Software Engineering Institute

This collection describes work that CERT researchers are conducting in the field of cybersecurity engineering.

• Using Malware Analysis in Security Requirements Elicitation: This research uses information about previous cyberattacks to enhance requirements elicitation for software development.
• Security Engineering Risk Analysis (SERA): This research is focused on developing methods for analyzing security-related design weaknesses that cannot be corrected easily during operations.
• Cybersecurity Quality Metrics: This research evaluates the feasibility of using specialized software quality models to improve the security of software and of using available quality and vulnerability data to effectively calibrate a specialized quality model to track and forecast security defects.
• Security Quality Requirements Engineering (SQUARE): This research and its resulting tool helps organizations to build security into the early stages of the production and acquisition lifecycles, including privacy.
• Supply Chain and COTS Assurance: This research aims to help you evaluate and reduce supply chain risk, provides guidance you can use to manage these risks, and improve your use of resources in reducing these risks.
• Cybersecurity and Software Assurance Measurement and Analysis: The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.
• Software Assurance Ecosystem: This research involves investigating and developing viable, reasoned ways to describe problem complexity within the security assurance ecosystem with sufficient insight to identify opportunities for real improvement.

See the following publications for more information about cybersecurity research efforts.