Prioritizing Security Alerts: A DoD Case Study
The sheer effort required to triage the large number of potential code flaws identified by static analysis tools can hjack a software project’s budget and schedule.
Automated Code Repair in the C Programming Language
Finding violations of secure coding guidelines in source code is daunting, but fixing them is an even greater challenge. Automated code repair can eliminate security vulnerabilities much faster than the existing manual process and at a much lower cost.
Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response
CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.
An Evaluation of Three Cyber Threat Models
This blog post evaluates three popular methods of cyber threat modeling and a potential model that fuses the best qualities of each.
Mapping the FFIEC Cybersecurity Assessment Tool (CAT) to the CRR
To help financial institutions assess their cyber resilience, we mapped FFIEC CAT statements to Cyber Resilience Review (CRR) questions.
Managing Third Party Risks to Financial Services Organizations
A resilience-based approach can help financial services organizations to manage cyber risks from outsourcing and comply with federal cybersecurity regulations.
CERT Division at a Glance
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.
VU#865216: CodeLathe FileCloud is vulnerable to cross-site request forgery
Original Release date - 01/13/2017
VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates
Original Release date - 01/10/2017
VU#475907: Shoretel Mobility Client iOS application does not verify SSL certificates
Original Release date - 01/03/2017
- Report a Vulnerability
- SQUARE Frequently Asked Questions (FAQ) This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle. White Paper - 01/05/2017
- Using Malware Analysis to Identify Overlooked Security Requirements (MORE) In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements. Presentation - 01/03/2017
- Common Sense Guide to Mitigating Insider Threats, 5th Edition Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases. Technical Report - 12/21/2016