effectiveness of the Vulnerability ResponseDecision Assistance (VRDA) Framework
This paper examines how well VRDA predicts actual responses by three vulnerability management teams.
August 18, 2009
New Podcast Released
282 cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.
July 31, 2009
Spotlight On: Malicious Insiders with Ties to the Internet Underground Community (pdf), March 2009
This report is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider threat cases in which the insider had relationships with the internet underground community.
July 28, 2009
New Podcast Released
Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise.
July 20, 2009
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
This paper provides observations about and a preliminary system dynamics model of one class of insider crime based on empirical data.
July 17, 2009
As-if Infinitely Ranged Integer Model Published
This paper presents a model for automating the elimination of integer overflow and truncation in C and C++ programming code.
July 14, 2009
First Time Offering, Register Now: Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
July 7, 2009
New Podcast Released
Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain.
July 2, 2009
CERT Resiliency Management Model Being Released
CERT has begun releasing the individual process areas of the CERT Resiliency Management Model, a capability model for operational resiliency management.
June 29, 2009
Winners of Best Practices Contest 2009 Announced
The winners of the Best Practices Contest 2009 were announced at the FIRST conference in Kyoto, Japan. Read the winning submissions.
June 22, 2009
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
June 16, 2009
New Podcast Released
When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks.
May 26, 2009
New Podcast Released
Business leaders need to take action to better mitigate sophisticated social engineering attacks.
May 8, 2009
Attend the SEI Webinar on May 14
Register for the webinar SQUARE Up Your Security Requirements Engineering with SQUARE. This webinar provides an overview of the SQUARE process and discusses current activities and plans.
May 5, 2009
New Podcast Released
Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences.
April 30, 2009
Making the Business Case for Software Assurance Published
This report provides guidance for making the business case for building software assurance into software products during each software development life-cycle activity.
April 24, 2009
Register for First Insider Threat Workshop
Learn how to identify and manage the risk of insider threat in your organization. Register now for the two-day Insider Threat Workshop in Arlington, VA.
April 16, 2009
CERT Releases Dranzer Tool
As part of their vulnerability discovery efforts, CERT has released Dranzer, an open source tool that software developers can use to test for ActiveX vulnerabilities.
April 14, 2009
New Podcast Released
Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.
April 13, 2009
Linux Forensics Tools Repository Released
The CERT forensics tools repository, a collection of add-on packages for Fedora, provides many useful cyber forensics tools for analysts and practitioners.
March 31, 2009
New Podcast Released
Observed practice, represented as a maturity model, can serve as a basis for developing more secure software.
March 30, 2009
Secure Design Patterns
This technical report describes a set of secure design patters, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
March 17, 2009
New Podcast Released
Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.
March 11, 2009
CERT Program Hosts Leaders in Security
On March 10, the CERT Program at Carnegie Mellon University's Software Engineering Institute began a two-day technical symposium for a select group of leaders in experts in the cyber security field.
March 6, 2009
2008 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
March 3, 2009
New Podcast Released
Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite.
March 2, 2009
New Course Offering: Insider Threat Workshop
CERT's insider threat research serves as the foundation for this two-day workshop.
February 25, 2009
The CERT/CC and FIRST Announce Best Practices Contest 2009
For the second year in a row, the CERT/CC and FIRST are jointly hosting an international competition to honor best practices and advances in safeguarding the security of computer systems and networks.
February 17, 2009
New Podcast Released
Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.
February 10, 2009
Richard Pethia Receives CSO Compass Award
Richard D. Pethia, director of the Carnegie Mellon Software Engineering Institute (SEI) CERT Program has been named a recipient of the 2009 CSO Compass Award sponsored by CSO Magazine.
February 3, 2009
New Podcast Released
Standards, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security.
January 28, 2009
Common Sense Guide to Prevention and Detection of Insider Threats, Version 3.1
The third version of this guide includes new and updated practices based on an analysis of approximately 100 recent insider threat cases that occurred from 2003 to 2007 in the United States.
January 20, 2009
New Podcast Released
Rich Pethia reflects on CERT’s 20-year history and discusses how he is positioning the program to tackle future IT and security challenges.
January 6, 2009
New Podcast Released
Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes.
December 9, 2008
New Podcast Released
Climate change requires new strategies for dealing with traditional IT and information security risks.
November 25, 2008
New Podcast Released
Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.
November 13, 2008
CERT Resiliency Engineering Framework (REF) Outline Published
This document provides a brief overview of the CERT Resiliency Engineering Framework, including purpose statements, goals, and specific practices for each capability area.
November 11, 2008
New Podcast Released
Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.
October 28, 2008
New Podcast Released
A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation.
October 20, 2008
The CERT C Secure Coding Standard Published
This book is an essential desktop reference documenting the first official release of the CERT C Secure Coding Standard.
October 17, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the third quarter of 2008.
October 14, 2008
New Podcast Released
When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities.
September 30, 2008
New Podcast Released
Integrating security into university curricula is one of the key solutions to developing more secure software.
September 17, 2008
Interactive Vulnerability Reporting Form Released
The interactive form enhances CERT's vulnerability analysis efforts by making it easier for vulnerability reporters to securely submit valuable information.
September 16, 2008
New Podcast Released
OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services.
September 8, 2008
Java Secure Coding Standard Released
CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments.
September 2, 2008
New Technical Note Released
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.
September 2, 2008
New Podcast Released
Well-defined metrics are essential to determine which security practices are worth the investment.
August 20, 2008
New Podcast Released
Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle.
August 5, 2008
New Podcast Released
Protecting critical infrastructures and the information they use are essential for preserving our way of life.
July 29, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the second quarter of 2008.
July 22, 2008
New Podcast Released
Determining which security vulnerabilities to address should be based on the importance of the information asset.
July 18, 2008
CERT Autoresponder Disabled
Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address.
July 8, 2008
New Podcast Released
During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack.
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")
