Information for Researchers

If you're a researcher, explore our findings about tackling security issues in an ever-challenging world. We've been researching cybersecurity for 25 years, so we have many resources to help you. Ask yourself the following questions and read on.

Read our FAQ to learn more about the CERT Division; watch videos and see other artifacts that summarize our latest research. If you have questions, please feel free to contact us.

How Can You Tell If Software Is Vulnerable?

Our work in Vulnerability Analysis helps engineers detect, eliminate, and avoid creating vulnerabilities in software.

Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.

What Constitutes Secure Programming?

We perform research and development in the area of secure coding to create tools to support the creation of secure code right from the start and others to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). Current secure coding research includes the following:

Thread Role Analysis
Thread role analysis research focuses on flaws involving incorrect thread usage. These flaws lead to vulnerabilities such as race conditions and deadlock.

Compiler-Enforced Buffer Overflow Elimination
C and C++ are prone to errors that can lead to buffer overflows and other exploitable vulnerabilities. We are researching how to solve these problems intelligently.

Mobile Standards and Analysis
The Mobile Standards and Analysis research extends CERT Secure Coding Standards and our software analysis (SCALe) research and development to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8.

Secure Coding Standards
We coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

Pointer Ownership Model
Incorrect use of pointers is a common source of bugs and vulnerabilities in C and C++. We are working on an approach that helps developers ensure that their designs and code are secure.

Integer Security
Integer overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. Our researchers have worked on a number of solutions for addressing the issue of integer security.

What Makes a Network Secure?

We develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks. Our current research in this area includes the following topics: Scalable Intrusion Detection, Anomaly Detection, Network Profiling, Incident Handling, Advanced Persistent Threat / Intrusion Set Studies, Closed Network Defense, Indicator Expansion, Sophisticated Malware Detection, Metrics and Measurement, Network Defense Architecture and Engineering, Network Security Test Beds, and Network Security Prototyping.

What Makes Incident Management Effective?

We support the international response team community by helping organizations and national CSIRTs develop, operate, and improve incident management capabilities. Read about our incident management work or lean about the related current research topics:

  • Communication Study
  • security and ontology
  • incident management and CSIRT best practices
  • CSIRT evaluation metrics, measurements, and tools
  • incident management body of knowledge
  • response strategies and best practices for various incident types

What Are the Latest Investigative Techniques?

We create technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations. Read more about our forensics work, and the research into leveraging online social media to discover malicious activity and automating  text extraction and video exploitation improvement

What Are the Latest Patterns Discovered in Insider Threat Cases?

Our work in the field of insider threat enables effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats. Our current research is based on analysis in the Insider Threat Database and includes the following:

Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.

Case Analysis
Our analysis cases help private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity. We study real insider threat cases to identify how to protect organizational assets. The team includes U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts who collect information on insider threat cases that occur in U.S. critical infrastructure sectors.

Modeling and Simulation
The CERT Division's insider threat modeling and simulation work combines empirical data collected by CERT staff members and system dynamics modeling and simulation to convey both the "big picture" and complexity of the insider threat problem.

Cybersecurity Watch Survey
This annual report describes the latest state of cybersecurity crime in the United States.

How Should You Incorporate Security into Software Development and Acquisition Processes?

Our work in the area of cybersecurity engineering addresses security and survivability throughout the software development and acquisition lifecycles. Our current research topics include the following:

Secure Lifecycle Solutions
Secure Lifecycle Solutions engineering processes lead to efficient, successful, and secure product development and deployment.

This research and its resulting tool help organizations to build security, including privacy, into the early stages of the production and acquisition lifecycles.

Software Security Assurance Measurement and Analysis
The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.

Supply Chain Assurance
This research can help acquirers by describing an approach to assuring the security of supply chains.

Software Assurance Framework
This research project provides a way to model aspects of the assurance ecosystem, such as security, and examine the gaps, barriers, and incentives that affect how you form, adopt, and use assurance solutions.

Building Assured Systems Framework
This framework is a modeling approach that can help you evaluate research and development methods for building assured systems.

How Can Resilience Be Measured?

As part of our work in resilience, we develop methods that help organizations manage operational risk and improve operational resilience. Our research in resilience management identifies process improvement capabilities that help organizations ensure their important assets continually and effectively support business processes and services.

Keep Up with the Latest

Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.

Take a Course

Introduction to the CERT Resilience Management Model
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM) v1.1.

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
By participating in the workshop series, you will work with industry and government experts and other industry-leading organizations on one of the most significant challenges facing businesses: managing operational risk.

CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT Resilience Management Model (CERT-RMM) v1.1.

Security Requirements Engineering Using the SQUARE Method
This workshop presents an overview of security requirements engineering and the SQUARE methodology.

Malware Analysis Apprenticeship
This five-day, hands on course provides participants with an opportunity to learn best practices for analyzing malicious code.

Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis.

Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Learn About Our Tools

Our open source tools can help with an array of tasks that help you improve the security of your software or respond to security incidents.

Explore Our Research

We conduct research in a variety of areas. Explore the research pages for our work areas, and contact us to discuss how we can collaborate to advance this research or discuss new research opportunities. In addition, you can collaborate with us to refine existing coding standards for C, C++, Java, Perl, and the Android platform; join the secure coding wiki to get involved. Contact us to contribute to the development of new secure coding standards for languages including Ada, C#, Fortran, Python, JavaScript, and SPARK or the iOS or Windows 8 smartphone platforms.

Read About FloCon 2017

FloCon 2017, an annual network security conference, takes place in San Diego, California in January 2017. Contact us if you need more information.

Collaborate with Us

Contribute to our research by collaborating with us. Let us know which research topics interest you.