Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Security & Survivability

The SEI is home to the CERT Division, which studies internet security vulnerabilities, researches long-term changes in networked systems, and develops information and training to help you improve security.


The SEI is home to the CERT Division, which was established in 1988 to address internet security problems and to find ways to reduce the number and impact of security breaches. The CERT Division  focuses on protection, detection, and response to attacks on networked computer systems. We develop techniques, tools, training, and publications to help organizations achieve better software, better systems, better systems management, and a more skilled workforce.

Cyber Risk and Resilience Management

We enable organizations to measure and manage operational risks and ensure mission success by performing research; designing and developing models, tools, and techniques; and deploying capabilities that improve organizations' cybersecurity and resilience. Read more >

Cybersecurity Engineering

We address security, software assurance, and survivability throughout the development and acquisition lifecycles by creating methods, solutions, and training that can be integrated into your existing practices.  Read more >

Digital Intelligence and Investigation

We conduct research and develop technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations. Read more >

Incident Management

We help organizations and national CSIRTs develop, operate, and improve their incident management capabilities. Read more >

Insider Threat

We enable effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats. Read more >

Network Situational Awareness

We improve network security by identifying and detecting threats early; sharing data in near real time; and playing an active role in providing the knowledge, capability, and capacity to secure and monitor valuable networks. Read more >

Secure Coding

We identify insecure coding practices and develop secure alternatives that software developers can use to take practical steps to reduce or eliminate vulnerabilities before deployment. Read more >

Vulnerability Analysis

We help engineers detect, eliminate, and avoid creating vulnerabilities in software. Read more >

Training and Education

We use a variety of approaches toward increasing the skills and knowledge of an international workforce. We offer training for executives, technical staff and managers of CSIRTs, system administrators, and other technical personnel interested in learning more about network security. Some of these classes are part of our incident handling certification program. Read more >