Areas of Work

• Acquisition
• Process Improvement & Performance Measurement
• Architecture, Product Lines & Predictable Assembly
• Security
• Vulnerability & Incident Analysis
• Education & Training
• Research & Development
• Evaluations & Practices
• System Interoperability & Dependability

News & Events

Security Matters—The ROI of Security

Special Report—Security Quality Requirements Engineering (SQUARE): Case Study Phase III. Chung, Lydia; Hung, Frank; Hough, Eric; Ojoko-Adams, Don, CMU/SEI-2006-SR-003

Special Report—Information Assurance: Building Educational Capacity. Sledge, Carol A., CMU/SEI-2006-SR-007

CERT Research Annual Report

Conference
Third Annual Workshop on Flow Analysis (FloCon)

 

Security

Helping organizations protect against, detect, and respond to attacks on networked systems

Following the internet worm incident in 1998, which brought 10 percent of the Internet systems to a halt, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with setting up a center, called the CERT Coordination Center (CERT/CC) to coordinate communication among experts during security emergencies and to help prevent future incidents.

While the CERT/CC® continues to respond to major security incidents and analyze product vulnerabilities, its role has expanded over the years. Since 1998, there has been a rapid increase in the size of the Internet and its use for critical functions, as well as progressive changes in intruder techniques, increased amounts of damage, increased difficulty of detecting an attack, and increased difficulty of catching attackers.

To better manage these changes, the CERT/CC is now part of the larger CERT Program, whose primary goals are to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure survivability—the continuity of critical services in spite of successful attacks, accidents, or failures.

The four major areas of work that constitute the CERT Program are vulnerability and incident analysis, education and training, research and development, and evaluations and practices.