headlines

July 22, 2008

New Podcast Released
Determining which security vulnerabilities to address should be based on the importance of the information asset.

July 18, 2008

CERT Autoresponder Disabled
Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address.

July 8, 2008

New Podcast Released
During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack.

June 27, 2008

Winners of Best Practices Security Awards Announced
The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted.

June 24, 2008

New Podcast Released
Targeted, innovative communications and a robust life cycle are keys for security policy success.

June 17, 2008

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published
This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects.

June 10, 2008

New Podcast Released
Managing software that is developed by an outside organization can be more challenging than building it yourself.

May 27, 2008

New Podcast Released
Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers.

May 23, 2008

New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.

May 15, 2008

Making the Business Case for Software Assurance
This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available.

May 13, 2008

New Podcast Released
High performing organizations effectively integrate information security controls into mainstream IT operational processes.

April 29, 2008

New Podcast Released
Helping your staff learn how to identify social engineering attempts is the first step in thwarting them.

April 18, 2008

Vulnerability Analysis Blog Published
In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis.

April 15, 2008

New Podcast Released
Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough.

April 14, 2008

CERT Statistics Updated
The CERT statistics have been updated with numbers from the first quarter of 2008.

April 1, 2008

CERT Authors Publish Book About Building Security into Software Products
Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle.

April 1, 2008

Reminder: Entries for Security Awards Due April 30
Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC.

April 1, 2008

New Podcast Released
Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy.

March 31, 2008

Incident Management Mission Diagnostic Method, Version 1.0 Published
This report presents a risk-based approach for determining the potential for success of an organization's incident management capability.

March 28, 2008

CERT Sponsors FIRST Conference
CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT.

March 18, 2008

New Podcast Released
A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes.

March 17, 2008

CERT Resiliency Engineering Framework, v0.95R Available
A new review version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials.

March 6, 2008

2007 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.

March 4, 2008

New Podcast Released
Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle.

February 26, 2008

FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards
The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Mellon® Software Engineering Institute (SEI) CERT® Coordination Center (CERT/CC).

February 19, 2008

New Podcast Released
Business leaders need to understand the risks to their organizations caused by the proliferation of botnets.

February 14, 2008

CERT to Participate in Second Annual Counter eCrime Operations Summit
CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan.

February 5, 2008

New Podcast Released
Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data.

January 22, 2008

SQUARE Instructional Materials Released
Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download.

January 22, 2008

New Podcast Released
Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information.

January 15, 2008

CERT Statistics Updated
The numbers from the fourth quarter have been incorporated, completing the 2007 statistics.

January 9, 2008

Insider Threat Studies Released
Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors.

January 8, 2008

New Podcast Released
Directors and senior executives are personally accountable for protecting information entrusted to their care.

December 10, 2007

New Podcast Released
Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there.

November 29, 2007

FloCon 2008 Schedule Available
The schedule for the FloCon 2008 conference has been released.

November 29, 2007

FBI Announces Results of Operation Bot Roast II
In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks.

November 27, 2007

New Podcast Released
Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees?

November 13, 2007

New Podcast Released
Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome.

November 1, 2007

CERT NetSA Group Participates in Anti-Phishing Working Group eCrime Research Summit
Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations (pdf) at the APWG eCrime Researchers Summit. They also participated in the Report out and Panel: Uncleanliness: Quantifying network reputation.

October 30, 2007

New Podcast Released
Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations.

October 16, 2007

CERT Statistics Updated
The CERT statistics have been updated with numbers from the third quarter of 2007.

October 16, 2007

New Podcast Released
A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders.

October 9, 2007

Vodcast - Secure Coding Initiative: Project
Robert Seacord discusses the Secure Coding project.

October 2, 2007

New Podcast Released
By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats.