The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...

Detecting malicious code is a challenge, particularly when it’s implanted in otherwise legitimate software. If undetected, malware injected into legitimate software can result in costly compromises of ...

Assuring evolving large-scale systems (i.e., systems with multiple subsystems) can be a bottleneck in deploying capabilities with the speed and confidence needed for current Department of Defense (DoD ...

Hardware inefficiencies pose major limitations to U.S. Department of Defense (DoD) applications; current processors simply cannot keep up with the large and complex machine learning (ML) workloads ...

CaBSCE introduces a novel method for cost estimation that aligns with modern software practices, where flexibility and speed are paramount.

Deploying critical software with certification and frequent updates is a major challenge. Exhaustive testing of safety-critical systems is not possible due to the exponential growth of test cases; ...

This project focuses on creating a foundational model for all container reproducibility efforts (open-source, commercial, U.S. Department of Defense (DoD), etc.). The lack of build reproducibility is ...

SEI Publications Annual Reviews 2024 Research Review Schedule ¦ 2024 Research Review ...

Join representatives from CMU SEI at the ACT-IAC Imagine Nation ELC Conference which brings together the government technology community to discuss the issues facing government and work together to ...

In this webcast, Justin Smith highlights a novel approach to providing independent verification and validation (IV&V) for projects that are using an Agile or iterative software development.

Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in Java programming.

This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral ...