Software Engineering Institute

SEI Parser Demystifies Firmware to Fight Vulnerabilities

Software based on the Unified Extensible Firmware Interface (UEFI) standard makes up the firmware of most modern desktop computers and servers. This software is largely invisible to users, critical to ...
sei.cmu

Application of Large Language Models (LLMs) in Software Engineering: Overblown Hype or Disruptive Change?

Ozkaya, I., Carleton, A., Robert, J., and Schmidt, D., 2023: Application of Large Language Models (LLMs) in Software Engineering: Overblown Hype or Disruptive Change ...
sei.cmu

CERT Division

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...
sei.cmu

An Introduction to Model-Based Systems Engineering (MBSE)

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Architecture Tradeoff Analysis Method Collection

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Rust Software Security: A Current State Assessment

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development

Software is vital to our country’s global competitiveness, innovation, and national security. It also ensures our modern standard of living and enables continued advances in defense, infrastructure, ...
sei.cmu

10 Types of Application Security Testing Tools: When and How to Use Them

Scanlon, T., 2018: 10 Types of Application Security Testing Tools: When and How to Use Them. Carnegie Mellon University, Software Engineering Institute's Insights ...
sei.cmu

An Introduction to the Cybersecurity Maturity Model Certification (CMMC)

Stewart, K., and Hoover, A., 2020: An Introduction to the Cybersecurity Maturity Model Certification (CMMC). Carnegie Mellon University, Software Engineering ...
sei.cmu

SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)

In this online download, the CERT Secure Coding Team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives. We ...
sei.cmu

Insider Threat Test Dataset

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...