headlines
July 2, 2009
CERT Resiliency Management Model Being Released
CERT has begun releasing the individual process areas of the CERT Resiliency Management Model, a capability model for operational resiliency management.
June 29, 2009
Winners of Best Practices Contest 2009 Announced
The winners of the Best Practices Contest 2009 were announced at the FIRST conference in Kyoto, Japan. Read the winning submissions.
June 22, 2009
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
June 16, 2009
New Podcast Released
When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks.
May 26, 2009
New Podcast Released
Business leaders need to take action to better mitigate sophisticated social engineering attacks.
May 8, 2009
Attend the SEI Webinar on May 14
Register for the webinar SQUARE Up Your Security Requirements Engineering with SQUARE. This webinar provides an overview of the SQUARE process and discusses current activities and plans.
May 5, 2009
New Podcast Released
Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences.
April 30, 2009
Making the Business Case for Software Assurance Published
This report provides guidance for making the business case for building software assurance into software products during each software development life-cycle activity.
April 24, 2009
Register for First Insider Threat Workshop
Learn how to identify and manage the risk of insider threat in your organization. Register now for the two-day Insider Threat Workshop in Arlington, VA.
April 16, 2009
CERT Releases Dranzer Tool
As part of their vulnerability discovery efforts, CERT has released Dranzer, an open source tool that software developers can use to test for ActiveX vulnerabilities.
April 14, 2009
New Podcast Released
Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.
April 13, 2009
Linux Forensics Tools Repository Released
The CERT forensics tools repository, a collection of add-on packages for Fedora, provides many useful cyber forensics tools for analysts and practitioners.
March 31, 2009
New Podcast Released
Observed practice, represented as a maturity model, can serve as a basis for developing more secure software.
March 30, 2009
Secure Design Patterns
This technical report describes a set of secure design patters, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
March 17, 2009
New Podcast Released
Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.
March 11, 2009
CERT Program Hosts Leaders in Security
On March 10, the CERT Program at Carnegie Mellon University's Software Engineering Institute began a two-day technical symposium for a select group of leaders in experts in the cyber security field.
March 6, 2009
2008 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
March 3, 2009
New Podcast Released
Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite.
March 2, 2009
New Course Offering: Insider Threat Workshop
CERT's insider threat research serves as the foundation for this two-day workshop.
February 25, 2009
The CERT/CC and FIRST Announce Best Practices Contest 2009
For the second year in a row, the CERT/CC and FIRST are jointly hosting an international competition to honor best practices and advances in safeguarding the security of computer systems and networks.
February 17, 2009
New Podcast Released
Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.
February 10, 2009
Richard Pethia Receives CSO Compass Award
Richard D. Pethia, director of the Carnegie Mellon Software Engineering Institute (SEI) CERT Program has been named a recipient of the 2009 CSO Compass Award sponsored by CSO Magazine.
February 3, 2009
New Podcast Released
Standards, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security.
January 28, 2009
Common Sense Guide to Prevention and Detection of Insider Threats, Version 3.1
The third version of this guide includes new and updated practices based on an analysis of approximately 100 recent insider threat cases that occurred from 2003 to 2007 in the United States.
January 20, 2009
New Podcast Released
Rich Pethia reflects on CERT’s 20-year history and discusses how he is positioning the program to tackle future IT and security challenges.
January 6, 2009
New Podcast Released
Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes.
December 9, 2008
New Podcast Released
Climate change requires new strategies for dealing with traditional IT and information security risks.
November 25, 2008
New Podcast Released
Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.
November 13, 2008
CERT Resiliency Engineering Framework (REF) Outline Published
This document provides a brief overview of the CERT Resiliency Engineering Framework, including purpose statements, goals, and specific practices for each capability area.
November 11, 2008
New Podcast Released
Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.
October 28, 2008
New Podcast Released
A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation.
October 20, 2008
The CERT C Secure Coding Standard Published
This book is an essential desktop reference documenting the first official release of the CERT C Secure Coding Standard.
October 17, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the third quarter of 2008.
October 14, 2008
New Podcast Released
When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities.
September 30, 2008
New Podcast Released
Integrating security into university curricula is one of the key solutions to developing more secure software.
September 17, 2008
Interactive Vulnerability Reporting Form Released
The interactive form enhances CERT's vulnerability analysis efforts by making it easier for vulnerability reporters to securely submit valuable information.
September 16, 2008
New Podcast Released
OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services.
September 8, 2008
Java Secure Coding Standard Released
CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments.
September 2, 2008
New Technical Note Released
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.
September 2, 2008
New Podcast Released
Well-defined metrics are essential to determine which security practices are worth the investment.
August 20, 2008
New Podcast Released
Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle.
August 5, 2008
New Podcast Released
Protecting critical infrastructures and the information they use are essential for preserving our way of life.
July 29, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the second quarter of 2008.
July 22, 2008
New Podcast Released
Determining which security vulnerabilities to address should be based on the importance of the information asset.
July 18, 2008
CERT Autoresponder Disabled
Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address.
July 8, 2008
New Podcast Released
During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack.
June 27, 2008
Winners of Best Practices Security Awards Announced
The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted.
June 24, 2008
New Podcast Released
Targeted, innovative communications and a robust life cycle are keys for security policy success.
June 17, 2008
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published
This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects.
June 10, 2008
New Podcast Released
Managing software that is developed by an outside organization can be more challenging than building it yourself.
May 27, 2008
New Podcast Released
Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers.
May 23, 2008
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
May 15, 2008
Making the Business Case for Software Assurance
This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available.
May 13, 2008
New Podcast Released
High performing organizations effectively integrate information security controls into mainstream IT operational processes.
April 29, 2008
New Podcast Released
Helping your staff learn how to identify social engineering attempts is the first step in thwarting them.
April 18, 2008
Vulnerability Analysis Blog Published
In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis.
April 15, 2008
New Podcast Released
Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough.
April 14, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the first quarter of 2008.
April 1, 2008
CERT Authors Publish Book About Building Security into Software Products
Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle.
April 1, 2008
Reminder: Entries for Security Awards Due April 30
Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC.
April 1, 2008
New Podcast Released
Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy.
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")
