Software Engineering Institute

Using LLMs to Evaluate Code

In this webcast, Dr. Mark Sherman summarizes the results of experiments that were conducted to see if various large language models (LLMs) could correctly identify problems with source code.
sei.cmu

Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off

Benitez Preciado, M., 2023: Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off. Carnegie Mellon University, Software Engineering ...
sei.cmu

Transforming Software Quality Assessment

The SEI's publication of the Capability Maturity Model for Software (Software CMM) in 1991 changed the view in government and industry about software quality. The model consisted of best practices in ...
sei.cmu

Using LLMs to Evaluate Code

Finding and fixing weaknesses and vulnerabilities in source code has been an ongoing challenge. There is a lot of excitement about the ability of large language models (LLMs, e.g., GenAI) to produce ...
sei.cmu

Software Engineering Institute

Digital Library Search ResultsSoftware Engineering Institute Home Publications Digital Library Digital Library Search Results ...
Software Engineering Institute

Q-Day Countdown: Are You Prepared?

In this webcast, Brett Tucker, Dan Justice, and Matthew Butkovic will discuss the challenges to be expected with the realization of quantum computing capabilities.
sei.cmu

Rust Software Security: A Current State Assessment

Sible, J., and Svoboda, D., 2022: Rust Software Security: A Current State Assessment. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Rust Vulnerability Analysis and Maturity Challenges

Wassermann, G., and Svoboda, D., 2023: Rust Vulnerability Analysis and Maturity Challenges. Carnegie Mellon University, Software Engineering Institute's Insights ...
sei.cmu

10 Types of Application Security Testing Tools: When and How to Use Them

Scanlon, T., 2018: 10 Types of Application Security Testing Tools: When and How to Use Them. Carnegie Mellon University, Software Engineering Institute's Insights ...
sei.cmu

2003 CERT Advisories

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes. This report details the description, impact, ...
sei.cmu

Probably Don’t Rely on EPSS Yet

Spring, J., 2022: Probably Don’t Rely on EPSS Yet. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed October 3, 2025, https ...
sei.cmu

When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults

Dormann, W., 2018: When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults. Carnegie Mellon University, Software Engineering Institute's ...