Software and Tools
Access and download the software, tools, and methods that the SEI creates, tests, refines, and disseminates. Organizations and individuals worldwide use these technologies and management techniques to improve the results of software projects, the quality and behavior of software systems, and the security and survivability of networked systems.
Filter by
-
Collection of Static Analysis Assets
• Collection
By None
This collection contains materials on SEI’s research regarding how to improve alert systems in static analysis tools as well as the automation of these tools.
DOWNLOAD -
Capability-Based Software Cost Estimation (CaBSCE)
By None
The SEI is developing the Capability-Based Software Cost Estimation method to modernize cost estimation practices by aligning them with Agile and DevSecOps.
DOWNLOAD -
TEC ML Mismatch Detection Tool
• Software
By The Software Engineering Institute
The TEC tool compares information across descriptors and flags any mismatches or missing information.
DOWNLOAD -
Redemption: Automated Repair of Static Analysis Alerts
• Software
By None
The Redemption tool makes automated repairs to C and C++ source code based on defect alerts produced by static-analysis tools.
DOWNLOAD -
CERT NetSA Security Suite
• Software
By None
The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.
DOWNLOAD -
Alert Type Frequency Assessment of Open-Source Static Analysis Tools and Codebases
• Dataset
By David Svoboda , Lori Flynn , William Klieber
This dataset includes all the data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases.
DOWNLOAD -
CERT Kaiju
• Software
By None
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite.
DOWNLOAD -
Mission-Based Prioritization Tool (Coded)
• Software
By None
An alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of Visual Basic code that creates a tab containing the sorted …
DOWNLOAD -
Mission-Based Prioritization Tool (Code Free)
• Software
By None
A no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted.
DOWNLOAD -
KalKi Platform Main Repository
• Software
By Sebastián Echeverría
KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.
DOWNLOAD -
SEI-ACE
• Software
By Grace Lewis , Sebastián Echeverría
SEI-ACE is an extension of the ACE Working Group proposal to support authentication and authorization of devices in disadvantaged environments.
DOWNLOAD -
DSOI-ALL / devops-microcosm
• Software
By None
This GitHub guide provides hands-on guidance to build a DevSecOps pipeline.
DOWNLOAD -
CWD Tools for Improving Cyber Simulations
• Collection
By None
Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each one.
DOWNLOAD -
SCAIFE-API YAML Specification
• Software
By None
The YAML file specifies the SCAIFE-API definition in a format developers can use to view, modify, and automatically generate code from.
DOWNLOAD -
Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool
• Dataset
By None
This archive contains the source code of the ACTIVE tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design.
DOWNLOAD -
Analysis Pipeline
• Software
By None
The Analysis Pipeline supports inspection of flow records as they are created.
DOWNLOAD -
CERT Vulnerability Data Archive and Tools
• Dataset
By Allen D. Householder
CERT archive of non-sensitive vulnerability information in the vulnerability reports database.
DOWNLOAD -
CERT Linux Forensics Tools Repository
• Software
By None
The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.
DOWNLOAD -
CERT fixbuf
• Software
By None
CERT fixbuf is a compliant implementation of the IPFIX Protocol.
DOWNLOAD -
CERT super_mediator
• Software
By None
CERT super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.
DOWNLOAD -
Clang-Tidy
• Software
By None
Clang-Tidy is Clang-based C++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors.
DOWNLOAD -
CERT Tapioca
• Software
By None
CERT Tapioca is a network-layer MITM proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including HTTP and HTTPS.
DOWNLOAD -
CERT SiLK IPset
• Software
By None
CERT SiLK IPset can be used to build and manipulate IPset files.
DOWNLOAD -
CERT pyfixbuf
• Software
By None
CERT pyfixbuf is a Python API for libfixbuf that can be used to write applications that collect and export IPFIX.
DOWNLOAD -
CERT snarf
• Software
By None
CERT snarf is a distributed alert reporting system that sends send network alert messages.
DOWNLOAD -
PDFrankenstein
• Software
By None
PDFrankenstein is a Python tool for bulk malicious PDF feature extraction.
DOWNLOAD -
Insider Threat Test Dataset
• Dataset
By None
The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.
DOWNLOAD -
Automated Assurance of Security Policy Enforcement (AASPE)
• Software
By None
AASPE is a set of modeling tools for security analysis and a code generator to produce code for the seL4 platform from AADL models.
DOWNLOAD -
Error Model Version 2
• Software
By None
The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.
DOWNLOAD -
CERT netsa-python
• Software
By None
The netsa-python library is a collection of Python routines and frameworks to use when developing analyses using the SiLK toolkit.
DOWNLOAD -
CERT iSiLK
• Software
By None
iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.
DOWNLOAD -
CERT Orcus
• Software
By None
Orcus is a system for analyzing passively-collected DNS information. It includes a capability for analyzing all DNS information that has been seen (the “resource record database”), as well as a …
DOWNLOAD -
KD-Cloudlet
• Software
By None
Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.
DOWNLOAD -
Rosecheckers
• Software
By None
Rosecheckers is a tool that performs static analysis on C/C++ source files to enforce the rules in the CERT C Coding Standard.
DOWNLOAD -
Architecture Analysis and Design Language (AADL) Tool
• Software
By None
AADL provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle.
DOWNLOAD -
CERT Dranzer
• Software
By None
Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls.
DOWNLOAD -
GDB 'Exploitable' Plugin
• Software
By Jonathan Foote
The GDB 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects.
DOWNLOAD -
CERT Prism
• Software
By None
Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool.
DOWNLOAD -
Compiler-Enforced Buffer Overflow Elimination
• Software
By None
This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.
DOWNLOAD -
CERT Stix2Cif
• Software
By None
CERT Stix2Cif parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files and feeds them to CIF.
DOWNLOAD -
CERT Triage Tools
• Software
By None
CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named 'exploitable' that classify Linux application defects by severity.
DOWNLOAD -
CERT Cif2Stix
• Software
By None
CERT Cif2Stix is a plug-in for CIF that takes JSON object or file inputs and outputs STIX/CyBox documents.
DOWNLOAD -
CERT Rayon
• Software
By None
CERT Rayon is a Python library and set of tools that generates basic two-dimensional statistical visualizations.
DOWNLOAD -
Controls Systems Code Samples Download
• Software
By None
The Controls Systems Code Samples help an organization protect text-based intellectual property, including source code repositories.
DOWNLOAD -
CERT JIRA Plugins
• Software
By None
CERT JIRA Plugins consist of Automated Task Creator, Email Attachment Handler, and Common Code.
DOWNLOAD -
Secure Coding Validation Suite
• Software
By None
The Secure Coding Validation Suite is a tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961.
DOWNLOAD -
Smart Grid Maturity Model Assets Collection (SGMM), Version 1.2
• Collection
By None
These are the assets related to version 1.2 of the Smart Grid Maturity Model.
DOWNLOAD -
CERT SQUARE for Privacy (P-SQUARE)
• Software
By None
P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.
DOWNLOAD -
CERT SQUARE for Acquisition (A-SQUARE)
• Software
By None
SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.
DOWNLOAD -
Acquisition Strategy Development Tool
• Software
By None
The Acquisition Strategy Development Tool is a customized Excel workbook that helps acquisition planners work through their method and techniques.
DOWNLOAD