Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations
(May 2013) This technical note defines intellectual property (IP) and insider theft of IP, gives a snapshot of the insiders involved in these cases, summarizes some of the cases, and provides recommendations for mitigating the risk of similar incidents of insider threat. (CMU/SEI-2013-TN-009)

Software Assurance Competency Model
(May 2013) This Software Assurance Competency Model helps create a foundation for assessing and advancing the capability of software assurance professionals. (CMU/SEI-2013-TN-004)

PSP-VDC: An Adaptation of the PSP that Incorporates Verified Design by Contract
(May 2013) This paper describes a proposal for integrating Verified Design by Contract into PSP in order to reduce the amount of defects present at the Unit Testing phase, while preserving or improving productivity. (CMU/SEI-2013-TR-005)

Quantifying Uncertainty in Expert Judgment: Initial Results
(March 2013) The work described in this report, part of a larger SEI research effort on Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), aims to develop and validate methods for calibrating expert judgment. Reliable expert judgment is crucial across the program acquisition lifecycle for cost estimation, and perhaps most critically for tasks related to risk analysis and program management. This research is based on three field studies that compare and validate training techniques aimed at improving the participants’ skills to enable more realistic judgments commensurate with their knowledge. (CMU/SEI-2013-TR-001)

Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders
(March 2013) This analysis justifies applying the pattern “Increased Review for Intellectual Property (IP) Theft by Departing Insiders,” which helps organizations plan, prepare, and implement a strategy to mitigate the risk of insider theft of IP. (CMU/SEI-2013-TN-013)

Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection
(March 2013) This report presents methods that can be used to detect and prevent data exfiltration using a Linux-based proxy server in a Microsoft Windows environment. (CMU/SEI-2013-TN-012)

The MAL: A Malware Analysis Lexicon
(February 2013) This report presents the results of the Malware Analysis Lexicon (MAL) initiative, a small project to develop the first common vocabulary for malware analysis. (CMU/SEI-2013-TN-010)

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders
(January 2013) This report presents methods to audit USB device use within a Microsoft Windows environment. (CMU/SEI-2013-TN-003)

Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources
(January 2013) This report focuses on the theft of intellectual property using removable media, in particular, USB devices. We present methods to control removable media devices in a Microsoft Windows environment using Group Policy within an Active Directory environment. We also explore OpenDLP, an open source tool for identifying where sensitive data resides on organizational systems. (CMU/SEI-2013-TN-002)

Common Sense Guide to Mitigating Insider Threats, 4th Edition
(December 2012) This fourth edition of the Common Sense Guide to Mitigating Insider Threats introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, outlines current patterns and trends, and describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. (CMU/SEI-2012-TR-012)

Analyzing Cases of Resilience Success and Failure—A Research Study
(December 2012) This report describes the SEI research study aimed at helping organizations to know the business value of implementing resilience processes and practices, and determine which ones to implement. (CMU/SEI-2012-TN-025)

The Business Case for Systems Engineering Study: Assessing Project Performance from Sparse Data
(December 2012) This report describes the data collection and analysis process used to support the assessment of project performance for the systems engineering (SE) effectiveness study. (CMU/SEI-2012-SR-010)

The Business Case for Systems Engineering Study: Results of the Systems Engineering Effectiveness Survey
(November 2012) This report summarizes the results of a survey that had the goal of quantifying the connection between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs. (CMU/SEI-2012-SR-009)

Reliability Improvement and Validation Framework
(November 2012) This report discusses the reliability validation and improvement framework developed by the SEI. The purpose of this framework is to provide a foundation for addressing the challenges of qualifying increasingly software-reliant, safety-critical systems. It aims to overcome the limitations of current reliability engineering approaches, leverage the best emerging engineering technologies and practices to complement the process focus of current practice, find acceptance in industry, and lead to a new set of reliability improvement metrics. (CMU/SEI-2012-SR-013)

DoD Information Assurance and Agile: Challenges and Recommendations Gathered Through Interviews with Agile Program Managers and DoD Accreditation Reviewers
(November 2012) This paper discusses the natural tension between rapid fielding and response to change (characterized as agility) and DoD information assurance policy. Data for the paper was gathered through interviews with DoD project managers and IA representatives. (CMU/SEI-2012-TN-024)

TSP Symposium 2012 Proceedings
(November 2012) The 2012 TSP Symposium was organized by the Software Engineering Institute (SEI) and took place September 18–20 in St. Petersburg, FL. The goal of the TSP Symposium is to bring together practitioners and academics who share a common passion to change the world of software engineering for the better through disciplined practice. The conference theme was “Delivering Agility with Discipline.” This report contains the six papers selected by the TSP Symposium Technical Program Committee. (CMU/SEI-2012-SR-015)

Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions
(October 2012) This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT(R) C Secure Coding Standard. (CMU/SEI-2012-TN-016)

Resource Allocation in Dynamic Environments
(October 2012) When warfighting missions are conducted in a dynamic environment, the allocation of resources needed for mission operation can change from moment to moment. This report addresses two challenges of resource allocation in dynamic environments: overstatement of resource needs and unpredictable network availability. (CMU/SEI-2012-TR-011)

Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File
(October 2012) This report describes an algorithm that efficiently reverts bits from the fuzzed file to those found in the original seed file, keeping only the minimal bits required to recreate the crash under investigation. (CMU/SEI-2012-TN-018)

The Role of Standards in Cloud-Computing Interoperability
(October 2012) This report explores the role of standards in cloud-computing interoperability. It covers cloud-computing basics and standard-related efforts, discusses several use cases, and provides recommendations for cloud-computing adoption. (CMU/SEI-2012-TN-012)

Cloud Computing at the Tactical Edge
(October 2012) This technical note presents a strategy to overcome the challenges of obtaining sufficient computation power to run applications needed for warfighting and disaster relief missions. It discusses the use of cloudlets-- localized, stateless servers running one or more virtual machines--on which soldiers can offload resource-intensive computations from their handheld mobile devices. (CMU/SEI-2012-TN-015)

Communication Among Incident Responders - A Study
(September 2012) This technical note describes three factors that can help or hinder the cooperation of incident responders. (CMU/SEI-2012-TN-028)

Toward a Theory of Assurance Case Confidence
(September 2012) Assurance cases provide an argument and evidence explaining why a claim about some system property holds. This report presents a framework for thinking about (and determining) confidence in assurance case arguments. The framework uses argumentation theory as developed in philosophy, jurisprudence, mathematics, and artificial intelligence to provide a justified basis for asserting some level of confidence in the truth of assurance case claims. (CMU/SEI-2012-TR-002)

SEPG Europe 2012 Conference Proceedings
(September 2012) This report compiles seven papers based on presentations given at SEPG Europe 2012. (CMU/SEI-2012-SR-005)

Competency Lifecycle Roadmap: Toward Performance Readiness
(September 2012) This technical note describes the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness. (CMU/SEI-2012-TN-020)

Probability-Based Parameter Selection for Black-Box Fuzz Testing
(August 2012) This report describes an algorithm to automate selection of seed files and other parameters used in black-box fuzz testing. (CMU/SEI-2012-TN-019)

Network Profiling Using Flow
(August 2012) This report provides a step-by-step guide for profiling—discovering public-facing assets on a network—using network flow (netflow) data. (CMU/SEI-2012-TR-006)

Results of SEI Line-Funded Exploratory New Starts Projects
(August 2012) This report describes the line-funded exploratory new starts (LENS) projects that were undertaken during fiscal year 2011. For each project, the report presents a brief description and a recounting of the research that was done, as well as a synopsis of the results of the project. (CMU/SEI-2012-TR-004)

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector
(July 2012) This report describes a new insider threat study in which researchers extracted technical and behavioral patterns from fraud cases and developed insights and risk indicators of malicious insider activity within the banking and finance sector. (CMU/SEI-2012-SR-004)

The Evolution of a Science Project: A Preliminary System Dynamics Model of a Recurring Software-Reliant Acquisition Behavior
(July 2012) This report uses a preliminary system dynamics model to analyze a specific adverse acquisition dynamic concerning the poorly controlled evolution of small prototype efforts into full-scale systems. (CMU/SEI-2012-TR-001)

A Virtual Upgrade Validation Method for Software-Reliant Systems
(June 2012) Presents the Virtual Upgrade Validation (VUV) method, an approach that uses architecture-centric, model-based analysis to identify system-level problems early in the upgrade process to complement established test qualification techniques. (CMU/SEI-2012-TR-005)

Report from the First CERT-RMM Users Group Workshop Series
(May 2012) This report describes the first CERT RMM Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff. (CMU/SEI-2012-TN-008)

A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
(May 2012) This report presents an example of an enterprise architectural pattern, Increased Monitoring for Intellectual Property (IP) Theft by Departing Insiders, to help organizations plan, prepare, and implement a means to mitigate the risk of insider theft of IP. (CMU/SEI-2012-TR-008)

Source Code Analysis Laboratory (SCALe)
(May 2012) This report details the CERT Program's Source Code Analysis Laboratory (SCALe), a proof-of-concept demonstration that software systems can be conformance tested against secure coding standards, and provides an analysis of selected software systems. (CMU/SEI-2012-TN-013)

Insider Threat Security Reference Architecture
(May 2012) This technical report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat to organizations from its own insiders. The ITSRA draws from existing best practices and standards as well as from analysis of real insider threat cases to provide actionable guidance for organizations to improve their posture against the insider threat. (CMU/SEI-2012-TR-007)

CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1
(March 2012) This technical note maps CERT® Resilience Management Model (CERT®-RMM) process areas to certain National Institute of Standards and Technology (NIST) special publications in the 800 series. (CMU/SEI-2011-TN-028)

What’s New in V2 of the Architecture Analysis & Design Language Standard?
(March 2012) This report provides an overview of changes and improvements to the Architecture Analysis & Design Language (AADL) standard for describing both the software architecture and the execution platform architectures of performance-critical, embedded, real-time systems. (CMU/SEI-2011-SR-011)

Principles of Trust for Embedded Systems
(March 2012) This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular. (CMU/SEI-2012-TN-007)

Mission Risk Diagnostic (MRD) Method Description
(February 2012) The SEI has developed the Mission Risk Diagnostic (MRD) to assess risk in interactively complex, socio-technical systems across the life cycle and supply chain. (CMU/SEI-2012-TN-005)

Risk-Based Measurement and Analysis: Application to Software Security
(February 2012) This report presents the foundational concepts of a risk-based approach for software security measurement and analysis and provides an overview of the IMAF and the MRD. (CMU/SEI-2012-TN-004)