Read Our Take on Heartbleed, and Join Us for a Panel Discussion
Read our take on Heartbleed, and join technical staff from the SEI and Codenomicon for a live-streamed panel discussion on the impact of the Heartbleed bug.
New Edition of CERT C Coding Standard Prioritizes Worst Offenses, Aligns with C11 Standard
In his latest book, Robert Seacord provides rules to help programmers ensure that their code complies with the new C11 standard and earlier standards, including C99.
CERT Researchers' Take on the Heartbleed Bug
Read our take on Heartbleed, a vulnerability in the popular OpenSSL cryptographic software library.
CERT Guide to Insider Threats Named "Must Read"
The CERT Guide to Insider Threats (Addison-Wesley Professional, 2012) was recently named a must-read addition to an emerging "cybersecurity canon."
New Podcast Released: Comparing IT Risk Assessment and Analysis Methods
In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.
New Podcast Released: The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
In this podcast, Jason Christopher and Nader Mehravari discuss how ES-C2M2 helps to improve the operational resilience and security of the U.S. power grid.
Operational Resilience Offers Key to Manage, Protect, and Sustain Organizations Through Disruptive Events
This free CERT virtual event helps organizations operationalize risk management.
New Podcast Released: Raising the Bar - Mainstreaming CERT C Secure Coding Rules
In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.
CERT Releases New CERT PGP Key
CERT has updated its PGP key. We strongly urge you to encrypt sensitive information.
New Podcast Released: Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
In this podcast, Kevin Dillon and Matthew Butkovic discuss how the DHS Cyber Resilience Review helps critical infrastructure owners and operators improve their operational resilience and security.
Mead Named SEI Fellow
Nancy R. Mead, a principal researcher in the CERT Division, has been named an SEI Fellow.
Keeping secrets from insiders likely to turn on you
Randy Trzeciak of the SEI's CERT Division lends perspective to the challenge of insider threat.
NSA Leak Ushers In New Era Of The Insider Threat
• Dark Reading reports how recent events have given business leaders fresh incentive to consider protecting themselves against insider threats.
Limiting Risks Found in the Cloud
GovInfoSecurity interviews the SEI CERT Program's Alex Nicoll and Dawn Cappelli on the approaches cloud computing providers must take to prevent their employees from stealing or harming the customer data they host.
How the Feds Have Tried to Fight Leaks (So Far)
Popular Mechanics looks at efforts by the Federal Government to address the problem of leaks. Among the tools at the government's disposal, Popular Mechanics cites a document tagger developed by the Insider Threat Center in the SEI's CERT Program.
CERT Experts Discuss Constructing a Secure Cyber Future at SEI Virtual Event
CERT Experts Discuss Constructing a Secure Cyber Future at SEI Virtual Event in April 2013. In his remarks, Pethia noted that attack technology is outpacing defense technology.
CERT Program Drafts Operational Guide and Hosts Symposium to Spur Better Health Information Exchange System Resilience
CERT Division researchers drafted a guide to enable health information exchanges (HIEs) to remain resilient during cybersecurity incidents and disruptions.
United States Secret Service Honors CERT Insider Threat Team Members
The United States Secret Service honored Randy Trzeciak and Todd Lewellen of the CERT Insider Threat Team for their contributions to law enforcement.
Search for Boston bombers likely relied on eyes, not software
The SEI's Todd Waits, a digital investigation and intelligence expert in the CERT Program, talks to Reuters about the potential use of facial-recognition technology in the investigation of the 2013 Boston Marathon bombing attack.
New Edition of Secure Coding in C and C++ Addresses Code Changes and New Threats
o address advances and changes in the C and C++ coding languages, and to address new threats faced by programmers working in these languages, SEI researcher Robert C. Seacord has authored Secure Coding in C and C++, Second Edition.
Cybersecurity Experts to Discuss How to Construct a Secure Cyber Future
On April 30, 2013, cybersecurity experts from the Carnegie Mellon University Software Engineering Institute (SEI) will present in a free, virtual event on current research and development aimed at securing an organization’s cyber future.
SEI Makes SMART Resources Freely Available
The SEI has made all of its SOA Migration, Adoption and Reuse Technique (SMART) resources freely available. The SEI often works to transition mature technologies and processes to the broad software engineering community.
Pittsburgh Tribune-Review: Cyberspace Offers New Frontier to Exploit Weaknesses, Initiate Attacks
The SEI's Marty Lindner lends perspective on the possibility of large-scale cyber attacks directed at the nation's infrastructure.
Forbes, Intel Highlight Recent SEI Books
Two SEI books published in 2012 recently earned favorable notice, one from Forbes Magazine and the other from Intel Corporation.
Kevin Fall to Join SEI as Chief Technology Officer
Kevin R. Fall, a computer scientist and engineer with broad experience in government and industry, will join the Carnegie Mellon University Software Engineering Institute (SEI) January 30 as deputy director for research and chief technology officer.