Richard D. Pethia
Software Engineering Institute
Richard Pethia is an SEI alumni employee.
Richard Pethia was the Director of the CERT Division at Carnegie Mellon University’s Software Engineering Institute (SEI). The CERT Division grew from the CERT Coordination Center (CERT/CC) that Mr. Pethia established in 1988 with DARPA sponsorship. The charter of the CERT/CC was to serve as a focal point for reporting and responding to security vulnerabilities, to respond to security emergencies on the Internet and to serve as a model to help others establish Computer Security Incident Response Teams. Since then, the CERT mission has grown to include research and development in the areas of vulnerability analysis, malicious code analysis, cybersecurity engineering, secure coding, network situational awareness, insider threat, cyber intelligence, cyber forensics, risk analysis and mitigation, operational resilience and workforce development. The CERT Division is widely recognized as a trusted, authoritative organization and it regularly partners with government, industry, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats.
In 2003, Pethia was awarded the position of SEI Fellow for his vision and leadership in establishing the CERT/CC, for creating and promoting the development of the worldwide network of over 250 Computer Security Incident Response Teams, for his development of the research and development program, and for his ongoing work and leadership in the areas of information assurance and computer and network security.
Pethia has testified before U.S. House and Senate committees and the Pennsylvania Legislature on Internet and e-commerce security issues, cyber-defense, the effects of computer viruses, and possible actions to prevent future viruses from impacting networks. He has also made presentations on computer security and computer crime to the Federal Bureau of Investigation, the Department of Justice, and Interpol. Prior to joining the Software Engineering Institute, Pethia held the positions of Director of Engineering at Decision Data Computer Corporation; Manager of Operating Systems Development at Modular Computer Corporation; and Manager of Software Development at the University of Pittsburgh’s Learning Research and Development Center.
Publications by Richard D. Pethia
-
20+ Years of Cyber (in)Security
August 06, 2013 • Webinar
Richard D. Pethia
In this webinar, Rich Pethia discusses how cybersecurity has changed over the past 20 years.
watch -
Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia
January 20, 2009 • Podcast
Richard D. PethiaJulia H. Allen
In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.
learn more -
CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT
October 31, 2006 • Podcast
Richard D. PethiaJulia H. Allen
In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division.
learn more -
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0
September 01, 1999 • Technical Report
Christopher J. AlbertsSandra BehrensRichard D. Pethia
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.
read -
Report to the President's Commission on Critical Infrastructure Protection
January 01, 1997 • Special Report
James EllisDavid FisherThomas A. Longstaff
This 1997 report identifies threats to and vulnerabilities of the Internet and estimates the cascade effect that a successful, sustained attack on the Internet would have on the critical national infrastructures set out in Executive Order 13010.
read -
A Guide to the Assessment of Software Development Methods
April 01, 1988 • Technical Report
William G. WoodRichard D. PethiaLauren Roberts Gold
This 1988 report outlines a process that provides method assessors with a systematic way to improve their understanding of and form opinions about the ability of existing methods to meet their organization's software engineering methods.
read -
A Classification Scheme for Software Development Methods
November 01, 1987 • Technical Report
Robert FirthWilliam G. WoodRichard D. Pethia
This report describes a classification scheme for software development methods, includes descriptions of the major characteristics of such methods, and contains some words of advice on choosing and applying such methods.
read -
A Guide to the Classification and Assessment of Software Engineering Tools
September 01, 1987 • Technical Report
Robert FirthVicky MosleyRichard D. Pethia
This 1987 report describes a tool classification technique that helps those investigating tools decide where a tool fits in the software engineering process and identify what a tool does or doesn't do.
read -
Software and System Warranty Issues
June 01, 1987 • Technical Report
Larry DruffelI. Michael GreenbergerTimothy K. Shuba
This 1987 report addresses technical and administrative issues associated with the system warranty process, and recommends a straightforward, two-page generic system warranty clause that covers software, not in isolation, but as part of a warranted system.
read