Software Engineering Institute

A Semantics of AADL EMV2 and Its Application to Model-Based Fault Tree Generation

This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.
Software Engineering Institute

Cybersecurity Maturity Model Certification Rule Finalized for Defense Industrial Base

Beginning November 10, defense contracts may require assessments under the CMMC program, which the SEI co-created, but implementation will be phased.
Software Engineering Institute

Emil Mathew

CERT Division at Carnegie Mellon University's Software Engineering Institute. He has supported national security efforts for over 10 years in civilian, military, and contractor roles. Before joining ...
sei.cmu

Ping Sweeping in IPv6

Giobbi, R., 2008: Ping Sweeping in IPv6. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 16, 2025, https://www.sei ...
Software Engineering Institute

Government, CMU, and SEI Leaders Celebrate 40 Years of Advancing Software for National Security

Speakers at a September 4 event reflected on four decades of innovation in software, cybersecurity, and AI for defense—and what’s to come.
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Modeling Languages for Model-Based Systems Engineering (MBSE)

McGregor, J., and Cohen, S., 2022: Modeling Languages for Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's ...
sei.cmu

SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)

In this online download, the CERT Secure Coding Team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives. We ...
sei.cmu

Architecture Tradeoff Analysis Method Collection

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...
sei.cmu

Insider Threat Test Dataset

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...
sei.cmu

Taking DevSecOps to the Next Level with Value Stream Mapping

Brown, N., 2021: Taking DevSecOps to the Next Level with Value Stream Mapping. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...
sei.cmu

The Personal Software Process (PSP)

This report describes in detail what the PSP is and how it works. Starting with a brief discussion of the relationship of the PSP to general quality principles, the report describes how the PSP was ...