Software Engineering Institute

The work of the CERT Program at Carnegie Mellon University's Software Engineering Institute includes technologies and methods for

• eliminating security flaws and vulnerabilities in systems
• preventing intrusions from occurring
• identifying intrusions that have occurred
• preserving essential services when systems have been penetrated and compromised
• providing decision makers with information required for network defense

We recognize the importance of multiple strategies for prevention and detection of and recovery from cybersecurity attacks. The CERT Division has been designed to address a broad spectrum of security technology research, development, and transfer. 

In our research activities, the goal is to replace informal methods with precise software and security engineering. In our technology development work, we create software and security standards, technologies, and automation. In technology transfer, we work with clients to incorporate results into key acquisition and development projects. We also provide training and materials, such as books and articles, to support technology transfer.

While all these elements are necessary to achieve success, the focus of this report is on CERT research. Our research agenda is driven by the need to develop theoretical foundations and engineering methods to help ensure the security of critical systems and networks. We believe the projects described in this report are essential elements of this agenda.