Carnegie Mellon University, Software Engineering Insitute

Results per page

Simulating Realistic Human Activity Using Large Language Model Directives

October 2, 2023 • Technical Report

By Dustin D. Updyke , Thomas G. Podnar , Sean Huff

The authors explore how activities generated from the GHOSTS Framework’s NPC client compare to activities produced by GHOSTS’ default behavior and LLMs.
DOWNLOAD the authors explore how activities generated from the ghosts framework’s npc client compare to activities produced by ghosts’ default behavior and llms. Cyber Workforce Development 2023
CERT NetSA Security Suite

October 1, 2023 • Software

By None

The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.
DOWNLOAD the network situational awareness (netsa) group at cert has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. Situational Awareness 2023
SCALe

July 14, 2023 • Software

By None

SCALe is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the SEI’s research projects.
DOWNLOAD scale is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the sei’s research projects. Secure Coding,Tools,Secure Development 2023
Mothra

June 15, 2022 • Software

By None

Mothra is a collection of libraries and tools for working with network flow data in the Apache Spark large-scale data analytics engine.
DOWNLOAD mothra is a collection of libraries and tools for working with network flow data in the apache spark large-scale data analytics engine. Network Situational Awareness 2022
DevSecOps Platform Independent Model (PIM)

May 1, 2022 • Handbook

By Carol Woody , Joe Yankel , Aaron K. Reffett , Nataliya Shevchenko , Lyndsi A. Hughes , Timothy A. Chick , Mary Popeck , Brent Frye

The DevSecOps PIM enables organizations to implement DevSecOps in a secure, safe, and sustainable way.
DOWNLOAD the devsecops pim enables organizations to implement devsecops in a secure, safe, and sustainable way. DevSecOps 2022
Juneberry

March 1, 2022 • Software

By None

Juneberry automates the training, evaluation, and comparison of multiple ML models against multiple datasets.
DOWNLOAD juneberry automates the training, evaluation, and comparison of multiple ml models against multiple datasets. Artificial Intelligence Engineering,Machine Learning 2022
Software Assurance Guidance and Evaluation (SAGE) Tool

May 3, 2021 • White Paper

By Ebonie McNeil , Hasan Yasar , Luiz Antunes , Robert Schiela

The Software Assurance Guidance and Evaluation (SAGE) tool helps an organization assess the security of its systems development and operations practices.
DOWNLOAD the software assurance guidance and evaluation (sage) tool helps an organization assess the security of its systems development and operations practices. Tools,Software Assurance 2021
CERT Kaiju

March 16, 2021 • Software

By None

CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite.
DOWNLOAD cert kaiju is a binary analysis framework extension for the ghidra software reverse engineering suite. Reverse Engineering for Malware Analysis,Malware Analysis,Reverse Engineering 2021
Overview of Practices and Processes of the CMMC 1.0 Assessment Guides (CMMC 1.0)

March 3, 2021 • White Paper

By Douglas Gardner

This document is intended to help anyone unfamiliar with cybersecurity standards get started with the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC).
DOWNLOAD this document is intended to help anyone unfamiliar with cybersecurity standards get started with the department of defense (dod) cybersecurity maturity model certification (cmmc). Tools,Supply Chain Assurance,Cyber Risk and Resilience Management 2021
Mission-Based Prioritization Tool (Coded)

November 4, 2020 • Software

By None

An alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of Visual Basic code that creates a tab containing the sorted …
DOWNLOAD an alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of visual basic code that creates a tab containing the sorted prioritized list and a tab containing features grouped parameters. Tools 2020
Mission-Based Prioritization Tool (Code Free)

November 4, 2020 • Software

By None

A no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted.
DOWNLOAD a no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted. Tools 2020
KalKi Platform Main Repository

July 22, 2020 • Software

By Sebastián Echeverría

KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.
DOWNLOAD kalki is an iot platform for allowing untrusted iot devices to connect to a network in a secure way, protecting both the iot device and the network from malicious attackers. Tools,Cloud Computing 2020
SEI-ACE

April 13, 2020 • Software

By Sebastián Echeverría , Grace Lewis

SEI-ACE is an extension of the ACE Working Group proposal to support authentication and authorization of devices in disadvantaged environments.
DOWNLOAD sei-ace is an extension of the ace working group proposal to support authentication and authorization of devices in disadvantaged environments. Tools,Edge Computing,Cloud Computing 2020
SEI CERT Coding Standards Wiki

April 1, 2020 • Handbook

By None

This wiki supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the Android™ platform.
DOWNLOAD this wiki supports the development of coding standards for commonly used programming languages such as c, c++, java, and perl, and the android™ platform. CERT,Secure Development 2020
Crucible

April 1, 2020 • Software

By None

Crucible is a cyber-simulation framework that automates the creation, deployment, facilitation, and assessment of simulations to deliver cost-effective, dynamic virtual environments in an immersive, browser-based experience.
DOWNLOAD crucible is a cyber-simulation framework that automates the creation, deployment, facilitation, and assessment of simulations to deliver cost-effective, dynamic virtual environments in an immersive, browser-based experience. 2020
DSOI-ALL / devops-microcosm

March 2, 2020 • Software

By None

Hands-on guidance to build DevSecOps pipeline
DOWNLOAD hands-on guidance to build devsecops pipeline 2020
CWD Tools for Improving Cyber Simulations

February 1, 2020 • None

By None

Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each one.
DOWNLOAD download the open source software tools that the sei developed to create realistic cyber simulations or access information to learn more about each one. 2020
IRL Demo

January 1, 2020 • Software

By None

The IRL demo is an interactive demonstration of Maximum Causal Entropy Inverse Reinforcement Learning (MCEIRL).
DOWNLOAD the irl demo is an interactive demonstration of maximum causal entropy inverse reinforcement learning (mceirl). Artificial Intelligence Engineering,Machine Learning 2020
SCAIFE-API YAML Specification

June 14, 2019 • Software

By None

The YAML file specifies the SCAIFE-API definition in a format developers can use to view, modify, and automatically generate code from.
DOWNLOAD the yaml file specifies the scaife-api definition in a format developers can use to view, modify, and automatically generate code from. Secure Development,Secure Coding 2019
Artificial Intelligence and Cyber Intelligence: An Implementation Guide

May 22, 2019 • Educational Material

By None

This guide provides practical steps for implementing artificial intelligence with cyber intelligence.
DOWNLOAD this guide provides practical steps for implementing artificial intelligence with cyber intelligence. 2019
Foundry

March 1, 2019 • Software

By None

Foundry is a training asset management portal that organizations can customize to meet unique training needs and that training providers can share content on. Foundry is currently in beta and …
DOWNLOAD foundry is a training asset management portal that organizations can customize to meet unique training needs and that training providers can share content on. foundry is currently in beta and will be generally available in summer 2019. Tools,Cyber Workforce Development 2019
GHOSTS

January 31, 2019 • Software

By None

GHOSTS is a non-player character (NPC) orchestration generator that creates a range of realistic characters who produce network traffic that appears authentic.
DOWNLOAD ghosts is a non-player character (npc) orchestration generator that creates a range of realistic characters who produce network traffic that appears authentic. Tools,Cyber Workforce Development 2019
Infrastructure as Code: Final Report

January 28, 2019 • White Paper

By John Klein , Doug Reynolds

This project explored the feasibility of infrastructure as code, developed prototype tools, populated a model of the deployment architecture, and automatically generated IaC scripts from the model.
DOWNLOAD this project explored the feasibility of infrastructure as code, developed prototype tools, populated a model of the deployment architecture, and automatically generated iac scripts from the model. Tools,Software Architecture 2019
TopoMojo

December 3, 2018 • Software

By None

TopoMojo is a topology build and management tool that provides users with the same functionality and connectivity they would experience with real, physical devices.
DOWNLOAD topomojo is a topology build and management tool that provides users with the same functionality and connectivity they would experience with real, physical devices. Tools,Cyber Workforce Development 2018
Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool

November 16, 2018 • Dataset

By None

This archive contains the source code of the ACTIVE tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design.
DOWNLOAD this archive contains the source code of the active tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design. Tools 2018
WELLE-D

November 15, 2018 • Software

By None

WELLE-D is a wireless traffic transport for wired networks that you can use to create a realistic, virtual wireless network environment.
DOWNLOAD welle-d is a wireless traffic transport for wired networks that you can use to create a realistic, virtual wireless network environment. Tools,Cyber Workforce Development 2018
vTunnel

October 22, 2018 • Software

By None

vTunnel is a traffic proxy between guest and host networks that allows certain network activity, such as scoring mechanisms, to remain hidden from trainees.
DOWNLOAD vtunnel is a traffic proxy between guest and host networks that allows certain network activity, such as scoring mechanisms, to remain hidden from trainees. Tools,Cyber Workforce Development 2018
SCALe Collection

August 14, 2018 • None

By None

The CERT Division's Source Code Analysis Laboratory (SCALe) offers conformance testing of C and Java language software systems against the CERT C Secure Coding Standard and the CERT Oracle Secure …
DOWNLOAD the cert division's source code analysis laboratory (scale) offers conformance testing of c and java language software systems against the cert c secure coding standard and the cert oracle secure coding standard for java. Tools,Secure Development,Secure Coding 2018
Analysis Pipeline

June 1, 2018 • Software

By None

The Analysis Pipeline supports inspection of flow records as they are created.
DOWNLOAD the analysis pipeline supports inspection of flow records as they are created. Tools,FloCon,Cybersecurity,Situational Awareness 2018
CERT Vulnerability Data Archive and Tools

March 5, 2018 • Dataset

By Allen D. Householder

CERT archive of non-sensitive vulnerability information in the vulnerability reports database.
DOWNLOAD cert archive of non-sensitive vulnerability information in the vulnerability reports database. Security Vulnerabilities 2018
ADIA

December 1, 2017 • Software

By None

ADIA is a VMware-based appliance used for small-to-medium sized digital investigations.
DOWNLOAD adia is a vmware-based appliance used for small-to-medium sized digital investigations. Tools,Digital Intelligence and Investigation,Cybersecurity 2017
TopGen

November 22, 2017 • Software

By None

TopGen is a virtualized application service simulator for offline exercise and training networks.
DOWNLOAD topgen is a virtualized application service simulator for offline exercise and training networks. Tools,Cyber Workforce Development 2017
GreyBox

November 22, 2017 • Software

By None

GreyBox is a single-host Internet emulator that delivers the experience of connecting to the real Internet so you can avoid the risks of connecting to live systems in your training …
DOWNLOAD greybox is a single-host internet emulator that delivers the experience of connecting to the real internet so you can avoid the risks of connecting to live systems in your training environment. Tools,Cyber Workforce Development 2017
SeaHorn

November 12, 2017 • Software

By None

SeaHorn is an automated analysis framework for LLVM-based languages.
DOWNLOAD seahorn is an automated analysis framework for llvm-based languages. Tools,software engineering and information assurance,Software Architecture 2017
CERT Linux Forensics Tools Repository

November 10, 2017 • Software

By None

The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.
DOWNLOAD the cert linux forensics tools repository provides many useful packages for cyber forensics acquisition and analysis practitioners. Tools,Digital Intelligence and Investigation,Cybersecurity 2017
CERT YAF

November 8, 2017 • Software

By None

YAF, Yet Another Flowmeter, processes packet data from PCAP(3) dump files and exports the flows to IPFIX Collecting Processes or an IPFIX-based file format.
DOWNLOAD yaf, yet another flowmeter, processes packet data from pcap(3) dump files and exports the flows to ipfix collecting processes or an ipfix-based file format. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
CERT fixbuf

November 7, 2017 • Software

By None

CERT fixbuf is a compliant implementation of the IPFIX Protocol.
DOWNLOAD cert fixbuf is a compliant implementation of the ipfix protocol. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
CERT super_mediator

October 19, 2017 • Software

By None

CERT super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.
DOWNLOAD cert super_mediator is an ipfix mediator for use with the yaf and silk tools. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
MADARA

October 12, 2017 • Software

By None

MADARA is general-purpose middleware used for distributed timing, control, knowledge and reasoning, and quality-of-service.
DOWNLOAD madara is general-purpose middleware used for distributed timing, control, knowledge and reasoning, and quality-of-service. Tools,Cyber-Physical Systems,Autonomy and Counter-Autonomy 2017
GAMS

September 26, 2017 • Software

By None

GAMS is a distributed operating environment that controls one or more unmanned autonomous systems (UAS).
DOWNLOAD gams is a distributed operating environment that controls one or more unmanned autonomous systems (uas). Tools,Pervasive Mobile Computing,software engineering and information assurance 2017
Pharos

September 21, 2017 • Software

By None

Pharos is a static binary analysis framework that facilitates the automated analysis of binary programs.
DOWNLOAD pharos is a static binary analysis framework that facilitates the automated analysis of binary programs. Tools,Cybersecurity,Reverse Engineering for Malware Analysis 2017
CLANG

September 7, 2017 • Software

By None

CERT Thread Safety Analysis in Clang is a tool that uses annotations to declare and enforce thread safety policies in C and C++ programs.
DOWNLOAD cert thread safety analysis in clang is a tool that uses annotations to declare and enforce thread safety policies in c and c++ programs. Secure Coding,Tools,software engineering and information assurance,Cybersecurity,Secure Development 2017
Clang-Tidy

September 7, 2017 • Software

By None

Clang-Tidy is Clang-based C++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors.
DOWNLOAD clang-tidy is clang-based c++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors. Tools,Secure Development,Secure Coding 2017
The CERT Guide to Coordinated Vulnerability Disclosure

August 15, 2017 • Special Report

By Allen D. Householder , Garret Wassermann , Christopher King , Art Manion

This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go …
DOWNLOAD this guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful coordinated vulnerability disclosure process. it also provides insights into how cvd can go awry and how to respond when it does so. Tools,Security Vulnerabilities,CSIRT Development,CERT/CC 2017
Big Grep

August 11, 2017 • Software

By None

BigGrep is a tool used to index and search a large corpus of binary files and uses a probabilistic N-gram based approach to balance index size and search speed.
DOWNLOAD biggrep is a tool used to index and search a large corpus of binary files and uses a probabilistic n-gram based approach to balance index size and search speed. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2017
CERT Tapioca

July 12, 2017 • Software

By None

CERT Tapioca is a network-layer MITM proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including HTTP and HTTPS.
DOWNLOAD cert tapioca is a network-layer mitm proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including http and https. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2017
CERT SiLK IPset

June 29, 2017 • Software

By None

CERT SiLK IPset can be used to build and manipulate IPset files.
DOWNLOAD cert silk ipset can be used to build and manipulate ipset files. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
CERT SiLK

June 29, 2017 • Software

By None

SiLK is a collection of traffic analysis tools used to facilitate security analysis of large networks.
DOWNLOAD silk is a collection of traffic analysis tools used to facilitate security analysis of large networks. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
Prototype Software Assurance Framework (SAF): Introduction and Overview

April 6, 2017 • Technical Note

By Carol Woody , Christopher J. Alberts

In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.
DOWNLOAD in this report, the authors discuss the software assurance framework (saf), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. Cybersecurity Engineering 2017
CERT pyfixbuf

March 28, 2017 • Software

By None

CERT pyfixbuf is a Python API for libfixbuf that can be used to write applications that collect and export IPFIX.
DOWNLOAD cert pyfixbuf is a python api for libfixbuf that can be used to write applications that collect and export ipfix. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
SEI CERT C and C++ Coding Standards

March 14, 2017 • None

By None

The CERT Secure Coding Team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives.
DOWNLOAD the cert secure coding team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives. Secure Development,Secure Coding 2017
CERT snarf

March 9, 2017 • Software

By None

CERT snarf is a distributed alert reporting system that sends send network alert messages.
DOWNLOAD cert snarf is a distributed alert reporting system that sends send network alert messages. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017
Nabu

January 9, 2017 • Software

By None

Nabu is a tool based on the work of NetSimile used for parsing, constructing, and comparing the structural graphs of a large collection of PDF documents.
DOWNLOAD nabu is a tool based on the work of netsimile used for parsing, constructing, and comparing the structural graphs of a large collection of pdf documents. Tools,Cybersecurity,Reverse Engineering for Malware Analysis 2017
PDFrankenstein

January 9, 2017 • Software

By None

PDFrankenstein is a Python tool for bulk malicious PDF feature extraction.
DOWNLOAD pdfrankenstein is a python tool for bulk malicious pdf feature extraction. Tools,Cybersecurity,Reverse Engineering for Malware Analysis 2017
Insider Threat Test Dataset

November 28, 2016 • Dataset

By None

The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.
DOWNLOAD the insider threat test dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data. Tools,Insider Threat,Cybersecurity 2016
DMPLC

October 26, 2016 • Software

By None

DMPLC is the compiler for the DART Modeling and Programming Language (DMPL).
DOWNLOAD dmplc is the compiler for the dart modeling and programming language (dmpl). Tools,Cyber-Physical Systems,Autonomy and Counter-Autonomy 2016
DART

October 24, 2016 • Software

By None

DART combines model-driven development with evidence-generating analysis for engineering high-assurance software.
DOWNLOAD dart combines model-driven development with evidence-generating analysis for engineering high-assurance software. Tools,Cyber-Physical Systems,Autonomy and Counter-Autonomy 2016
CERT BFF

October 5, 2016 • Software

By None

CERT BFF is a software-testing tool that finds defects in applications that run on Microsoft Windows, Linux, Mac OS X, and other unix-like platforms.
DOWNLOAD cert bff is a software-testing tool that finds defects in applications that run on microsoft windows, linux, mac os x, and other unix-like platforms. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2016
Automated Assurance of Security Policy Enforcement (AASPE)

August 3, 2016 • Software

By None

AASPE is a set of modeling tools for security analysis and a code generator to produce code for the seL4 platform from AADL models.
DOWNLOAD aaspe is a set of modeling tools for security analysis and a code generator to produce code for the sel4 platform from aadl models. Software Architecture 2016
CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

July 8, 2016 • Book

By David W. White , Julia H. Allen , Richard A. Caralli

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
DOWNLOAD in this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities. Resilience Management Model (RMM),Cyber Risk and Resilience Management 2016
SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)

June 30, 2016 • CERT Research Report

By None

In this online download, the CERT Secure Coding Team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives.
DOWNLOAD in this online download, the cert secure coding team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives. Tools,Secure Development,Secure Coding 2016
Report Writer and Security Requirements Finder: User and Admin Manuals

June 7, 2016 • Special Report

By Nancy R. Mead , Anand Sankalp (Carnegie Mellon University) , Gupta Anurag (Carnegie Mellon) , Priyam Swati (Carnegie Mellon University) , Yaobin Wen (Carnegie Mellon University) , Walid El Baroni (Carnegie Mellon University)

This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
DOWNLOAD this report presents instructions for using the malware-driven overlooked requirements (more) website applications. Tools,Software Assurance,Reverse Engineering for Malware Analysis 2016
Error Model Version 2

June 1, 2016 • Software

By None

The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.
DOWNLOAD the error model annex, version 2 (emv2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the osate toolset. Software Architecture 2016
gbtl

May 16, 2016 • Software

By None

gbtl is a library that provides GraphBLAS API in C++ and common graph algorithms built on top of it.
DOWNLOAD gbtl is a library that provides graphblas api in c++ and common graph algorithms built on top of it. Tools,Mission Assurance,Data Modeling and Analytics 2016
CERT Resilience Management Model (CERT-RMM) Version 1.2

February 15, 2016 • Handbook

By None

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
DOWNLOAD cert-rmm, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience. Tools,Cyber Risk and Resilience Management,Resilience Management Model (RMM),Cybersecurity 2016
CERT netsa-python

December 22, 2015 • Software

By None

The netsa-python library is a collection of Python routines and frameworks to use when developing analyses using the SiLK toolkit.
DOWNLOAD the netsa-python library is a collection of python routines and frameworks to use when developing analyses using the silk toolkit. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015
CERT iSiLK

December 22, 2015 • Software

By None

iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.
DOWNLOAD isilk is a graphical front-end for the silk tools, designed to work with an existing installation of the silk analysis suite. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015
bgpuma

December 9, 2015 • Software

By None

bgpuma is a tool that looks through BGP update files quickly to find direct matches for CIDR blocks and CIDR blocks that contain the initial set and are contained by …
DOWNLOAD bgpuma is a tool that looks through bgp update files quickly to find direct matches for cidr blocks and cidr blocks that contain the initial set and are contained by the initial set. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2015
QuaBaseBD

November 9, 2015 • Software

By None

QuABaseBD is a linked collection of computer science and software engineering knowledge used specifically for designing big data systems with NoSQL databases.
DOWNLOAD quabasebd is a linked collection of computer science and software engineering knowledge used specifically for designing big data systems with nosql databases. Tools,Big Data,software engineering and information assurance,Software Architecture 2015
CERT Orcus

October 2, 2015 • Software

By None

Orcus is a system for analyzing passively-collected DNS information. It includes a capability for analyzing all DNS information that has been seen (the “resource record database”), as well as a …
DOWNLOAD orcus is a system for analyzing passively-collected dns information. it includes a capability for analyzing all dns information that has been seen (the “resource record database”), as well as a faster name-to-address mapping with daily resolution (the “na Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015
Spacer

September 16, 2015 • Software

By None

Spacer is an algorithmic framework for SMT-based software model checking using proofs and counterexamples.
DOWNLOAD spacer is an algorithmic framework for smt-based software model checking using proofs and counterexamples. Tools,Cybersecurity,Reverse Engineering for Malware Analysis 2015
MZSRM

September 4, 2015 • Software

By None

MZSRM is a zero-slack rate monotonic scheduler that has been simplified for verification.
DOWNLOAD mzsrm is a zero-slack rate monotonic scheduler that has been simplified for verification. Tools,Cyber-Physical Systems,Autonomy and Counter-Autonomy 2015
ERACES

August 22, 2015 • Software

By None

ERACES is a collection of methods and tools for reducing complexity in software models.
DOWNLOAD eraces is a collection of methods and tools for reducing complexity in software models. Tools,software engineering and information assurance,Software Architecture 2015
KD-Cloudlet

August 11, 2015 • Software

By None

Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.
DOWNLOAD cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based. software engineering and information assurance,Tools,Pervasive Mobile Computing,Edge Computing 2015
Rosecheckers

July 11, 2015 • Software

By None

Rosecheckers is a tool that performs static analysis on C/C++ source files to enforce the rules in the CERT C Coding Standard.
DOWNLOAD rosecheckers is a tool that performs static analysis on c/c++ source files to enforce the rules in the cert c coding standard. Secure Coding,Tools,software engineering and information assurance,Cybersecurity,Secure Development 2015
Architecture Analysis and Design Language (AADL) Tool

June 15, 2015 • Software

By None

AADL provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle.
DOWNLOAD aadl provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle. Tools,software engineering and information assurance,Software Architecture 2015
CERT Dranzer

June 1, 2015 • Software

By None

Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls.
DOWNLOAD dranzer is a tool that enables users to examine effective techniques for fuzz testing activex controls. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2015
GDB 'Exploitable' Plugin

April 15, 2015 • Software

By Jonathan Foote

The GDB 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects.
DOWNLOAD the gdb 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects. Security Vulnerabilities 2015
DidFail

March 15, 2015 • Software

By None

DidFail uses static analysis to detect potential leaks of sensitive information within a set of Android apps.
DOWNLOAD didfail uses static analysis to detect potential leaks of sensitive information within a set of android apps. Secure Coding,Tools,software engineering and information assurance,Cybersecurity,Secure Development 2015
MCDA

March 14, 2015 • Software

By None

MCDA formally verifies the correctness, safety or other critical properties of distributed algorithm implementations before they are deployed.
DOWNLOAD mcda formally verifies the correctness, safety or other critical properties of distributed algorithm implementations before they are deployed. Tools,Cyber-Physical Systems,Autonomy and Counter-Autonomy 2015
CERT Prism

December 23, 2014 • Software

By None

Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool.
DOWNLOAD prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by silk's rwfilter tool. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2014
Introduction to the Security Engineering Risk Analysis (SERA) Framework

December 4, 2014 • Technical Note

By Carol Woody , Christopher J. Alberts , Audrey J. Dorofee

This report introduces the SERA Framework, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
DOWNLOAD this report introduces the sera framework, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. Cybersecurity Engineering 2014
Compiler-Enforced Buffer Overflow Elimination

November 11, 2014 • Software

By None

This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.
DOWNLOAD this tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis. Secure Coding,Tools,software engineering and information assurance,Cybersecurity,Secure Development 2014
OSATE

October 31, 2014 • Software

By None

OSATE is an open-source tool platform to support AADL.
DOWNLOAD osate is an open-source tool platform to support aadl. Tools,software engineering and information assurance,Software Architecture 2014
CERT Stix2Cif

June 24, 2014 • Software

By None

CERT Stix2Cif parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files and feeds them to CIF.
DOWNLOAD cert stix2cif parses stix/cybox documents into json cif feed files with corresponding configuration files and feeds them to cif. Situational Awareness,Tools 2014
CERT Triage Tools

May 5, 2014 • Software

By None

CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named 'exploitable' that classify Linux application defects by severity.
DOWNLOAD cert triage tools consist of a triage script and a gnu debugger (gdb) extension named 'exploitable' that classify linux application defects by severity. Tools,Security Vulnerabilities 2014
CERT Cif2Stix

February 14, 2014 • Software

By None

CERT Cif2Stix is a plug-in for CIF that takes JSON object or file inputs and outputs STIX/CyBox documents.
DOWNLOAD cert cif2stix is a plug-in for cif that takes json object or file inputs and outputs stix/cybox documents. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2014
CERT Rayon

December 17, 2013 • Software

By None

CERT Rayon is a Python library and set of tools that generates basic two-dimensional statistical visualizations.
DOWNLOAD cert rayon is a python library and set of tools that generates basic two-dimensional statistical visualizations. Tools,Data Modeling and Analytics,Cybersecurity,Situational Awareness 2013
Controls Systems Code Samples Download

November 15, 2013 • Software

By None

The Controls Systems Code Samples help an organization protect text-based intellectual property, including source code repositories.
DOWNLOAD the controls systems code samples help an organization protect text-based intellectual property, including source code repositories. Tools,Insider Threat,Cybersecurity 2013
SQUARE Instructional Materials

October 2, 2013 • Educational Material

By None

SQUARE instructional materials are designed for teaching the SQUARE method.
DOWNLOAD square instructional materials are designed for teaching the square method. Tools,software engineering and information assurance,Cybersecurity,Cybersecurity Engineering,SQUARE 2013
Introduction to the Mission Thread Workshop

October 1, 2013 • Technical Report

By Timothy Morrow , Michael J. Gagliardi , William Wood

This report introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. It describes the three phases of the workshop …
DOWNLOAD this report introduces the mission thread workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. it describes the three phases of the workshop and explains the steps of each. Tools,System of Systems,Software Architecture 2013
CERT FOE

September 23, 2013 • Software

By None

Failure Observation Engine (FOE) is a mutational file-based fuzz testing tool for finding defects in applications that run on the Windows platform.
DOWNLOAD failure observation engine (foe) is a mutational file-based fuzz testing tool for finding defects in applications that run on the windows platform. Tools,Security Vulnerabilities 2013
CERT JIRA Plugins

April 25, 2013 • Software

By None

CERT JIRA Plugins consist of Automated Task Creator, Email Attachment Handler, and Common Code.
DOWNLOAD cert jira plugins consist of automated task creator, email attachment handler, and common code. Tools,Digital Intelligence and Investigation,Cybersecurity 2013
SMART Materials

February 14, 2013 • Educational Material

By None

SMART materials help organizations make better decisions on their paths to adopting a service-oriented architecture.
DOWNLOAD smart materials help organizations make better decisions on their paths to adopting a service-oriented architecture. Tools,software engineering and information assurance,Software Architecture 2013
A Framework for Software Product Line Practice, Version 5.0

December 31, 2012 • White Paper

By Felix Bachmann , Paul C. Clements , Gary Chastek , John K. Bergey , Robert W. Krut, Jr. , Patrick Donohoe , Sholom G. Cohen , Reed Little , Linda M. Northrop , John McGregor , Lawrence G. Jones , Liam O'Brien

This document describes the activities and practices in which an organization must be competent before it can benefit from fielding a product line of software systems.
DOWNLOAD this document describes the activities and practices in which an organization must be competent before it can benefit from fielding a product line of software systems. Software Product Lines,Tools,Software Architecture 2012
Secure Coding Validation Suite

December 12, 2012 • Software

By None

The Secure Coding Validation Suite is a tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961.
DOWNLOAD the secure coding validation suite is a tool that performs a set of tests to validate the rules defined in iso technical specification 17961. Secure Coding,Tools,software engineering and information assurance,Cybersecurity,Secure Development 2012
Source Code Analysis Laboratory (SCALe)

April 1, 2012 • Technical Note

By Will Dormann , David Svoboda , Robert W. Stoddard , Robert C. Seacord , James McCurley , Jefferson Welch , Philip Miller

In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.
DOWNLOAD in this report, the authors describe the cert program's source code analysis laboratory (scale), a conformance test against secure coding standards. Tools,Secure Development,Secure Coding 2012
Mission Risk Diagnostic (MRD) Method Description

February 1, 2012 • Technical Note

By Audrey J. Dorofee , Christopher J. Alberts

In this report, the authors describe the Mission Risk Diagnostic (MRD) method, which is used to assess risk in systems across the lifecycle and supply chain.
DOWNLOAD in this report, the authors describe the mission risk diagnostic (mrd) method, which is used to assess risk in systems across the lifecycle and supply chain. Tools,Measurement and Analysis,Cybersecurity Engineering 2012
Smart Grid Maturity Model Assets Collection (SGMM), Version 1.2

January 31, 2012 • None

By None

These are the assets related to version 1.2 of the Smart Grid Maturity Model.
DOWNLOAD these are the assets related to version 1.2 of the smart grid maturity model. Tools,Smart Grid Maturity Model 2012
CERT SQUARE for Privacy (P-SQUARE)

January 5, 2012 • Software

By None

P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.
DOWNLOAD p-square was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of square. Tools,software engineering and information assurance,Cybersecurity,Cybersecurity Engineering,SQUARE 2012
CERT IPA

September 1, 2011 • Software

By None

CERT IPA is an IP address annotation system that provides a repository of IP address information and related tools for accessing the data.
DOWNLOAD cert ipa is an ip address annotation system that provides a repository of ip address information and related tools for accessing the data. Tools,Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2011
CERT SQUARE for Acquisition (A-SQUARE)

August 24, 2011 • Software

By None

SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.
DOWNLOAD square-a is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases. Tools,software engineering and information assurance,Cybersecurity,Cybersecurity Engineering,SQUARE 2011
Measurement and Analysis Infrastructure Diagnostic, Version 1.0: Method Definition Document

August 1, 2010 • Technical Report

By Mark Kasunic

This 2010 report is a guidebook for conducting a Measurement and Analysis Infrastructure Diagnostic (MAID) evaluation.
DOWNLOAD this 2010 report is a guidebook for conducting a measurement and analysis infrastructure diagnostic (maid) evaluation. Tools,Measurement and Analysis 2010
As-If Infinitely Ranged Integer Model, Second Edition

April 1, 2010 • Technical Note

By Will Dormann , Robert C. Seacord , David Keaton , David Svoboda , Thomas Plum (Plum Hall, Inc.) , Alex Volkovitsky , Timothy Wilson , Roger Dannenberg (School of Computer Science, Carnegie Mellon University)

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
DOWNLOAD in this report, the authors present the as-if infinitely ranged (air) integer model, a mechanism for eliminating integral exceptional conditions. Tools,Secure Development,Secure Coding 2010
Measurement and Analysis Infrastructure Diagnostic (MAID) Evaluation Criteria, Version 1.0

December 1, 2009 • Technical Report

By Software Engineering Measurement and Analysis (SEMA) Group

This 2009 report presents the criteria used during a MAID evaluation that serve as a checklist to rate the quality of an organization's measurement and analysis practices and the quality …
DOWNLOAD this 2009 report presents the criteria used during a maid evaluation that serve as a checklist to rate the quality of an organization's measurement and analysis practices and the quality of the measurement information that results from the implementation of those practices. Process Improvement,Tools,Measurement and Analysis 2009
SMART: Analyzing the Reuse Potential of Legacy Components in a Service-Oriented Architecture Environment

June 1, 2008 • Technical Note

By Dennis B. Smith , Soumya Simanta , Edwin J. Morris , Grace Lewis

Is legacy system migration feasible for your organization as a means of SOA adoption? The Service Migration and Reuse Technique (SMART) assists an organization in determining what to migrate, the …
DOWNLOAD is legacy system migration feasible for your organization as a means of soa adoption? the service migration and reuse technique (smart) assists an organization in determining what to migrate, the steps needed, and the costs involved. Tools,System of Systems,Service-Oriented Architecture 2008
Copper

May 23, 2007 • Software

By None

Copper is a software model checker that can be used to verify whether a concurrent C program satisfies its safety, reliability, or security requirements.
DOWNLOAD copper is a software model checker that can be used to verify whether a concurrent c program satisfies its safety, reliability, or security requirements. Tools,software engineering and information assurance,Predictability by Construction 2007
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

May 1, 2007 • Technical Report

By William R. Wilson , James F. Stevens , Richard A. Caralli , Lisa R. Young

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
DOWNLOAD in this 2007 report, the authors highlight the design considerations and requirements for octave allegro based on field experience. Tools,Cyber Risk and Resilience Management,OCTAVE 2007
Attribute-Driven Design (ADD), Version 2.0

November 1, 2006 • Technical Report

By Len Bass , Robert Wojcik , Paul C. Clements , Felix Bachmann , Robert Nord , William Wood , Paulo Merson

This report revises the steps of the Attribute-Driven Design (ADD) method and offers practical guidelines for carrying out each step.
DOWNLOAD this report revises the steps of the attribute-driven design (add) method and offers practical guidelines for carrying out each step. Tools,Software Architecture 2006
Acquisition Strategy Development Tool

August 15, 2006 • Software

By None

The Acquisition Strategy Development Tool is a customized Excel workbook that helps acquisition planners work through their method and techniques.
DOWNLOAD the acquisition strategy development tool is a customized excel workbook that helps acquisition planners work through their method and techniques. Tools,Data Modeling and Analytics,Acquisition 2006
Views and Beyond Documentation Template

February 6, 2006 • Educational Material

By None

A Microsoft Word template for a software architecture document is available for free download.
DOWNLOAD a microsoft word template for a software architecture document is available for free download. Tools,Software Architecture 2006
Quality Attribute Workshops (QAWs), Third Edition

October 1, 2003 • Technical Report

By William Wood , Charles Weinstock , Judith A. Stafford , Robert J. Ellison , Anthony J. Lattanze , Mario R. Barbacci

This report describes the newly revised QAW (Quality Attribute Workshop) and describes potential uses of the refined scenarios generated during it.
DOWNLOAD this report describes the newly revised qaw (quality attribute workshop) and describes potential uses of the refined scenarios generated during it. Tools,Software Architecture 2003
Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation

September 1, 2003 • Technical Report

By David J. Carney , Patrick R. Place , Edwin J. Morris

This 2003 report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE).
DOWNLOAD this 2003 report describes the development of an approach to reduce the number of program failures attributable to cots software: the cots usage risk evaluation (cure). Tools,Acquisition 2003
Active Reviews for Intermediate Designs

August 1, 2000 • Technical Note

By Paul C. Clements

This 2000 technical note describes Active Review for Intermediate Designs (ARID), a piloted software design review technique.
DOWNLOAD this 2000 technical note describes active review for intermediate designs (arid), a piloted software design review technique. Tools,Software Architecture 2000
ATAM: Method for Architecture Evaluation

August 1, 2000 • Technical Report

By Paul C. Clements , Rick Kazman , Mark H. Klein

This report presents technical and organizational foundations for performing architectural analysis, and presents the SEI's ATAM, a technique for analyzing software architectures.
DOWNLOAD this report presents technical and organizational foundations for performing architectural analysis, and presents the sei's atam, a technique for analyzing software architectures. Tools,Software Architecture 2000
Goal-Driven Software Measurement: A Guidebook

August 1, 1996 • Handbook

By Robert E. Park

The materials in this 1996 guidebook are designed to help you identify, select, define, and implement software measures to support your business goals.
DOWNLOAD the materials in this 1996 guidebook are designed to help you identify, select, define, and implement software measures to support your business goals. Tools 1996

Software Engineering Institute

Software and Tools

Forges & Communities

Filter by

Simulating Realistic Human Activity Using Large Language Model Directives

October 2, 2023 • Technical Report

By Dustin D. Updyke , Thomas G. Podnar , Sean Huff

CERT NetSA Security Suite

October 1, 2023 • Software

By None

SCALe

July 14, 2023 • Software

By None

Mothra

June 15, 2022 • Software

By None

DevSecOps Platform Independent Model (PIM)

May 1, 2022 • Handbook

By Carol Woody , Joe Yankel , Aaron K. Reffett , Nataliya Shevchenko , Lyndsi A. Hughes , Timothy A. Chick , Mary Popeck , Brent Frye

Juneberry

March 1, 2022 • Software

By None

Software Assurance Guidance and Evaluation (SAGE) Tool

May 3, 2021 • White Paper

By Ebonie McNeil , Hasan Yasar , Luiz Antunes , Robert Schiela

CERT Kaiju

March 16, 2021 • Software

By None

Overview of Practices and Processes of the CMMC 1.0 Assessment Guides (CMMC 1.0)

March 3, 2021 • White Paper

By Douglas Gardner

Mission-Based Prioritization Tool (Coded)

November 4, 2020 • Software

By None

Mission-Based Prioritization Tool (Code Free)

November 4, 2020 • Software

By None

KalKi Platform Main Repository

July 22, 2020 • Software

By Sebastián Echeverría

SEI-ACE

April 13, 2020 • Software

By Sebastián Echeverría , Grace Lewis

SEI CERT Coding Standards Wiki

April 1, 2020 • Handbook

By None

Crucible

April 1, 2020 • Software

By None

DSOI-ALL / devops-microcosm

March 2, 2020 • Software

By None

CWD Tools for Improving Cyber Simulations

February 1, 2020 • None

By None

IRL Demo

January 1, 2020 • Software

By None

SCAIFE-API YAML Specification

June 14, 2019 • Software

By None

Artificial Intelligence and Cyber Intelligence: An Implementation Guide

May 22, 2019 • Educational Material

By None

Foundry

March 1, 2019 • Software

By None

GHOSTS

January 31, 2019 • Software

By None

Infrastructure as Code: Final Report

January 28, 2019 • White Paper

By John Klein , Doug Reynolds

TopoMojo

December 3, 2018 • Software

By None

Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool

November 16, 2018 • Dataset

By None

WELLE-D