About Cyber Security Engineering

Network Analysis Network Situational Awareness
Engineering Solutions Cyber Security Engineering Software Assurance Curriculum Security Quality Requirements Engineering (SQUARE)

Historical Documents CMU Heinz College CMU School of Computer Science

About Cyber Security Engineering

Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the life cycle was $0.5 million. In addition, Microsoft’s own data show that when security was considered throughout the life cycle in developing Windows Vista, there were 45% fewer vulnerabilities than earlier versions.

Read an overview (pdf) of how our work helps to assure software security. Learn about current Cyber Security Engineering research projects starting on page 4 in the 2010 CERT Research Report (pdf).

Resources

General Information

Cyber security engineering research projects starting on page 34 in the 2010 CERT Research Report (pdf)
Identifying Software Security Requirements Early, Not After the Fact (podcast)
Build Security In Articles

Areas of Work

Last updated December 12, 2011