CERT research explores next-generation approaches to security engineering while adapting quickly to rapidly changing real-world problems.

Our research spans the software life cycle, from requirements and architecture through coding and maintenance. It addresses security issues for executives making investment decisions, risk managers, and network administrators and managers responsible for the security of their organization’s systems.

Our broad areas of research are described below, and details about current projects are in the CERT Annual Research Report.

Network Situational Awareness

The Network Situational Awareness (NetSA) team conducts empirically driven research and development to quantitatively characterize threats and intruder activity. It develops both analysis methods and open source tools. We also sponsor a yearly conference. More details

Resiliency Management

Resiliency management is a collection of essential capabilities an organization uses to ensure its important assets—people, information, technology, and facilities—stay productive in supporting business processes and services. We are developing tools, techniques, and methods to help organizations improve their security and business continuity. The cornerstone of our research is the development of the CERT Resiliency Management Model, which is a foundation for measurable process improvement. More details 

Secure Coding

The Secure Coding initiative works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors—before products are deployed. We identify common programming errors that lead to software vulnerabilities, establish secure coding standards, and educate software developers. Our goal is to advance the state of software development practice. More details

Survivable Systems Engineering

Survivability is the ability of a network computing system to provide essential services in the presence of attacks and failures, and recover full services in a timely manner. In the field of survivable systems engineering, we explore the current state of systems to identify problems and propose engineering solutions. Our results include analysis of how susceptible these systems are to sophisticated attacks and ways to improve system design. The SQUARE method helps organizations generate security requirements, and the Survivability Analysis Framework helps them address interrelations among people, process, and technology to reduce failures. More details 

Vulnerability Analysis

Our vulnerability analysis efforts are divided into two categories: vulnerability discovery and vulnerability remediation. The goal of vulnerability discovery is to detect and eliminate vulnerabilities before products ship. For vulnerability remediation, we promote a comprehensive approach that includes following best practices, making configuration or architecture changes, and applying workarounds. In some cases, these strategies provide better long-term vulnerability reduction than simply patching or updating. More details

Insider Threat Modeling and Analysis

We produce models, reports, training, and tools to raise awareness of the risks of insider threat, to help identify factors influencing an insider’s decision to act maliciously, indicators and precursors of malicious acts, and countermeasures organizations can use. Our research focuses on both technical and behavior aspects of malicious insider acts. More details

Forensics

The CERT Forensics team performs practical research in forensics, developing tools and techniques that fill gaps left by commercial products and existing approaches. Our research and tools can be used by both system administrators and law enforcement to respond to criminal activity on computer systems. More details