search menu icon-carat-right cmu-wordmark

All Work

  •  Insider Threat Program Development

    Insider Threat Program Development

    Cyber attacks from insiders are problems that you should plan to prevent. Our training helps you build an insider threat program in your organization.

    Learn More
  •  Explainable AI: Why Did the Robot Do That?

    Explainable AI: Why Did the Robot Do That?

    Autonomy and Counter-Autonomy

    To help human users trust their robot team members in critical situations, we develop tools that allow autonomous systems to explain their behavior.

    Learn More
  •  Verifying Distributed, Adaptive Real-Time (DART) Systems

    Verifying Distributed, Adaptive Real-Time (DART) Systems

    Autonomy and Counter-Autonomy Mission Assurance System Verification and Validation

    Distributed, adaptive real-time (DART) systems must satisfy safety-critical requirements. We developed a method to verify DART systems and generate assured code.

    Learn More
  •  Multi-Agent Decentralized Planning for Adversarial Robotic Teams

    Multi-Agent Decentralized Planning for Adversarial Robotic Teams

    Autonomy and Counter-Autonomy

    We created multi-agent planning techniques, middleware, and algorithms that enable single users to manage fleets of UASs in real-world environments with changing adversaries.

    Learn More
  •  QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation

    QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation

    Data Modeling and Analytics Software Engineering and Information Assurance

    Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.

    Learn More
  •  Automated Code Repair

    Automated Code Repair

    Autonomy and Counter-Autonomy Software Engineering and Information Assurance Cybersecurity

    Finding security flaws in source code is daunting; fixing them is an even greater challenge. Our researchers are creating automated tools that can repair bugs automatically or by prompting developers for more information to make effective repairs.

    Learn More
  •  Using Automation to Prioritize Alerts from Static Analysis Tools

    Using Automation to Prioritize Alerts from Static Analysis Tools

    System Verification and Validation Cybersecurity

    The new CERT method for validating and repairing defects found by static analysis tools helps auditors and coders address more alerts with less effort.

    Learn More
  •  Improving Verification with Parallel Software Model Checking

    Improving Verification with Parallel Software Model Checking

    System Verification and Validation

    Current methods for software model checking can take too much time. We develop algorithms for SMC that execute many operations in parallel to improve scalability.

    Learn More
  •  Design Pattern Recovery from Malware Binaries

    Design Pattern Recovery from Malware Binaries

    Software Engineering and Information Assurance Cybersecurity

    The DoD and industry face many malware problems. CERT researchers automate malware analysis capabilities, including those focused on malware family evolution and similarity.

    Learn More
  •  Supporting the U.S. Army's Joint Multi-Role Technology Demonstrator Effort

    Supporting the U.S. Army's Joint Multi-Role Technology Demonstrator Effort

    Software Engineering and Information Assurance System Verification and Validation

    We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.

    Learn More
  •  Automating Vulnerability Discovery in Critical Applications

    Automating Vulnerability Discovery in Critical Applications

    Software Engineering and Information Assurance Cybersecurity

    CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.

    Learn More
  •  Converting a Navy Weapon System from a 32- to a 64-Bit Architecture

    Converting a Navy Weapon System from a 32- to a 64-Bit Architecture

    Mission Assurance Software Engineering and Information Assurance

    The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.

    Learn More
  •  GraphBLAS: A Programming Specification for Graph Analysis

    GraphBLAS: A Programming Specification for Graph Analysis

    Mission Assurance

    The GraphBLAS Forum is a world-wide consortium of researchers working to develop a programming specification for graph analysis that will simplify development.

    Learn More
  •  Insider Threat Mitigation

    Insider Threat Mitigation

    Human-Machine Interaction

    Insiders present unique challenges to cybersecurity. We research insider threats and develop tools to analyze threat indicators in sociotechnical networks.

    Learn More
  •  Managing Technical Debt with Data-Driven Analysis

    Managing Technical Debt with Data-Driven Analysis

    Data Modeling and Analytics Software Engineering and Information Assurance

    Most software projects carry technical debt. We develop tools and techniques that identify it and provide a complete view of the debt that you need to manage.

    Learn More
  •  A Tool Set to Support Big Data Systems Acquisition

    A Tool Set to Support Big Data Systems Acquisition

    Data Modeling and Analytics

    We offer an approach that reduces risk and simplifies the selection and acquisition of big data technologies when you acquire and develop big data systems.

    Learn More
  •  Cybersecurity Center Development

    Cybersecurity Center Development

    Cybersecurity

    Our experts in the CERT Division prepare CSIRTs, PSIRTs, SOCs, and other similar teams to effectively assess and manage cybersecurity incidents.

    Learn More
  •  Enterprise Risk and Resilience

    Enterprise Risk and Resilience

    Cybersecurity

    CERT researchers conduct cybersecurity research and create models, tools, and methods that empower organizations to be confident in their cybersecurity posture.

    Learn More
  •  Network Situational Awareness

    Network Situational Awareness

    Cybersecurity

    CERT researchers help you understand what’s on your networks, effectively monitor and analyze your traffic, and learn how to best protect your data and information assets.

    Learn More
  •  Insider Threat

    Insider Threat

    Cybersecurity Mission Assurance

    CERT researchers devise strategies to help you prevent and detect insider threats and respond if harm results.

    Learn More
  •  Better Software Through Secure Coding Practices

    Better Software Through Secure Coding Practices

    Cybersecurity

    CERT researchers explore how to identify and prevent security flaws during development—not later in test or post-deployment, when they are more expensive to address.

    Learn More
  •  Security Vulnerabilities: Keeping a Strong Defense

    Security Vulnerabilities: Keeping a Strong Defense

    Cybersecurity

    To reduce cybersecurity risk, CERT researchers conduct coordinated vulnerability disclosure and pursue multiple avenues to help defend organizations from cyber attack.

    Learn More
  •  Software Architecture

    Software Architecture

    Software Engineering and Information Assurance

    We develop and apply architecture tools and methods that can be used during various stages of the development lifecycle.

    Learn More
  •  Helping Government Realize the Agile Advantage

    Helping Government Realize the Agile Advantage

    Software Engineering and Information Assurance Mission Assurance

    We develop a wealth of resources to help the DoD and federal agencies make informed decisions about using Agile and lean approaches in achieving their goals.

    Learn More
  •  Security-Aware Acquisition

    Security-Aware Acquisition

    Cybersecurity

    The techniques developed by CERT researchers help you evaluate and manage cyber risk in today’s complex software supply chains.

    Learn More
  •  System and Platform Evaluation

    System and Platform Evaluation

    Cybersecurity

    CERT researchers develop and perform advanced penetration testing and cyber vulnerability assessments of organizations' systems and platforms.

    Learn More
  •  Empirical Research Office

    Empirical Research Office

    Data Modeling and Analytics

    We improve the capability delivered for every dollar of DoD investment made in software systems by improving the use of data in decision making.

    Learn More
  •  Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime

    Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime

    Cybersecurity

    As cybercrime proliferates, CERT researchers help law enforcement investigators process digital evidence with courses, methodologies and tools, skills, and experience.

    Learn More
  •  Acquiring Systems, Not Just Software

    Acquiring Systems, Not Just Software

    Data Modeling and Analytics

    The U.S. Department of Defense (DoD) and federal agencies are increasingly acquiring software-intensive systems instead of building them with internal resources. However, acquisition programs frequently have difficulty identifying the critical software acquisition activities, deliverables, risks, and opportunities.

    Learn More
  •  USPS Case Study

    USPS Case Study

    The SEI teamed with the U.S. Postal Service to help it improve its cybersecurity and resilience and collaborated on a program to develop a strong cybersecurity workforce.

    Learn More
  •  Cyber Lightning Case Study

    Cyber Lightning Case Study

    The SEI hosted Cyber Lightning, a three-day joint training exercise involving Air National Guard and Air Force Reserve units from western Pennsylvania and eastern Ohio.

    Learn More
  •  SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium

    SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium

    Mission Assurance

    In SEI crisis simulation exercises, participants use scenarios that present fictitious malicious actors and environmental factors based on real-world events.

    Learn More
  •  DevOps: Build Faster and Better Applications

    DevOps: Build Faster and Better Applications

    Cybersecurity System Verification and Validation Software Engineering and Information Assurance

    CERT researchers help your organization understand and establish robust DevOps capabilities to develop, test, and deploy software faster, with high quality, and with less risk.

    Learn More
  •  Runtime Assurance for Big Data Systems

    Runtime Assurance for Big Data Systems

    System Verification and Validation

    To help assure runtime performance in big data systems, we designed a reference architecture to automatically generate and insert monitors and aggregate metric streams.

    Learn More