Benitez, M., 2023: Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off. Carnegie Mellon University, Software Engineering Institute ...

Using large language models (LLMs) to adjudicate static analysis alerts enables more complete alert adjudication, reducing unknown risk and improving software security. Software vulnerabilities pose a ...

In this webcast, Justin Novak and Christopher Ian Rodman discuss how AI can be leveraged to build out and enable your security operations center (SOC) by covering gaps in tools, workforce, and ...

The Software Engineering Institute establishes and advances software as a strategic advantage for national security. We lead and direct research and transition of software engineering, cyber, ...

A system's software architecture is widely regarded as one of the most important software artifacts. Software professionals routinely make decisions that impact that architecture, yet many times that ...

Building an effective security operations capability such as a security operations center (SOC) has always been a challenging endeavor. Balancing the need to successfully integrate the people, ...

Students who wish to purchase the CERT Leadership in AI for Cybersecurity certificate package (three eLearning courses, instructor-led 2-day workshop) will receive a discount from the total cost. The ...

The Department of Defense (DoD) has long recognized the potential benefits of using autonomous systems for mission success. Over the last 10 years, there have been advances in artificial intelligence ...

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Dormann, W., 2018: When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults. Carnegie Mellon University, Software Engineering Institute's ...

This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System ...