Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University


CERT research explores next-generation approaches to security engineering while adapting quickly to rapidly changing real-world problems. Our research spans the software lifecycle, from requirements and architecture through coding and maintenance. It addresses security issues for executives making investment decisions, risk managers, and network administrators and managers responsible for the security of their organization’s systems. Our broad areas of research are described below.

Cyber Risk and Resilience Management

Cyber Risk and Resilience Management researchers define best practices for managing operational resilience and provide methods for identifying and managing cyber risk. Read more >

Cybersecurity Engineering

Cybersecurity Engineering researchers develop methods for analyzing your development lifecycle, develop ways to reduce risk in your supply chain, create software assurance curricula for use in training programs or academic courses, and develop tools for measuring and analyzing software security. Read more >

Digital Intelligence and Investigation

Digital Intelligence and Investigation researchers leverage social media to uncover malicious activity and develop tools to help law enforcement. Read more >

Incident Management

Incident Management researchers provide computer security incident response team (CSIRT) development services and support CSIRTs with national responsibility. Read more >

Insider Threat

Insider Threat researchers create technical controls and indicators, conduct case analyses and develop best practices, model and simulate insider threat, and assess your insider threat vulnerabilities. Read more >

Network Situational Awareness

Network Situational Awareness (NetSA) researchers automate the analysis of large-scale network traffic and develop large-scale, open source tools. Read more >

Secure Coding

Secure Coding team members research secure coding practices, participate in international standards development, and provide SCALe conformance testing services. Read more >

Vulnerability Analysis

Vulnerability Analysis researchers help engineers learn how vulnerabilities are created and discovered, provide a process for coordinating vulnerabilities, and collect information and provide timely information about vulnerabilities. Read more >