CERT Division

Secure Coding to Prevent Vulnerabilities

In this blog post, Robert Seacord explores the importance of a well-documented and enforceable coding standard in helping programmers circumvent pitfalls and avoid vulnerabilities.
" class="gotostory">Read More

Two Secure Coding Tools for Android App Analysis

This blog post from Will Klieber is the second in a series on Secure Coding for Android that details our work to develop techniques and tools for analyzing code for mobile computing platforms.
" class="gotostory">Read More

A New Approach for Prioritizing Malware Analysis

In this blog post, the second in a series, Dr. Morales highlights results of analysis that demonstrated the validity (with 98 percent accuracy) of an approach that helps analysts distinguish between the malicious and benign nature of a binary file.
" class="gotostory">Read More

CERT Publishes New C Coding Standard

The CERT C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems prioritizes the worst offenses and aligns with the C11 standard.
" class="gotostory">Read More

AADL and Aerospace

In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL at Aerospace Corporation. This podcast is the second in a series of interviews from the AADL Standards Committee meeting in Pittsburgh.
" class="gotostory">Read More

May 15 Webinar to Focus on Smart Grid Maturity Model

The event will introduce the Smart Grid Maturity Model (SGMM), a common language and framework for grid modernization and a comprehensive, systematic approach for utilities modernizing the grid. Jeffere H. Ferris of IBM is featured presenter.
" class="gotostory">Read More

Heartbleed Q&A

This blog posting presents questions asked by audience members during a Heartbleed webinar held in late April and the answers developed by our researchers.
" class="gotostory">Read More

Needed: Improved Collaboration Between Software & Systems Engineers

This post, the first in a series from Sarah Sheard, identifies similarities and differences between software and systems engineering and describes the benefits both could realize through a more collaborative approach.
" class="gotostory">Read More

CERT to Offer Training, Certificate for Insider Threat Program Managers

The CERT Insider Threat Center announced a new Insider Threat Program Manager (ITPM) Certificate to train individuals to meet upcoming federal government standards, including Executive Order 13587 and proposed NISPOM changes.
" class="gotostory">Read More

Wide-Ranging SATURN 2014 Draws Near-Record Attendance

Big data, continuous delivery, and architecture-enabled agility were the watchwords of this year’s conference in Portland where attendees from 20 countries and 111 organizations discussed a range of emerging topics pertinent to practicing software architects.
" class="gotostory">Read More

The Latest Research from the SEI

In this blog post, principal researcher Douglas C. Schmidt highlights recently published SEI technical reports and notes.
" class="gotostory">Read More

A Generalized Model for Automated DevOps

In this blog post, the second in a series, C. Aaron Cois presents a generalized model for automated DevOps and describes the significant potential advantages for a modern software development team.
" class="gotostory">Read More

Agile in the Department of Defense: Sixth Principle

In this episode, SEI researchers Suzanne Miller and Mary Ann Lapham discuss face-to-face conversation, the most efficient and effective method of conveying information to and within a development team.
" class="gotostory">Read More

Establishing Trust in the Wireless Emergency Alerts Service

Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),“trust” has emerged as a key issue for all involved.
" class="gotostory">Read More

The Latest Research from the SEI

This blog post highlights recently published SEI technical reports and notes in the areas of secure coding, CERT Resilience Management Model, malicious-code reverse engineering, systems engineering, and incident management.
" class="gotostory">Read More

Is Your Organization Ready for Agile

In this blog post, the latest in a series, Suzanne Miller introduces a method to help organizations understand which Agile practices are already in use to formulate a more effective adoption strategy.
" class="gotostory">Read More

Android, Heartbleed, Testing, and DevOps: An SEI Blog Mid-Year Review

This post takes a look back at our most popular areas of work (at least according to you, our readers) and highlights our most popular blog posts for the first half of 2014, as well as links to additional related resources that readers might find of interest.
" class="gotostory">Read More

New Cross-Sector Group to Advance the Practice of Cyber Intelligence

The Cyber Intelligence Research Consortium aims to help organizations make better judgments and quicker decisions related to cyber intelligence.
" class="gotostory">Read More

SEI to Host 11th ACE Educators Workshops

2014 ACE event will incorporate the SEI’s two-day Advanced Software Architecture Workshop
" class="gotostory">Read More

Architecture Analysis of Unmanned Aerial Vehicles Using AADL: A Real-World Perspective

This blog post presents independent research that aims to evaluate the safety concerns of several unmanned aerial vehicle systems using AADL.
" class="gotostory">Read More

Leading and advancing software and cybersecurity to solve the nation's toughest problems

Research and Publications


Learn More About the SEI:


  • CERT's Will Dormann Provides Insight on the AVG Toolbar Vulnerability
    Media Coverage - 07/10/2014


  • Evolving Security & Privacy Requirements Engineering Workshop (ESPRE)
    ESPRE 2014 is an IEEE-sponsored workshop that brings together practitioners and researchers interested in evolving security and privacy requirements engineering practice.
    Workshop - 08/25/2014

  • FloCon 2015
    FloCon 2015 is a network security conference that takes place in Portland, Oregon, in January 2015. Registration is now open, and we are accepting abstracts for presentations, posters, and demonstrations that support this year's conference theme, "Formalizing the Art."
    Conferences - 01/12/2015



Element QBLOGS is undefined in APPLICATION.


Establishing Trust in the Wireless Emergency Alerts Service

Security and Wireless Emergency Alerts

In this podcast Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks. Podcast - 06/26/2014
Establishing Trust in the Wireless Emergency Alerts Service

Safety and Behavior Specification Using the Architecture Analysis and Design Language

Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex. Podcast - 06/12/2014