Benitez, M., 2023: Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off. Carnegie Mellon University, Software Engineering Institute ...

Using large language models (LLMs) to adjudicate static analysis alerts enables more complete alert adjudication, reducing unknown risk and improving software security. Software vulnerabilities pose a ...

In this webcast, Justin Novak and Christopher Ian Rodman discuss how AI can be leveraged to build out and enable your security operations center (SOC) by covering gaps in tools, workforce, and ...

The Software Engineering Institute establishes and advances software as a strategic advantage for national security. We lead and direct research and transition of software engineering, cyber, ...

The Department of Defense (DoD) has long recognized the potential benefits of using autonomous systems for mission success. Over the last 10 years, there have been advances in artificial intelligence ...

Building an effective security operations capability such as a security operations center (SOC) has always been a challenging endeavor. Balancing the need to successfully integrate the people, ...

Students who wish to purchase the CERT Leadership in AI for Cybersecurity certificate package (three eLearning courses, instructor-led 2-day workshop) will receive a discount from the total cost. The ...

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System ...

Dormann, W., 2018: When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults. Carnegie Mellon University, Software Engineering Institute's ...