Software Engineering Institute

Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model

This podcast explores updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal ...
sei.cmu

Using Alternate Data Streams in the Collection and Exfiltration of Data

Updyke, D., and Jaconski, M., 2022: Using Alternate Data Streams in the Collection and Exfiltration of Data. Carnegie Mellon University, Software Engineering ...
sei.cmu

Instantiating the Error Model Version 2 (EMV2) Annex

This report describes the EMV2 Instance Model’s structure, the challenges encountered when defining it, and the rationale used to choose its structure. The Error ...
sei.cmu

AI-Powered Memory Safety for C Applications

Proving the absence of use-after-free errors and other temporal memory safety vulnerabilities is complex and costly, particularly in large codebases such as those for mission-critical military systems ...
sei.cmu

Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Ruefle, R., 2017: Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series). Carnegie Mellon University, Software ...
sei.cmu

Send a Message

This contact form is for general questions and requests for contact. Do not use this contact form to send sensitive information. Please review the guidelines for sending sensitive information. If you ...
sei.cmu

Thread Safety Analysis in C and C++

Ballman, A., 2014: Thread Safety Analysis in C and C++. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed February 19, 2026 ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

CSIRT Frequently Asked Questions (FAQ)

The CERT Division of the Software Engineering Institute helps organizations and national CSIRTs develop, operate, and improve incident management capabilities. This FAQ addresses questions the global ...
sei.cmu

Insider Threat Test Dataset

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...
sei.cmu

Threat Modeling: 12 Available Methods

Shevchenko, N., 2018: Threat Modeling: 12 Available Methods. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed February 23, 2026 ...
sei.cmu

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability ...