Beginning November 10, defense contracts may require assessments under the CMMC program, which the SEI co-created, but implementation will be phased.

This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.

CERT Division at Carnegie Mellon University's Software Engineering Institute. He has supported national security efforts for over 10 years in civilian, military, and contractor roles. Before joining ...

Speakers at a September 4 event reflected on four decades of innovation in software, cybersecurity, and AI for defense—and what’s to come.

Carleton, A., Ivers, J., Ozkaya, I., Robert, J., Schmidt, D., and Zhang, S., 2025: Perspectives on Generative AI in Software Engineering and Acquisition. Carnegie ...

Ozkaya, I., and Schmidt, D., 2024: Generative AI and Software Engineering Education. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Ruefle, R., 2024: 10 Lessons in Security Operations and Incident Management. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Novak, W., 2023: Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways. Carnegie Mellon University, Software Engineering Institute's ...

Sarvepalli, V., 2023: UEFI: 5 Recommendations for Securing and Restoring Trust. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Scanlon, T., 2023: Cybersecurity of Quantum Computing: A New Frontier. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Wassermann, G., and Svoboda, D., 2023: Rust Vulnerability Analysis and Maturity Challenges. Carnegie Mellon University, Software Engineering Institute's Insights ...

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes. This report details the description, impact, ...