2009 CERT Research Report
- Publisher: Software Engineering Institute
- Type: CERT Research Report
Cyber Risk and Resilience Management,
Digital Intelligence and Investigation,
Network Situational Awareness,
- Description: In this 2009 report, the authors summarize the research conducted by the CERT Division at the Software Engineering Institute in 2009.
The work of the CERT Program at Carnegie Mellon University's Software Engineering Institute includes technologies and methods for
- eliminating security flaws and vulnerabilities in systems
- preventing intrusions from occurring
- identifying intrusions that have occurred
- preserving essential services when systems have been penetrated and compromised
- providing decision makers with information required for network defense
We recognize the importance of multiple strategies for prevention and detection of and recovery from cyber security attacks, and the CERT Program has been designed to address a broad spectrum of security technology research, development, and transfer.
In our research activities, the goal is to replace informal methods with precise software and security engineering. In our technology development work, we create software and security standards, technologies, and automation. In technology transfer, we work with clients to incorporate results into key acquisition and development projects. We also provide training and materials, such as books and articles, to support technology transfer.
While all these elements are necessary to achieve success, the focus of this report is on CERT's research work. Our research agenda is driven by the need to develop theoretical foundations and engineering methods to help ensure the security of critical systems and networks. We believe the projects described in this report are essential elements of this agenda.