Software Engineering Institute

What Could Possibly Go Wrong? Safety Analysis for AI Systems

SEI researchers discuss their work on System Theoretic Process Analysis, or STPA, a hazard-analysis technique uniquely suitable for dealing with AI complexity when assuring AI systems.
sei.cmu

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Dormann, W., 2016: Windows 10 Cannot Protect Insecure Applications Like EMET Can. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

From Hype to Adoption: Guiding Organizations in Their AI Journey

This newsletter compiles the latest SEI releases and news about guiding organizations on their AI journeys, presentations from the Secure Software by Design 2025 event, a model-based approach for ...
sei.cmu

CERT Division

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...
sei.cmu

Common Testing Problems: Pitfalls to Prevent and Mitigate

Firesmith, D., 2013: Common Testing Problems: Pitfalls to Prevent and Mitigate. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Fricke, J., and Hoover, A., 2018: Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection. Carnegie Mellon University, Software Engineering ...
sei.cmu

Differences Between ASLR on Windows and Linux

Dormann, W., 2014: Differences Between ASLR on Windows and Linux. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13 ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Rust Vulnerability Analysis and Maturity Challenges

Wassermann, G., and Svoboda, D., 2023: Rust Vulnerability Analysis and Maturity Challenges. Carnegie Mellon University, Software Engineering Institute's Insights ...
sei.cmu

Rust Software Security: A Current State Assessment

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

2000 CERT Advisories

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes. This report details the description, impact, ...
sei.cmu

A Hitchhiker’s Guide to ML Training Infrastructure

Palat, J., 2022: A Hitchhiker’s Guide to ML Training Infrastructure. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November ...