sei.cmu

Using Alternate Data Streams in the Collection and Exfiltration of Data

Updyke, D., and Jaconski, M., 2022: Using Alternate Data Streams in the Collection and Exfiltration of Data. Carnegie Mellon University, Software Engineering ...
sei.cmu

Instantiating the Error Model Version 2 (EMV2) Annex

This report describes the EMV2 Instance Model’s structure, the challenges encountered when defining it, and the rationale used to choose its structure. The Error ...
sei.cmu

Symposium to Address Cyber Mission Readiness in the Age of Artificial Intelligence

This newsletter compiles the latest SEI releases and news about the upcoming symposium Cyber Mission Readiness in the Age of AI, using public LLMs to rapidly develop tools for use in classified ...
sei.cmu

AI-Powered Memory Safety for C Applications

Proving the absence of use-after-free errors and other temporal memory safety vulnerabilities is complex and costly, particularly in large codebases such as those for mission-critical military systems ...
sei.cmu

Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Ruefle, R., 2017: Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series). Carnegie Mellon University, Software ...
sei.cmu

Send a Message

This contact form is for general questions and requests for contact. Do not use this contact form to send sensitive information. Please review the guidelines for sending sensitive information. If you ...
Software Engineering Institute

Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model

This podcast explores updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability ...
sei.cmu

An Introduction to Model-Based Systems Engineering (MBSE)

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Insider Threat Test Dataset

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...
sei.cmu

CSIRT Frequently Asked Questions (FAQ)

The CERT Division of the Software Engineering Institute helps organizations and national CSIRTs develop, operate, and improve incident management capabilities. This FAQ addresses questions the global ...