This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.

Beginning November 10, defense contracts may require assessments under the CMMC program, which the SEI co-created, but implementation will be phased.

Giobbi, R., 2008: Ping Sweeping in IPv6. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 16, 2025, https://www.sei ...

CERT Division at Carnegie Mellon University's Software Engineering Institute. He has supported national security efforts for over 10 years in civilian, military, and contractor roles. Before joining ...

Speakers at a September 4 event reflected on four decades of innovation in software, cybersecurity, and AI for defense—and what’s to come.

Dormann, W., 2018: When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults. Carnegie Mellon University, Software Engineering Institute's ...

McGregor, J., and Cohen, S., 2022: Modeling Languages for Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's ...

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Brown, N., 2021: Taking DevSecOps to the Next Level with Value Stream Mapping. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...

Robert, J., and Schmidt, D., 2024: 10 Benefits and 10 Challenges of Applying Large Language Models to DoD Software Acquisition. Carnegie Mellon University, Software ...

Churilla, M., VanHoudnos, N., and Beveridge, R., 2023: The Challenge of Adversarial Machine Learning. Carnegie Mellon University, Software Engineering Institute's ...