sei.cmu

The Dangers of VHD and VHDX Files

Dormann, W., 2019: The Dangers of VHD and VHDX Files. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed May 6, 2026, https://www ...
sei.cmu

Data Poisoning in AI Models: The Case for Chain of Custody Controls

Metcalf, R., and Churilla, M., 2026: Data Poisoning in AI Models: The Case for Chain of Custody Controls. Carnegie Mellon University, Software Engineering Institute's ...
sei.cmu

The 3 Pillars of Enterprise Cyber Risk Management

Tucker, B., 2017: The 3 Pillars of Enterprise Cyber Risk Management. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed April 29 ...
sei.cmu

How Easy Is It to Make and Detect a Deepfake?

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability ...
sei.cmu

Common Sense Guide to Mitigating Insider Threats, Seventh Edition

The guide describes 22 best practices for mitigating insider threat based on the CERT Division's continued research and analysis of more than 3,000 insider threat cases. This seventh edition of the ...
sei.cmu

Architecture Tradeoff Analysis Method Collection

The Architecture Tradeoff Analysis Method (ATAM) is a method for evaluating software architectures relative to quality attribute goals. ATAM evaluations expose architectural risks that potentially ...
sei.cmu

A Framework for Software Product Line Practice, Version 5.0

This document describes the activities and practices in which an organization must be competent before it can benefit from fielding a product line of software systems. A product line is a set of ...
sei.cmu

An Introduction to Model-Based Systems Engineering (MBSE)

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...
sei.cmu

CERT Advisories 1988-2004

This document contains the CERT advisories from 1988.
sei.cmu

Using Alternate Data Streams in the Collection and Exfiltration of Data

Updyke, D., and Jaconski, M., 2022: Using Alternate Data Streams in the Collection and Exfiltration of Data. Carnegie Mellon University, Software Engineering ...
sei.cmu

What Is Your Definition of Software Architecture

The SEI has compiled a list of modern, classic, and bibliographic definitions of software architecture. Modern definitions come from Software Architecture in Practice and from ANSI/IEEE Std 1471-2000, ...