sei.cmu

Using Alternate Data Streams in the Collection and Exfiltration of Data

Updyke, D., and Jaconski, M., 2022: Using Alternate Data Streams in the Collection and Exfiltration of Data. Carnegie Mellon University, Software Engineering ...
sei.cmu

Instantiating the Error Model Version 2 (EMV2) Annex

The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset ...
sei.cmu

Handling Threats from Disgruntled Employees

CERT Insider Threat Center, T., 2015: Handling Threats from Disgruntled Employees. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Ruefle, R., 2017: Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series). Carnegie Mellon University, Software ...
sei.cmu

Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development

The SEI led the community in creating this multi-year research and development vision and roadmap for engineering next-generation software-reliant systems. Software is vital to our country’s global ...
sei.cmu

Rust Software Security: A Current State Assessment

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability ...
sei.cmu

Attribute-Driven Design: Create Software Architectures Using Architecturally Significant Requirements

Attribute-Driven Design (ADD) is a systematic, step-by-step method that helps you design an effective architecture for software-intensive systems. Attribute-Driven Design (ADD) is a systematic, ...
sei.cmu

Insider Threat Test Dataset

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...
sei.cmu

Rust Vulnerability Analysis and Maturity Challenges

Wassermann, G., and Svoboda, D., 2023: Rust Vulnerability Analysis and Maturity Challenges. Carnegie Mellon University, Software Engineering Institute's Insights ...
sei.cmu

10 Types of Application Security Testing Tools: When and How to Use Them

Scanlon, T., 2018: 10 Types of Application Security Testing Tools: When and How to Use Them. Carnegie Mellon University, Software Engineering Institute's Insights ...