Software and Tools
Access and download the software, tools, and methods that the SEI creates, tests, refines, and disseminates. Organizations and individuals worldwide use these technologies and management techniques to improve the results of software projects, the quality and behavior of software systems, and the security and survivability of networked systems.
Filter by
-
Collection of Static Analysis Assets
• Collection
By Software Engineering Institute
This collection contains materials related to SEI’s research into ways to improve the handling of static-analysis-generated alerts and experience with the automation of static analysis tooling.
DOWNLOAD -
Capability-Based Software Cost Estimation (CaBSCE)
By Software Engineering Institute
The SEI is developing the Capability-Based Software Cost Estimation method to modernize cost estimation practices by aligning them with Agile and DevSecOps.
DOWNLOAD -
TEC ML Mismatch Detection Tool
• Software
By The Software Engineering Institute
The TEC tool compares information across descriptors and flags any mismatches or missing information.
DOWNLOAD -
Redemption: Automated Repair of Static Analysis Alerts
• Software
By Software Engineering Institute
The Redemption tool makes automated repairs to C and C++ source code based on defect alerts produced by static-analysis tools.
DOWNLOAD -
CERT NetSA Security Suite
• Software
By Software Engineering Institute
The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.
DOWNLOAD -
CERT Kaiju
• Software
By Software Engineering Institute
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite.
DOWNLOAD -
Mission-Based Prioritization Tool (Coded)
• Software
By Software Engineering Institute
An alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of Visual Basic code that creates a tab containing the sorted …
DOWNLOAD -
Mission-Based Prioritization Tool (Code Free)
• Software
By Software Engineering Institute
A no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted.
DOWNLOAD -
KalKi Platform Main Repository
• Software
By Sebastián Echeverría
KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.
DOWNLOAD -
SEI-ACE
• Software
By Sebastián Echeverría , Grace Lewis
SEI-ACE is an extension of the ACE Working Group proposal to support authentication and authorization of devices in disadvantaged environments.
DOWNLOAD -
DSOI-ALL / devops-microcosm
• Software
By Software Engineering Institute
This GitHub guide provides hands-on guidance to build a DevSecOps pipeline.
DOWNLOAD -
CWD Tools for Improving Cyber Simulations
• Collection
By Software Engineering Institute
Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each one.
DOWNLOAD -
SCAIFE-API YAML Specification
• Software
By Software Engineering Institute
The YAML file specifies the SCAIFE-API definition in a format developers can use to view, modify, and automatically generate code from.
DOWNLOAD -
Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool
• Dataset
By Software Engineering Institute
This archive contains the source code of the ACTIVE tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design.
DOWNLOAD -
Analysis Pipeline
• Software
By Software Engineering Institute
The Analysis Pipeline supports inspection of flow records as they are created.
DOWNLOAD -
CERT Vulnerability Data Archive and Tools
• Dataset
By Allen D. Householder
CERT archive of non-sensitive vulnerability information in the vulnerability reports database.
DOWNLOAD -
CERT Linux Forensics Tools Repository
• Software
By Software Engineering Institute
The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.
DOWNLOAD -
CERT fixbuf
• Software
By Software Engineering Institute
CERT fixbuf is a compliant implementation of the IPFIX Protocol.
DOWNLOAD -
CERT super_mediator
• Software
By Software Engineering Institute
CERT super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.
DOWNLOAD -
Clang-Tidy
• Software
By Software Engineering Institute
Clang-Tidy is Clang-based C++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors.
DOWNLOAD -
CERT Tapioca
• Software
By Software Engineering Institute
CERT Tapioca is a network-layer MITM proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including HTTP and HTTPS.
DOWNLOAD -
CERT SiLK IPset
• Software
By Software Engineering Institute
CERT SiLK IPset can be used to build and manipulate IPset files.
DOWNLOAD -
CERT pyfixbuf
• Software
By Software Engineering Institute
CERT pyfixbuf is a Python API for libfixbuf that can be used to write applications that collect and export IPFIX.
DOWNLOAD -
CERT snarf
• Software
By Software Engineering Institute
CERT snarf is a distributed alert reporting system that sends send network alert messages.
DOWNLOAD -
PDFrankenstein
• Software
By Software Engineering Institute
PDFrankenstein is a Python tool for bulk malicious PDF feature extraction.
DOWNLOAD -
Insider Threat Test Dataset
• Dataset
By Software Engineering Institute
The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.
DOWNLOAD -
Automated Assurance of Security Policy Enforcement (AASPE)
• Software
By Software Engineering Institute
AASPE is a set of modeling tools for security analysis and a code generator to produce code for the seL4 platform from AADL models.
DOWNLOAD -
Error Model Version 2
• Software
By Software Engineering Institute
The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.
DOWNLOAD -
CERT netsa-python
• Software
By Software Engineering Institute
The netsa-python library is a collection of Python routines and frameworks to use when developing analyses using the SiLK toolkit.
DOWNLOAD -
CERT iSiLK
• Software
By Software Engineering Institute
iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.
DOWNLOAD -
CERT Orcus
• Software
By Software Engineering Institute
Orcus is a system for analyzing passively-collected DNS information. It includes a capability for analyzing all DNS information that has been seen (the “resource record database”), as well as a …
DOWNLOAD -
KD-Cloudlet
• Software
By Software Engineering Institute
Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.
DOWNLOAD -
Rosecheckers
• Software
By Software Engineering Institute
Rosecheckers is a tool that performs static analysis on C/C++ source files to enforce the rules in the CERT C Coding Standard.
DOWNLOAD -
Architecture Analysis and Design Language (AADL) Tool
• Software
By Software Engineering Institute
AADL provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle.
DOWNLOAD -
CERT Dranzer
• Software
By Software Engineering Institute
Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls.
DOWNLOAD -
GDB 'Exploitable' Plugin
• Software
By Jonathan Foote
The GDB 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects.
DOWNLOAD -
CERT Prism
• Software
By Software Engineering Institute
Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool.
DOWNLOAD -
Compiler-Enforced Buffer Overflow Elimination
• Software
By Software Engineering Institute
This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.
DOWNLOAD -
CERT Stix2Cif
• Software
By Software Engineering Institute
CERT Stix2Cif parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files and feeds them to CIF.
DOWNLOAD -
CERT Triage Tools
• Software
By Software Engineering Institute
CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named 'exploitable' that classify Linux application defects by severity.
DOWNLOAD -
CERT Cif2Stix
• Software
By Software Engineering Institute
CERT Cif2Stix is a plug-in for CIF that takes JSON object or file inputs and outputs STIX/CyBox documents.
DOWNLOAD -
CERT Rayon
• Software
By Software Engineering Institute
CERT Rayon is a Python library and set of tools that generates basic two-dimensional statistical visualizations.
DOWNLOAD -
Controls Systems Code Samples Download
• Software
By Software Engineering Institute
The Controls Systems Code Samples help an organization protect text-based intellectual property, including source code repositories.
DOWNLOAD -
CERT JIRA Plugins
• Software
By Software Engineering Institute
CERT JIRA Plugins consist of Automated Task Creator, Email Attachment Handler, and Common Code.
DOWNLOAD -
Secure Coding Validation Suite
• Software
By Software Engineering Institute
The Secure Coding Validation Suite is a tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961.
DOWNLOAD -
Smart Grid Maturity Model Assets Collection (SGMM), Version 1.2
• Collection
By Software Engineering Institute
These are the assets related to version 1.2 of the Smart Grid Maturity Model.
DOWNLOAD -
CERT SQUARE for Privacy (P-SQUARE)
• Software
By Software Engineering Institute
P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.
DOWNLOAD -
CERT SQUARE for Acquisition (A-SQUARE)
• Software
By Software Engineering Institute
SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.
DOWNLOAD -
Acquisition Strategy Development Tool
• Software
By Software Engineering Institute
The Acquisition Strategy Development Tool is a customized Excel workbook that helps acquisition planners work through their method and techniques.
DOWNLOAD