SEI researchers discuss their work on System Theoretic Process Analysis, or STPA, a hazard-analysis technique uniquely suitable for dealing with AI complexity when assuring AI systems.

This newsletter compiles the latest SEI releases and news about guiding organizations on their AI journeys, presentations from the Secure Software by Design 2025 event, a model-based approach for ...

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...

Fricke, J., and Hoover, A., 2018: Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection. Carnegie Mellon University, Software Engineering ...

Firesmith, D., 2015: Four Types of Shift Left Testing. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13, 2025, https ...

Firesmith, D., 2013: Common Testing Problems: Pitfalls to Prevent and Mitigate. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Dormann, W., 2014: Differences Between ASLR on Windows and Linux. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 13 ...

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Wassermann, G., and Svoboda, D., 2023: Rust Vulnerability Analysis and Maturity Challenges. Carnegie Mellon University, Software Engineering Institute's Insights ...

Spring, J., 2022: Probably Don’t Rely on EPSS Yet. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed November 19, 2025, https ...

Dormann, W., 2016: Windows 10 Cannot Protect Insecure Applications Like EMET Can. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

NOTE: CERT/CC advisories have become part of the US-CERT National Cyber Awareness System.