CERT-SEI

From Director and CEO Paul D. Nielsen

Paul_NielsenToday our civil government, our military, our industry, and our entire population work, communicate, and socialize in a cyber environment that relies on software-reliant global IT architectures, applications, and services.

Gone are the days of the network merely being a support infrastructure to a few basic organizational and societal functions. Today and in the future, this cyber environment is foundational to and connected with almost everything we do. Our electric power grid relies on it, our telecommunications live within it, our financial system is encompassed by it, and our military operates and fights from it.

Therefore, our singular dependency on assured software as the heart of this cyber environment is more prevalent than ever.

However, as we have come to depend on software more, we face the risks that arise from this dependence. The size and complexity of software, as well as the interconnectedness of software-enabled systems, mean possible exposure to disruptive, damaging events. These events stem from not only software quality issues, emergent behavior, and unforeseen dependencies—but also cyber attack by hackers, insiders, criminals, nation states, and terrorists.

The best way to assure software quality, security, and resiliency is to design, develop, and integrate software in a way that does not allow defects and vulnerabilities in the first place.

The Carnegie Mellon University Software Engineering Institute (SEI) believes, and we have the evidence to support us, that the best way to assure software quality, security, and resiliency is to design, develop, and integrate software in a way that does not allow defects and vulnerabilities in the first place. As a result, our expert teams create software and cybersecurity guidance, prototypes, tools, and methods and assist customer organizations to adopt them successfully.

Our core purpose is to improve the state-of-the-art in software engineering and cybersecurity and to transition this work to the community so that we improve the state-of-the-practice as well.

Our work is not done unless we do both parts of our job.

Paul D. Nielsen
Director and Chief Executive Officer
Software Engineering Institute