Richard D. Pethia
Software Engineering Institute
Richard Pethia was the Director of the CERT Division at Carnegie Mellon University’s Software Engineering Institute (SEI). The CERT Division grew from the CERT Coordination Center (CERT/CC) that Mr. Pethia established in 1988 with DARPA sponsorship. The charter of the CERT/CC was to serve as a focal point for reporting and responding to security vulnerabilities, to respond to security emergencies on the Internet and to serve as a model to help others establish Computer Security Incident Response Teams. Since then, the CERT mission has grown to include research and development in the areas of vulnerability analysis, malicious code analysis, cybersecurity engineering, secure coding, network situational awareness, insider threat, cyber intelligence, cyber forensics, risk analysis and mitigation, operational resilience and workforce development. The CERT Division is widely recognized as a trusted, authoritative organization and it regularly partners with government, industry, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats.
In 2003, Pethia was awarded the position of SEI Fellow for his vision and leadership in establishing the CERT/CC, for creating and promoting the development of the worldwide network of over 250 Computer Security Incident Response Teams, for his development of the research and development program, and for his ongoing work and leadership in the areas of information assurance and computer and network security.
Pethia has testified before U.S. House and Senate committees and the Pennsylvania Legislature on Internet and e-commerce security issues, cyber-defense, the effects of computer viruses, and possible actions to prevent future viruses from impacting networks. He has also made presentations on computer security and computer crime to the Federal Bureau of Investigation, the Department of Justice, and Interpol. Prior to joining the Software Engineering Institute, Pethia held the positions of Director of Engineering at Decision Data Computer Corporation; Manager of Operating Systems Development at Modular Computer Corporation; and Manager of Software Development at the University of Pittsburgh’s Learning Research and Development Center.
Publications by Richard D. Pethia
January 20, 2009 • Podcast
In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.learn more
October 31, 2006 • Podcast
In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division.learn more
September 01, 1999 • Technical Report
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.read
January 01, 1997 • Special Report
This 1997 report identifies threats to and vulnerabilities of the Internet and estimates the cascade effect that a successful, sustained attack on the Internet would have on the critical national infrastructures set out in Executive Order 13010.read
April 01, 1988 • Technical Report
This 1988 report outlines a process that provides method assessors with a systematic way to improve their understanding of and form opinions about the ability of existing methods to meet their organization's software engineering methods.read
November 01, 1987 • Technical Report
This report describes a classification scheme for software development methods, includes descriptions of the major characteristics of such methods, and contains some words of advice on choosing and applying such methods.read
September 01, 1987 • Technical Report
This 1987 report describes a tool classification technique that helps those investigating tools decide where a tool fits in the software engineering process and identify what a tool does or doesn't do.read
June 01, 1987 • Technical Report
This 1987 report addresses technical and administrative issues associated with the system warranty process, and recommends a straightforward, two-page generic system warranty clause that covers software, not in isolation, but as part of a warranted system.read