Software Engineering Institute

Results of ChatGPT Analysis of Java and C++

October 22, 2024 • Dataset

By David Schulker

Results of 2024 analysis of CERT Secure Coding Rules for C++ and Java with ChatGPT 3.5 and ChatGPT-4o.

DOWNLOAD results of 2024 analysis of cert secure coding rules for c++ and java with chatgpt 3.5 and chatgpt-4o. 2024

Collection of Static Analysis Assets

September 9, 2024 • Collection

By None

This collection contains materials on SEI’s research regarding how to improve alert systems in static analysis tools as well as the automation of these tools.

DOWNLOAD this collection contains materials on sei’s research regarding how to improve alert systems in static analysis tools as well as the automation of these tools. Static Analysis 2024

Capability-Based Software Cost Estimation (CaBSCE)

September 4, 2024

By None

The SEI is developing the Capability-Based Software Cost Estimation method to modernize cost estimation practices by aligning them with Agile and DevSecOps.

DOWNLOAD the sei is developing the capability-based software cost estimation method to modernize cost estimation practices by aligning them with agile and devsecops. DevSecOps,Agile,Acquisition 2024

TEC ML Mismatch Detection Tool

August 26, 2024 • Software

By The Software Engineering Institute

The TEC tool compares information across descriptors and flags any mismatches or missing information.

DOWNLOAD the tec tool compares information across descriptors and flags any mismatches or missing information. 2024

Redemption: Automated Repair of Static Analysis Alerts

May 3, 2024 • Software

By None

The Redemption tool makes automated repairs to C and C++ source code based on defect alerts produced by static-analysis tools.

DOWNLOAD the redemption tool makes automated repairs to c and c++ source code based on defect alerts produced by static-analysis tools. Secure Coding,Cybersecurity Engineering 2024

CERT NetSA Security Suite

October 1, 2023 • Software

By None

The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.

DOWNLOAD the network situational awareness (netsa) group at cert has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. Situational Awareness 2023

SCALe

July 14, 2023 • Software

By None

SCALe is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the SEI’s research projects.

DOWNLOAD scale is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the sei’s research projects. Secure Coding,Secure Development 2023

Alert Type Frequency Assessment of Open-Source Static Analysis Tools and Codebases

June 9, 2023 • Dataset

By Lori Flynn , David Svoboda , William Klieber

This dataset includes all the data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases.

DOWNLOAD this dataset includes all the data needed to replicate and validate our frequency analysis of static analysis (sa) alerts produced using open-source sa tools on several oss codebases. Static Analysis 2023

Mothra

June 15, 2022 • Software

By None

Mothra is a collection of libraries and tools for working with network flow data in the Apache Spark large-scale data analytics engine.

DOWNLOAD mothra is a collection of libraries and tools for working with network flow data in the apache spark large-scale data analytics engine. Network Situational Awareness 2022

Juneberry

March 1, 2022 • Software

By None

Juneberry automates the training, evaluation, and comparison of multiple ML models against multiple datasets.

DOWNLOAD juneberry automates the training, evaluation, and comparison of multiple ml models against multiple datasets. Artificial Intelligence Engineering,Machine Learning 2022

CERT Kaiju

March 16, 2021 • Software

By None

CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite.

DOWNLOAD cert kaiju is a binary analysis framework extension for the ghidra software reverse engineering suite. Reverse Engineering for Malware Analysis,Malware Analysis 2021

Mission-Based Prioritization Tool (Coded)

November 4, 2020 • Software

By None

An alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of Visual Basic code that creates a tab containing the sorted …

DOWNLOAD an alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of visual basic code that creates a tab containing the sorted prioritized list and a tab containing features grouped parameters. 2020

Mission-Based Prioritization Tool (Code Free)

November 4, 2020 • Software

By None

A no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted.

DOWNLOAD a no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted. 2020

KalKi Platform Main Repository

July 22, 2020 • Software

By Sebastián Echeverría

KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.

DOWNLOAD kalki is an iot platform for allowing untrusted iot devices to connect to a network in a secure way, protecting both the iot device and the network from malicious attackers. Cloud Computing 2020

SEI-ACE

April 13, 2020 • Software

By Grace Lewis , Sebastián Echeverría

SEI-ACE is an extension of the ACE Working Group proposal to support authentication and authorization of devices in disadvantaged environments.

DOWNLOAD sei-ace is an extension of the ace working group proposal to support authentication and authorization of devices in disadvantaged environments. Edge Computing,Cloud Computing 2020

Crucible

April 1, 2020 • Software

By None

Crucible is a modular framework for creating, deploying, and managing virtual environments to support training, education, and exercises.

DOWNLOAD crucible is a modular framework for creating, deploying, and managing virtual environments to support training, education, and exercises. 2020

DSOI-ALL / devops-microcosm

March 2, 2020 • Software

By None

This GitHub guide provides hands-on guidance to build a DevSecOps pipeline.

DOWNLOAD this github guide provides hands-on guidance to build a devsecops pipeline. 2020

CWD Tools for Improving Cyber Simulations

February 1, 2020 • Collection

By None

Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each one.

DOWNLOAD download the open source software tools that the sei developed to create realistic cyber simulations or access information to learn more about each one. 2020

IRL Demo

January 1, 2020 • Software

By None

The IRL demo is an interactive demonstration of Maximum Causal Entropy Inverse Reinforcement Learning (MCEIRL).

DOWNLOAD the irl demo is an interactive demonstration of maximum causal entropy inverse reinforcement learning (mceirl). Artificial Intelligence Engineering,Machine Learning 2020

SCAIFE-API YAML Specification

June 14, 2019 • Software

By None

The YAML file specifies the SCAIFE-API definition in a format developers can use to view, modify, and automatically generate code from.

DOWNLOAD the yaml file specifies the scaife-api definition in a format developers can use to view, modify, and automatically generate code from. Secure Development,Secure Coding 2019

Foundry

March 1, 2019 • Software

By None

Foundry is a training asset management portal that organizations can customize to meet unique training needs and that training providers can share content on.

DOWNLOAD foundry is a training asset management portal that organizations can customize to meet unique training needs and that training providers can share content on. Cyber Workforce Development 2019

GHOSTS

January 31, 2019 • Software

By None

GHOSTS is a non-player character (NPC) orchestration generator that creates a range of realistic characters who produce network traffic that appears authentic.

DOWNLOAD ghosts is a non-player character (npc) orchestration generator that creates a range of realistic characters who produce network traffic that appears authentic. Cyber Workforce Development 2019

TopoMojo

December 3, 2018 • Software

By None

TopoMojo is a topology build and management tool that provides users with the same functionality and connectivity they would experience with real, physical devices.

DOWNLOAD topomojo is a topology build and management tool that provides users with the same functionality and connectivity they would experience with real, physical devices. Cyber Workforce Development 2018

Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool

November 16, 2018 • Dataset

By None

This archive contains the source code of the ACTIVE tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design.

DOWNLOAD this archive contains the source code of the active tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design. 2018

WELLE-D

November 15, 2018 • Software

By None

WELLE-D is a wireless traffic transport for wired networks that you can use to create a realistic, virtual wireless network environment.

DOWNLOAD welle-d is a wireless traffic transport for wired networks that you can use to create a realistic, virtual wireless network environment. Cyber Workforce Development 2018

vTunnel

October 22, 2018 • Software

By None

vTunnel is a traffic proxy between guest and host networks that allows certain network activity, such as scoring mechanisms, to remain hidden from trainees.

DOWNLOAD vtunnel is a traffic proxy between guest and host networks that allows certain network activity, such as scoring mechanisms, to remain hidden from trainees. Cyber Workforce Development 2018

Analysis Pipeline

June 1, 2018 • Software

By None

The Analysis Pipeline supports inspection of flow records as they are created.

DOWNLOAD the analysis pipeline supports inspection of flow records as they are created. FloCon,Cybersecurity,Situational Awareness 2018

CERT Vulnerability Data Archive and Tools

March 5, 2018 • Dataset

By Allen D. Householder

CERT archive of non-sensitive vulnerability information in the vulnerability reports database.

DOWNLOAD cert archive of non-sensitive vulnerability information in the vulnerability reports database. Security Vulnerabilities 2018

TopGen

November 22, 2017 • Software

By None

TopGen is a virtualized application service simulator for offline exercise and training networks.

DOWNLOAD topgen is a virtualized application service simulator for offline exercise and training networks. Cyber Workforce Development 2017

GreyBox

November 22, 2017 • Software

By None

GreyBox is a single-host Internet emulator that delivers the experience of connecting to the real Internet so you can avoid the risks of connecting to live systems in your training …

DOWNLOAD greybox is a single-host internet emulator that delivers the experience of connecting to the real internet so you can avoid the risks of connecting to live systems in your training environment. Cyber Workforce Development 2017

SeaHorn

November 12, 2017 • Software

By None

SeaHorn is an automated analysis framework for LLVM-based languages.

DOWNLOAD seahorn is an automated analysis framework for llvm-based languages. software engineering and information assurance,Software Architecture 2017

CERT Linux Forensics Tools Repository

November 10, 2017 • Software

By None

The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.

DOWNLOAD the cert linux forensics tools repository provides many useful packages for cyber forensics acquisition and analysis practitioners. Digital Intelligence and Investigation,Cybersecurity 2017

CERT YAF

November 8, 2017 • Software

By None

YAF, Yet Another Flowmeter, processes packet data from PCAP(3) dump files and exports the flows to IPFIX Collecting Processes or an IPFIX-based file format.

DOWNLOAD yaf, yet another flowmeter, processes packet data from pcap(3) dump files and exports the flows to ipfix collecting processes or an ipfix-based file format. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

CERT fixbuf

November 7, 2017 • Software

By None

CERT fixbuf is a compliant implementation of the IPFIX Protocol.

DOWNLOAD cert fixbuf is a compliant implementation of the ipfix protocol. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

CERT super_mediator

October 19, 2017 • Software

By None

CERT super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.

DOWNLOAD cert super_mediator is an ipfix mediator for use with the yaf and silk tools. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

MADARA

October 12, 2017 • Software

By None

MADARA is general-purpose middleware used for distributed timing, control, knowledge and reasoning, and quality-of-service.

DOWNLOAD madara is general-purpose middleware used for distributed timing, control, knowledge and reasoning, and quality-of-service. Cyber-Physical Systems,Autonomy and Counter-Autonomy 2017

GAMS

September 26, 2017 • Software

By None

GAMS is a distributed operating environment that controls one or more unmanned autonomous systems (UAS).

DOWNLOAD gams is a distributed operating environment that controls one or more unmanned autonomous systems (uas). Pervasive Mobile Computing,software engineering and information assurance 2017

Pharos

September 21, 2017 • Software

By None

Pharos is a static binary analysis framework that facilitates the automated analysis of binary programs.

DOWNLOAD pharos is a static binary analysis framework that facilitates the automated analysis of binary programs. Cybersecurity,Reverse Engineering for Malware Analysis 2017

CLANG

September 7, 2017 • Software

By None

CERT Thread Safety Analysis in Clang is a tool that uses annotations to declare and enforce thread safety policies in C and C++ programs.

DOWNLOAD cert thread safety analysis in clang is a tool that uses annotations to declare and enforce thread safety policies in c and c++ programs. Secure Coding,software engineering and information assurance,Cybersecurity,Secure Development 2017

Clang-Tidy

September 7, 2017 • Software

By None

Clang-Tidy is Clang-based C++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors.

DOWNLOAD clang-tidy is clang-based c++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors. Secure Development,Secure Coding 2017

Big Grep

August 11, 2017 • Software

By None

BigGrep is a tool used to index and search a large corpus of binary files and uses a probabilistic N-gram based approach to balance index size and search speed.

DOWNLOAD biggrep is a tool used to index and search a large corpus of binary files and uses a probabilistic n-gram based approach to balance index size and search speed. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2017

CERT Tapioca

July 12, 2017 • Software

By None

CERT Tapioca is a network-layer MITM proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including HTTP and HTTPS.

DOWNLOAD cert tapioca is a network-layer mitm proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including http and https. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2017

CERT SiLK IPset

June 29, 2017 • Software

By None

CERT SiLK IPset can be used to build and manipulate IPset files.

DOWNLOAD cert silk ipset can be used to build and manipulate ipset files. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

CERT SiLK

June 29, 2017 • Software

By None

SiLK is a collection of traffic analysis tools used to facilitate security analysis of large networks.

DOWNLOAD silk is a collection of traffic analysis tools used to facilitate security analysis of large networks. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

CERT pyfixbuf

March 28, 2017 • Software

By None

CERT pyfixbuf is a Python API for libfixbuf that can be used to write applications that collect and export IPFIX.

DOWNLOAD cert pyfixbuf is a python api for libfixbuf that can be used to write applications that collect and export ipfix. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

CERT snarf

March 9, 2017 • Software

By None

CERT snarf is a distributed alert reporting system that sends send network alert messages.

DOWNLOAD cert snarf is a distributed alert reporting system that sends send network alert messages. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2017

Nabu

January 9, 2017 • Software

By None

Nabu is a tool based on the work of NetSimile used for parsing, constructing, and comparing the structural graphs of a large collection of PDF documents.

DOWNLOAD nabu is a tool based on the work of netsimile used for parsing, constructing, and comparing the structural graphs of a large collection of pdf documents. Cybersecurity,Reverse Engineering for Malware Analysis 2017

PDFrankenstein

January 9, 2017 • Software

By None

PDFrankenstein is a Python tool for bulk malicious PDF feature extraction.

DOWNLOAD pdfrankenstein is a python tool for bulk malicious pdf feature extraction. Cybersecurity,Reverse Engineering for Malware Analysis 2017

Insider Threat Test Dataset

November 28, 2016 • Dataset

By None

The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.

DOWNLOAD the insider threat test dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data. Insider Threat,Cybersecurity 2016

DMPLC

October 26, 2016 • Software

By None

DMPLC is the compiler for the DART Modeling and Programming Language (DMPL).

DOWNLOAD dmplc is the compiler for the dart modeling and programming language (dmpl). Cyber-Physical Systems,Autonomy and Counter-Autonomy 2016

DART

October 24, 2016 • Software

By None

DART combines model-driven development with evidence-generating analysis for engineering high-assurance software.

DOWNLOAD dart combines model-driven development with evidence-generating analysis for engineering high-assurance software. Cyber-Physical Systems,Autonomy and Counter-Autonomy 2016

CERT BFF

October 5, 2016 • Software

By None

CERT BFF is a software-testing tool that finds defects in applications that run on Microsoft Windows, Linux, Mac OS X, and other unix-like platforms.

DOWNLOAD cert bff is a software-testing tool that finds defects in applications that run on microsoft windows, linux, mac os x, and other unix-like platforms. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2016

Automated Assurance of Security Policy Enforcement (AASPE)

August 3, 2016 • Software

By None

AASPE is a set of modeling tools for security analysis and a code generator to produce code for the seL4 platform from AADL models.

DOWNLOAD aaspe is a set of modeling tools for security analysis and a code generator to produce code for the sel4 platform from aadl models. Software Architecture 2016

Error Model Version 2

June 1, 2016 • Software

By None

The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.

DOWNLOAD the error model annex, version 2 (emv2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the osate toolset. Software Architecture 2016

gbtl

May 16, 2016 • Software

By None

gbtl is a library that provides GraphBLAS API in C++ and common graph algorithms built on top of it.

DOWNLOAD gbtl is a library that provides graphblas api in c++ and common graph algorithms built on top of it. Mission Assurance,Data Modeling and Analytics 2016

CERT netsa-python

December 22, 2015 • Software

By None

The netsa-python library is a collection of Python routines and frameworks to use when developing analyses using the SiLK toolkit.

DOWNLOAD the netsa-python library is a collection of python routines and frameworks to use when developing analyses using the silk toolkit. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015

CERT iSiLK

December 22, 2015 • Software

By None

iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.

DOWNLOAD isilk is a graphical front-end for the silk tools, designed to work with an existing installation of the silk analysis suite. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015

bgpuma

December 9, 2015 • Software

By None

bgpuma is a tool that looks through BGP update files quickly to find direct matches for CIDR blocks and CIDR blocks that contain the initial set and are contained by …

DOWNLOAD bgpuma is a tool that looks through bgp update files quickly to find direct matches for cidr blocks and cidr blocks that contain the initial set and are contained by the initial set. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2015

QuaBaseBD

November 9, 2015 • Software

By None

QuABaseBD is a linked collection of computer science and software engineering knowledge used specifically for designing big data systems with NoSQL databases.

DOWNLOAD quabasebd is a linked collection of computer science and software engineering knowledge used specifically for designing big data systems with nosql databases. Big Data,software engineering and information assurance,Software Architecture 2015

CERT Orcus

October 2, 2015 • Software

By None

Orcus is a system for analyzing passively-collected DNS information. It includes a capability for analyzing all DNS information that has been seen (the “resource record database”), as well as a …

DOWNLOAD orcus is a system for analyzing passively-collected dns information. it includes a capability for analyzing all dns information that has been seen (the “resource record database”), as well as a faster name-to-address mapping with daily resolution (the “na Data Modeling and Analytics,Cybersecurity,Situational Awareness 2015

Spacer

September 16, 2015 • Software

By None

Spacer is an algorithmic framework for SMT-based software model checking using proofs and counterexamples.

DOWNLOAD spacer is an algorithmic framework for smt-based software model checking using proofs and counterexamples. Cybersecurity,Reverse Engineering for Malware Analysis 2015

MZSRM

September 4, 2015 • Software

By None

MZSRM is a zero-slack rate monotonic scheduler that has been simplified for verification.

DOWNLOAD mzsrm is a zero-slack rate monotonic scheduler that has been simplified for verification. Cyber-Physical Systems,Autonomy and Counter-Autonomy 2015

ERACES

August 22, 2015 • Software

By None

ERACES is a collection of methods and tools for reducing complexity in software models.

DOWNLOAD eraces is a collection of methods and tools for reducing complexity in software models. software engineering and information assurance,Software Architecture 2015

KD-Cloudlet

August 11, 2015 • Software

By None

Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.

DOWNLOAD cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based. software engineering and information assurance,Pervasive Mobile Computing,Edge Computing 2015

Rosecheckers

July 11, 2015 • Software

By None

Rosecheckers is a tool that performs static analysis on C/C++ source files to enforce the rules in the CERT C Coding Standard.

DOWNLOAD rosecheckers is a tool that performs static analysis on c/c++ source files to enforce the rules in the cert c coding standard. Secure Coding,software engineering and information assurance,Cybersecurity,Secure Development 2015

Architecture Analysis and Design Language (AADL) Tool

June 15, 2015 • Software

By None

AADL provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle.

DOWNLOAD aadl provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle. software engineering and information assurance,Software Architecture 2015

CERT Dranzer

June 1, 2015 • Software

By None

Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls.

DOWNLOAD dranzer is a tool that enables users to examine effective techniques for fuzz testing activex controls. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2015

GDB 'Exploitable' Plugin

April 15, 2015 • Software

By Jonathan Foote

The GDB 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects.

DOWNLOAD the gdb 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects. Security Vulnerabilities 2015

DidFail

March 15, 2015 • Software

By None

DidFail uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

DOWNLOAD didfail uses static analysis to detect potential leaks of sensitive information within a set of android apps. Secure Coding,software engineering and information assurance,Cybersecurity,Secure Development 2015

MCDA

March 14, 2015 • Software

By None

MCDA formally verifies the correctness, safety or other critical properties of distributed algorithm implementations before they are deployed.

DOWNLOAD mcda formally verifies the correctness, safety or other critical properties of distributed algorithm implementations before they are deployed. Cyber-Physical Systems,Autonomy and Counter-Autonomy 2015

CERT Prism

December 23, 2014 • Software

By None

Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool.

DOWNLOAD prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by silk's rwfilter tool. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2014

Compiler-Enforced Buffer Overflow Elimination

November 11, 2014 • Software

By None

This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.

DOWNLOAD this tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis. Secure Coding,software engineering and information assurance,Cybersecurity,Secure Development 2014

OSATE

October 31, 2014 • Software

By None

OSATE is an open-source tool platform to support AADL.

DOWNLOAD osate is an open-source tool platform to support aadl. software engineering and information assurance,Software Architecture 2014

CERT Stix2Cif

June 24, 2014 • Software

By None

CERT Stix2Cif parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files and feeds them to CIF.

DOWNLOAD cert stix2cif parses stix/cybox documents into json cif feed files with corresponding configuration files and feeds them to cif. Situational Awareness 2014

CERT Triage Tools

May 5, 2014 • Software

By None

CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named 'exploitable' that classify Linux application defects by severity.

DOWNLOAD cert triage tools consist of a triage script and a gnu debugger (gdb) extension named 'exploitable' that classify linux application defects by severity. Security Vulnerabilities 2014

CERT Cif2Stix

February 14, 2014 • Software

By None

CERT Cif2Stix is a plug-in for CIF that takes JSON object or file inputs and outputs STIX/CyBox documents.

DOWNLOAD cert cif2stix is a plug-in for cif that takes json object or file inputs and outputs stix/cybox documents. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2014

CERT Rayon

December 17, 2013 • Software

By None

CERT Rayon is a Python library and set of tools that generates basic two-dimensional statistical visualizations.

DOWNLOAD cert rayon is a python library and set of tools that generates basic two-dimensional statistical visualizations. Data Modeling and Analytics,Cybersecurity,Situational Awareness 2013

Controls Systems Code Samples Download

November 15, 2013 • Software

By None

The Controls Systems Code Samples help an organization protect text-based intellectual property, including source code repositories.

DOWNLOAD the controls systems code samples help an organization protect text-based intellectual property, including source code repositories. Insider Threat,Cybersecurity 2013

CERT FOE

September 23, 2013 • Software

By None

Failure Observation Engine (FOE) is a mutational file-based fuzz testing tool for finding defects in applications that run on the Windows platform.

DOWNLOAD failure observation engine (foe) is a mutational file-based fuzz testing tool for finding defects in applications that run on the windows platform. Security Vulnerabilities 2013

CERT JIRA Plugins

April 25, 2013 • Software

By None

CERT JIRA Plugins consist of Automated Task Creator, Email Attachment Handler, and Common Code.

DOWNLOAD cert jira plugins consist of automated task creator, email attachment handler, and common code. Digital Intelligence and Investigation,Cybersecurity 2013

Secure Coding Validation Suite

December 12, 2012 • Software

By None

The Secure Coding Validation Suite is a tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961.

DOWNLOAD the secure coding validation suite is a tool that performs a set of tests to validate the rules defined in iso technical specification 17961. Secure Coding,software engineering and information assurance,Cybersecurity,Secure Development 2012

Smart Grid Maturity Model Assets Collection (SGMM), Version 1.2

January 31, 2012 • Collection

By None

These are the assets related to version 1.2 of the Smart Grid Maturity Model.

DOWNLOAD these are the assets related to version 1.2 of the smart grid maturity model. Smart Grid Maturity Model 2012

CERT SQUARE for Privacy (P-SQUARE)

January 5, 2012 • Software

By None

P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.

DOWNLOAD p-square was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of square. software engineering and information assurance,Cybersecurity,Cybersecurity Engineering,SQUARE 2012

CERT IPA

September 1, 2011 • Software

By None

CERT IPA is an IP address annotation system that provides a repository of IP address information and related tools for accessing the data.

DOWNLOAD cert ipa is an ip address annotation system that provides a repository of ip address information and related tools for accessing the data. Security Vulnerabilities,software engineering and information assurance,Cybersecurity 2011

CERT SQUARE for Acquisition (A-SQUARE)

August 24, 2011 • Software

By None

SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.

DOWNLOAD square-a is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases. software engineering and information assurance,Cybersecurity,Cybersecurity Engineering,SQUARE 2011

Copper

May 23, 2007 • Software

By None

Copper is a software model checker that can be used to verify whether a concurrent C program satisfies its safety, reliability, or security requirements.

DOWNLOAD copper is a software model checker that can be used to verify whether a concurrent c program satisfies its safety, reliability, or security requirements. software engineering and information assurance,Predictability by Construction 2007

Acquisition Strategy Development Tool

August 15, 2006 • Software

By None

The Acquisition Strategy Development Tool is a customized Excel workbook that helps acquisition planners work through their method and techniques.

DOWNLOAD the acquisition strategy development tool is a customized excel workbook that helps acquisition planners work through their method and techniques. Data Modeling and Analytics,Acquisition 2006