Updyke, D., and Jaconski, M., 2022: Using Alternate Data Streams in the Collection and Exfiltration of Data. Carnegie Mellon University, Software Engineering ...

This report describes the EMV2 Instance Model’s structure, the challenges encountered when defining it, and the rationale used to choose its structure. The Error ...

This newsletter compiles the latest SEI releases and news about the upcoming symposium Cyber Mission Readiness in the Age of AI, using public LLMs to rapidly develop tools for use in classified ...

Proving the absence of use-after-free errors and other temporal memory safety vulnerabilities is complex and costly, particularly in large codebases such as those for mission-critical military systems ...

Frye, B., 2020: 8 Steps for Migrating Existing Applications to Microservices. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Ruefle, R., 2017: Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series). Carnegie Mellon University, Software ...

This podcast explores updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal ...

SEI experts at the March 12 event will discuss government and military CMR challenges, as well as emerging solutions for a cyber- and AI-ready workforce.

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability ...

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...