schuirink.net
news categories
Some of the newsfeeds can be viewed by category; choose one of the subjects below.Tech- & Geek news
News 4 (techs &) geeksTechnology news
Linux
Linux newsLinux Central headlines
Linux software announcements
Linux tips'n'tricks
Other OS'es
BEOS softwareBSD news
Mozilla
Mozilla relatedIT
SECURITYTelephony/VOIP
Networks
Internet Technology News
Webdev
WebdevelopmentWebdev::css
Webdev::javascript
WHO news
WHO newsfeedsDutch news
Dutch newsDutch weblogs
Dutch weblogsMore dutch weblogs
Podcasts
Dutch podcastsradiocast.nl
CERT/CC
url: http://www.cert.org/At the CERT Coordination Center, we study Internet security vulnerabilities and incident activity, publish a variety of security alerts, research security and survivability in wide-area-networked computing, and develop information to help you improve security at your site.
New Podcast Released
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors.
New Insider Threat Blog Entry
The Entry "Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage" has been posted.
Spotlight On: Malicious Insiders and Organized Crime Activity
This TN is the fifth article in the Spotlight On quarterly series published by the CERT Insider Threat Center.
CERT Program Improves Security in C Programming Language Standard
The CERT Secure Coding team made key contributions to the newest ISO/IEC C language standard.
New CERT/CC Blog Entry
The entry "CNAME flux" has been posted.
Using Defined Processes as a Context for Resilience Measures Technical Note Released
This technical note describes how implementation-level processes can help organizations define measures of operational resilience.
New Podcast Released
Electronic health records bring many benefits along with security and privacy challenges.
Standards-Based Automated Remediation 2011 Update Released
This report updates the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems for 2011.
Insider Threat Control Released
Insider Threat Control: Using a SIEM Signature to Detect Potential Precursors to IT Sabotage presents a technique for detecting potential insider sabotage over an organization's network.
New Insider Threat Blog Entry
The entry "Preparing for Negative Workplace Events - Managing Employee Expectations" has been posted.
New Insider Threat Blog Entry
The entry "Insider Threat Controls" has been posted.
New Insider Threat Blog Entry
The entry "Data Exfiltration and Output Devices - An Overlooked Threat" has been posted.
CERT Oracle Secure Coding Standard for Java Book Published
The CERT Oracle Secure Coding Standard for Java has been published by Addison-Wesley Professional.
New Insider Threat Demonstration Series Launched
The CERT Insider Threat Center has released the first video in a series of insider threat demonstrations.
Insider Threat Control Technical Note Released
This technical note describes how organizations can use Splunk to detect insider theft of intellectual property.
Agenda Now Available for Upcoming Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. See the web page for a link to the agenda.
New Podcast Released
Measures of operational resilience should answer key questions, inform decisions, and affect behavior.
Community College Education Report Published
The fourth volume in the Software Assurance Curriculum Project focuses on community college courses for software assurance.
2010 CERT Research Report Published
The CERT Program is internationally known for developing practices and technologies to protect, detect, and respond to attacks, accidents, and failures on networked systems. This report describes progress in our innovative research projects and activities.
New CERT/CC Blog Entry
The entry "Challenges in Network Monitoring above the Enterprise" has been published.
New Podcast Released
Use of Domain Name System security extensions can help prevent website hijacking attacks.
Registration Open for Webinar and Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. There is a pre-event webinar on September 8. See the workshop web page for links to online registration forms.
New Insider Threat Blog Entry
The entry "The Necessity of Best Practices for the Prevention and Detection of Insider Threats" has been posted.
New Insider Threat Blog Entry
The entry "The CERT Insider Threat Database" has been posted.
Keeping Your Family Safe in a Highly Connected World
As our world becomes highly connected where endless data is just a click away and using networked devices has become almost a necessity, protecting your personal information and family privacy is of great concern.
Measures for Managing Operational Resilience Technical Report Published
In this technical report Resilient Enterprise Management (REM) team members suggest a set of top ten strategic measures for managing operational resilience.
New Podcast Released
Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information.
Standards-Based Automated Remediation Special Report Released
This report describes the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems.
New Insider Threat Blog Entry
The entry "Theft of Intellectual Property and Tips for Prevention" has been published.
Request for Proposal - SEI Code Review Process
The SEI is issuing a Request for Proposal seeking interested organizations with experience performing web penetration and source code audits in systems developed in C#, Java, Ruby, Perl, Python, JavaScript, and PHP.
New Podcast Released
Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection.
New CERT PGP Key
CERT has updated its PGP key. We strongly urge you to encrypt sensitive information.
New Insider Threat Blog Entry
The entry "Insider Threat Deep Dive: Theft of Intellectual Property" has been posted.
New CERT/CC Blog Entry
The entry "Signed Java and Cisco AnyConnect" has been posted.
A Preliminary Model of Insider Theft of Intellectual Property Technical Note Published
This technical note presents research findings on insider theft of intellectual property.
CERT Used XNET for Forensics Challenge
This article describes the role that XNET played in the CERT Forensics Challenge, designed for the 2011 National Security Agency Cyber Defense Exercise.
New CERT/CC Blog Entry
The entry "Effectiveness of Microsoft Office File Validation" has been published.
New Insider Threat Blog Entry
The entry "Insider Threat and Physical Security of Organizations" has been published.
New Podcast Released
Over 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model.
New CERT Blogs Index
This main index page displays the ten most recent entries across all of our blogs. You can reach this page through the blogs link in the bottom navigation.
Trusted Computing in Embedded Systems Workshop Released
This SEI Special Report describes the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University.
Software Security Measurement and Analysis Presentation Released
Cyber Security Engineering researchers at CERT have released a presentation describing their Security Measurement and Analysis (SMA) Project.
SPREE Workshop
SPREE Workshop registration is now open. You can register by using this form (pdf).
New CERT/CC Blog Entry
The entry "A Security Comparison: Microsoft Office vs. Oracle Openoffice" has been published.
CERT Staff Presenting at SEPG Europe 2011
To reinforce the "Global Excellence in Software and Security" theme, CERT staff members are presenting tutorials on a variety of security topics.
New Insider Threat Blog Entry
The entry "Insider Threat Best Practices from Industry" has been published.
New Podcast Released
BuBusiness l leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats.
2011 CyberSecurity Watch Survey Released
The 2011 CyberSecurity Watch Survey press release and data sample have been released.
New CERT/CC Blog Entry
The entry "Announcing the CERT Basic Fuzzing Framework 2.0" has been published.
Function Extraction (FX) Research for Computation of Software Behavior Technical Report Released
This technical report discusses use of algorithms to compute overall malware behavior.
Risk and Resilience: Considerations for Information Security Risk Assessment and Management
Julia Allen and Jim Cebula gave this presentation at RSA Conference 2011 in San Francisco, California.
New Insider Threat Blog Entry
The entry "Insider Threats in the Software Development Lifecycle" has been published.
New Podcast Released
Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.
New Insider Threat Presentation Published
"Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab," presentated at RSA Conference 2011 in San Francisco, California, is now available.
An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases Technical Note Published
This techincal note provides an overview of techniques employed by malicious insiders to steal intellectual property.
Integrating the MSwA Reference Curriculum into the MSIS Model Curriculum Technical Note Published
This technical note examines how the MSwA Reference Curriculum recommendations might be integrated into the model curriculum recommendations for a MSIS degree.
New CERT/CC Blog Entry
The entry "'Network Monitoring for Web-Based Threats' released" has been published.
Changes to Vulnerability Analysis Blog
To allow for expansion into other technical areas, the Vulnerability Analysis Blog has been converted to the CERT/CC Blog.
Network Monitoring for Web-Based Threats Report Published
This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach.
Security and Privacy Engineering (SPREE) Workshop Scheduled for June
The SPREE Workshop will be held at Carnegie Mellon University on June 15-16, 2011. Discussions will focus on security and privacy challenges associated with developing and maintaining software as data-driven technology continues to advance.
New Insider Threat Blog Entry
The entry "Insider Threat Case Trends of Technical and Non-Technical Employees" has been published.
New Podcast Released
Technical controls may be effective in helping prevent, detect, and respond to insider crimes.
Trust and Trusted Computing Platforms Technical Note Published
This technical note examines the capabilities and limitations of hardware-based trusted platforms in general, and the Trusted Platform Module (TPM) from the perspective of trusted applications in particular.
Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data Technical Note Published
This paper demonstrates how to extract and map technical information from previous insider crimes.
Software Supply Chain Risk Management Technical Note Published
This technical note considers current practices in software supply chain analysis and suggests foundational practices.
CERT Resilience Management Model Book Published
The CERT Resilience Management Model (CERT-RMM) Version 1.1 has been published by Addison-Wesley Professional.
A Taxonomy of Operational Cyber Security Risks Published
This technical note presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk.
Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems Report Published
The Source Code Analysis Laboratory (SCALe) is an operational capability that tests software applications for conformance to one of the CERT secure coding standards.
CERT Approach to Cybersecurity Workforce Development Report Published
This report presents a new, continuous approach to cybersecurity workforce development.
New Insider Threat Blog Entry
The entry "Insider Threat Case Trends for Employee Type and Employment Status" has been published.
New Insider Threat Blog Entry
The entry "Insider Threat Case Trends for Employee Type and Employment Status" has been published.
How Resilient Is My Organization?
Use the CERT Resilience Management Model (CERT-RMM) to help ensure that critical assets and services perform as expected in the face of stress and disruption.
New Insider Threat Blog Entry
The entry "Upcoming Insider Threat Presentations" has been published.
CERT Career Fair Scheduled for January
Representatives from CERT will be in Arlington, VA on January 26-27 to meet with candidates interested in job opportunities. Applicants must submit resumes in advance for this appointment-only event.
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
This special report is the first in a series of best practices information that interested organizations and governments can use to begin to develop a national incident management capability.
New Podcast Released
Government agencies and private industry must build effective partnerships to secure national critical infrastructures.
Measuring Operational Resilience Using the CERT Resilience Management Model
This Technical Note is the first in a series of publications designed to start a dialog on the topic of meaningful measurement.
New CERT PGP Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
New Podcast Released
Knowledge about software assurance is essential to ensure that complex systems function as intended.
New Insider Threat Blog Entry
The entry "Interesting Insider Threat Statistics" has been published.
FloCon 2011 Keynote Speaker Announced
John Stewart, vice president and chief security officer of Cisco, will deliver one of the keynote addresses at FloCon 2011.
FloCon 2011 Registration Open
Registration for FloCon 2011 is now open. The early bird registration fee will begin at $660.00 until November 22, 2010. Please use discount code FLOCONNEB when registering on or before November 22, 2010.
New Insider Threat Blog Entry
The entry "A Threat-Centric Approach to Detecting and Preventing Insider Threat" has been published.
Participation Opportunities for FloCon 2011 Published
The call for presentations, a description of sponsorship opportunities, and the sponsorship agreement have been released.
Integrated Measurement and Analysis Framework for Software Security Technical Note Published
This report is the first in a series that addresses how to measure software security in complex environments using the Integrated Measurement and Analysis Framework (IMAF) for software security.
Security Requirements Reusability and the SQUARE Methodology
R-SQUARE incorporates reusable security goals and requirements into a variant of Security Quality Requirements Engineering (SQUARE).
Building Assured Systems Framework Report Published
The BASF addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
Upcoming IEEE Smart Grid Survivability Workshop
This workshop will take place October 13-14, 2010 in Arlington, Virginia
New Podcast Released
Organizations can benchmark their software security practices against 109 observed activities from 30 organizations.
New Vulnerability Analysis Blog Entry
The entry "CERT Basic Fuzzing Framework Update" has been published.
New Insider Threat Blog Entry
The entry "Insider Threat Deep Dive: IT Sabotage" has been published.
New CERT PGP Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
Insider Threat Blog Released
The first entry in our new insider threat blog has been published.
FloCon 2010 Proceedings Available
Proceedings from FloCon 2010 have been released.
Software Assurance Curriculum Materials Available
A Master of Software Assurance Reference Curriculum and undergraduate course outlines are now available for download.
New Podcast Released
Internet-connected mobile devices are becoming increasingly attractive targets.
FloCon 2011 Announced
FloCon 2011 will take place in Salt Lake City, Utah, January 10-13, 2011.
New Podcast Released
A national CSIRT is essential for protecting national and economic security, and ensuring the continuity of government agencies and critical infrastructures.
Technical Note on Adapting the SQUARE Process for Privacy Requirements Engineering Published
This technical note explores the use of a disciplined approach to identifying privacy requirements, primarily how the Security Quality Requirements Engineering (SQUARE) process, which was developed for security requirements engineering, can be adapted for privacy requirements engineering in software development.
Spotlight On: Insider Threat from Trusted Business Partners Published
This article focuses on cases in the CERT Insider Threat Center database in which malicious insiders were employed by a trusted business partner of the victim organization. These cases involve outsourcing as well as individual contractors and consultants.
New Podcast Released
Securing systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity.
CERT/CC Enhancing Collaboration Between National CSIRTs
The CERT/CC has created both a wiki and an operational mailing list for authorized technical staff at national CSIRTs. These tools will promote collaboration and information exchange about technical projects and other relevant work.
Upcoming SEI Webinar on the CERT Resilience Management Model
On July 28, 2010, Rich Caralli will present "Transforming Your Operational Resilience Management Capabilities: CERT's Resilience Management Model" as part of the Software Engineering Institute's webinar series.
New Podcast Released
Complex, distributed, multi-year investigations of computer crimes require sophisticated methods, techniques, and tools.
National CSIRTs to Meet in Miami
On June 19-20, the CERT/CC is hosting a meeting of CSIRTs with national responsibility in Miami, Florida. Attendees will discuss the unique challenges facing national CSIRTs and will share information about projects and solutions.
Fuzz Testing Tool Available
The CERT Basic Fuzzing Framework (BFF) is a Linux-based tool for fuzz testing software that runs on Linux. This free tool is now available for download.
Java Concurrency Guidelines Report Published
The CERT Oracle Secure Coding Standard for Java provides guidelines for securrogramming language
Second Edition of Specifications for Managed Strings Report Published
This report describes a managed string library for the C programming language.
Survivability Analysis Framework Technical Note Published
The technical note describes the Survivability Analysis Framework (SAF), which can be used to examine the elements of an operational process and evaluate the survivability of an organization.
New Podcast Released
To help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing.
Resilience Management Model Report Published
The CERT-RMM report describes the key concepts, components, and process area relationships of the model, which is an innovative way to approach the challenge of managing operational resilience in complex, risk-evolving environments.
Technical Report About Network Behavior Published
The report, Identifying Anomalous Port-Specific Network Behavior, describes a method for detecting behavior that may be a precursor to internet-wide attacks.
New Podcast Released
Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.
2009 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
New Insider Threat Presentation Published
"The Key to Successful Monitoring for Detection of Insider Attacks," presentated at RSA Conference 2010 in San Francisco, California, is now available.
New Podcast Released
Being able to respond effectively when faced with a disruptive event requires that staff members learn to become more resilient.
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
New Podcast Released
CISOs must leave no room for anyone to deny that they understand what is expected of them when developing secure software.
2010 Vulnerability Discovery Workshop
On February 1, 2010, CERT hosted a workshop with vulnerability researchers and software vendors to discuss ideas, tools, and techniques used to find vulnerabilities.
MITRE CWE and CERT Secure Coding Standards
This paper describes the Common Weakness Enumeration (CWE) and the CERT secure coding standards and explains the relationship between them.
Instrumented Fuzz Testing Using AIR Integers Published
This paper presents the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions.
Results of 2010 CyberSecurity Watch Survey Released
This survey, a cooperative effort of multiple organizations, collected answers from more than 500 rent executives, professionals, and consultants.
New Podcast Released
Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations.
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
New Podcast Released
The SGMM provides a roadmap to guide an organization's transformation to the smart grid.
New Podcast Released
Addressing privacy during software development is just as important as addressing security.
SQUARE Tool Is Now Available
New Podcast Released
Network defenders and business leaders can use NetSA measures and evidence to better protect their networks.
CERT Tactical Response and Analysis Challege Tests Cybersecurity Skills
Twenty-nine competing teams from 20 countries participated in the Tactical Response and Analysis Challenge (TRAC) conducted by the SEI's CERT PRogram as part of the weeklong International Cyber Defense Workshop (ICDW), which concluded November 13, 2009.
New Podcast Released
Providing critical services during times of stress depends on documented, tested business continuity plans.
Spotlight On - Insider Theft of Intellectual Property inside the U.S. Involving Foreign Governments or Organizations
This report is the third in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider theft of intellectual property inside the U.S. involving foreign governments or organizations.
Deadline for FloCon Abstracts Extended
The deadline to submit abstracts for presentations and demonstrations for FloCon 2010 has been extended to Monday, November 9.
Secure Design Patterns
This newly updated technical report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
New Podcast Released
A defined, managed process for third party relationships is essential, particularly when business is disrupted.
New Podcast Released
The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
New Podcast Released
Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense.
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
This paper examines the effectiveness of VRDA in terms of how well it predicts responses.
New Podcast Released
282 cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.
Spotlight On: Malicious Insiders with Ties to the Internet Underground Community (pdf), March 2009
This report is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider threat cases in which the insider had relationships with the internet underground community.
New Podcast Released
Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise.
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
This paper provides observations about and a preliminary system dynamics model of one class of insider crime based on empirical data.
As-if Infinitely Ranged Integer Model Published
This paper presents a model for automating the elimination of integer overflow and truncation in C and C++ programming code.
First Time Offering, Register Now: Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for thiscourse to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
New Podcast Released
Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain.
Resiliency Management Model v1.0 Released
CERT has published the first process areas of the Resiliency Management Model, a capability model for operational resiliency management.
Winners of Best Practices Contest 2009 Announced
The winners of the Best Practices Contest 2009 were announced at the FIRST conference in Kyoto, Japan. Read the winning submissions.
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
New Podcast Released
When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks.
New Podcast Released
Business leaders need to take action to better mitigate sophisticated social engineering attacks.
Attend the SEI Webinar on May 14
Register for the webinar SQUARE Up Your Security Requirements Engineering with SQUARE. This webinar provides an overview of the SQUARE process and discusses current activities and plans.
New Podcast Released
Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences.
Making the Business Case for Software Assurance Published
This report provides guidance for making the business case for building software assurance into software products during each software development life-cycle activity.
Register for First Insider Threat Workshop
Learn how to identify and manage the risk of insider threat in your organization. Register now for the two-day Insider Threat Workshop in Arlington, VA.
CERT Releases Dranzer Tool
As part of their vulnerability discovery efforts, CERT has released Dranzer, an open source tool that software developers can use to test for ActiveX vulnerabilities.
New Podcast Released
Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.
Linux Forensics Tools Repository Released
The CERT forensics tools repository, a collection of add-on packages for Fedora, provides many useful cyber forensics tools for analysts and practitioners.
New Podcast Released
Observed practice, represented as a maturity model, can serve as a basis for developing more secure software.
Secure Design Patterns
This technical report describes a set of secure design patters, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations.
New Podcast Released
Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.
CERT Program Hosts Leaders in Security
On March 10, the CERT Program at Carnegie Mellon University's Software Engineering Institute began a two-day technical symposium for a select group of leaders in experts in the cyber security field.
2008 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
New Podcast Released
Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite.
New Course Offering: Insider Threat Workshop
CERT's insider threat research serves as the foundation for this two-day workshop.
The CERT/CC and FIRST Announce Best Practices Contest 2009
For the second year in a row, the CERT/CC and FIRST are jointly hosting an international competition to honor best practices and advances in safeguarding the security of computer systems and networks.
New Podcast Released
Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.
Richard Pethia Receives CSO Compass Award
Richard D. Pethia, director of the Carnegie Mellon Software Engineering Institute (SEI) CERT Program has been named a recipient of the 2009 CSO Compass Award sponsored by CSO Magazine.
New Podcast Released
Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security.
Common Sense Guide to Prevention and Detection of Insider Threats, Version 3.1
The third version of this guide includes new and updated practices based on an analysis of approximately 100 recent insider threat cases that occurred from 2003 to 2007 in the United States.
New Podcast Released
Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges.
New Podcast Released
Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes.
New Podcast Released
Climate change requires new strategies for dealing with traditional IT and information security risks.
New Podcast Released
Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.
CERT Resiliency Engineering Framework (REF) Outline Published
This document provides a brief overview of the CERT Resiliency Engineering Framework, including purpose statements, goals, and specific practices for each capability area.
New Podcast Released
Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.
New Podcast Released
A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation.
The CERT C Secure Coding Standard Published
This book is an essential desktop reference documenting the first official release of the CERT C Secure Coding Standard.
CERT Statistics Updated
The CERT statistics have been updated with numbers from the third quarter of 2008.
New Podcast Released
When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities.
New Podcast Released
Integrating security into university curricula is one of the key solutions to developing more secure software.
Interactive Vulnerability Reporting Form Released
The interactive form enhances CERT's vulnerability analysis efforts by making it easier for vulnerability reporters to securely submit valuable information.
New Podcast Released
OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services.
Java Secure Coding Standard Released
CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments.
New Technical Note Released
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.
New Podcast Released
Well-defined metrics are essential to determine which security practices are worth the investment.
New Podcast Released
Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle.
New Podcast Released
Protecting critical infrastructures and the information they use are essential for preserving our way of life.
CERT Statistics Updated
The CERT statistics have been updated with numbers from the second quarter of 2008.
New Podcast Released
Determining which security vulnerabilities to address should be based on the importance of the information asset.
New Podcast Released
CERT Autoresponder Disabled
Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address.
New Podcast Released
During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack.
Winners of Best Practices Security Awards Announced
The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted.
New Podcast Released
Targeted, innovative communications and a robust life cycle are keys for security policy success.
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published
This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects.
New Podcast Released
Managing software that is developed by an outside organization can be more challenging than building it yourself.
New Podcast Released
Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers.
New CERT PGP Public Key
CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information.
Making the Business Case for Software Assurance
This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available.
New Podcast Released
High performing organizations effectively integrate information security controls into mainstream IT operational processes.
New Podcast Released
Helping your staff learn how to identify social engineering attempts is the first step in thwarting them.
Vulnerability Analysis Blog Published
In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis.
New Podcast Released
Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough.
CERT Statistics Updated
The CERT statistics have been updated with numbers from the first quarter of 2008.
CERT Authors Publish Book About Building Security into Software Products
Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle.
Reminder: Entries for Security Awards Due April 30
Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC.
New Podcast Released
Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy.
Incident Management Mission Diagnostic Method, Version 1.0 Published
This report presents a risk-based approach for determining the potential for success of an organization's incident management capability.
CERT Sponsors FIRST Conference
CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT.
New Podcast Released
A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes.
CERT Resiliency Engineering Framework, v0.95R Available
A draft version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials.
2007 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
New Podcast Released
Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle.
FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards
The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC).
New Podcast Released
Business leaders need to understand the risks to their organizations caused by the proliferation of botnets.
CERT to Participate in Second Annual Counter eCrime Operations Summit
CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan.
New Podcast Released
Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data.
New Podcast Released
Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data.
SQUARE Instructional Materials Released
Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download.
New Podcast Released
Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information.
CERT Statistics Updated
The numbers from the fourth quarter have been incorporated, completing the 2007 statistics.
Insider Threat Studies Released
Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors.
New Podcast Released
Directors and senior executives are personally accountable for protecting information entrusted to their care.