We develop methods for building security in.
Our Security Quality Requirements Engineering (SQUARE) process, Survivability Analysis Framework, and Building Assured Systems Framework, each help you to build assured systems. We also have tools that adapt the SQUARE process to consider privacy (P-SQUARE) and acquisition (A-SQUARE).
We develop methods for analyzing your development lifecycle.
Our Complexity Modeling and Analysis research helps you analyze complexity and integration issues throughout the development lifecycle to ensure that development is proceeding as planned. We can also help you link security decisions to mission-critical needs.
We develop ways to reduce risk in your supply chain.
Our Supply Chain Assurance research shows you how to reduce risk from software defects, while leveraging the significant opportunities supply chains afford.
We develop tools for measuring and analyzing software security.
Our Software Security Measurement and Analysis research, including our Integrated Measurement and Analysis Framework (IMAF) and Mission Risk Diagnostic (MRD) approaches, helps you establish and measure the confidence that a software-reliant product is sufficiently secure to meet operational needs.
We create software assurance curricula for use in training programs or academic courses.
Our Curricula and Course Materials provide a basis on which organizations and educational institutions can build their own programs. The Software Assurance Competency Model creates a foundation for assessing and advancing the capability of software assurance professionals.
Engage with Us
We can help you with your security and software assurance needs in a number of ways.
Engage with Us
News & Announcements
Polytechnic University of Madrid Announces Master of Software Assurance Degree Program
The Universidad Politécnica de Madrid (UPM) now offers the Master of Software Assurance from the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University in Europe.
New Podcast Released: The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
In this podcast, Jason Christopher and Nader Mehravari discuss how ES-C2M2 helps to improve the operational resilience and security of the U.S. power grid.
Publications & Media
Security and Wireless Emergency Alerts
In this podcast Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks.
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
A Taxonomy of Operational Cyber Security Risks Version 2
This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
Analyzing Timing of Multicore-Software Scheduling–A New Way that Makes It Simple
Discusses the challenges of analyzing the timing of contention for resources in the memory system of multicore processors.
Call for Papers: Sixth Workshop on Managing Technical Debt (MTD 2014)
Call for papers for the Sixth Workshop on Managing Technical Debt, a workshop that brings together leading software maintenance researchers and practitioners.
Most Recent Podcast
Comparing IT Risk Assessment and Analysis Methods
Listen to more podcasts
RE’14 Tutorial on Gathering Unstated Requirements
SEI researchers will present a tutorial at the 22nd IEEE International Requirements Engineering Conference (RE’14) to describe KJ+, a method for determining the unstated needs of varied stakeholders. Register by July 14 to take advantage of the early-bird discounted rate.
Curriculum Recognized by the IEEE Computer Society and the Association for Computing Machinery
The IEEE Computer Society and the Association for Computing Machinery recognized the Master of Software Assurance Reference Curriculum in an IEEE press release.
Security Quality Requirements Engineering (SQUARE)
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
Software Assurance Curriculum
Our software assurance curriculum and competency model help to prepare the next generation of software security experts.
Survivability Analysis Framework
In this report, the authors describe the Survivability Analysis Framework, which is used to evaluate critical operational capabilities.
Supply Chain Assurance
Our work in supply chain assurance can help you reduce the risk from software defects while leveraging the significant opportunities afforded by supply chains.
Software Security Assurance Measurement and Analysis
Our research into measuring and analyzing software security assurance helps you to establish and measure justified confidence that software-reliant products are sufficiently secure to meet your operational needs.
Security Requirements Engineering Using the SQUARE Method
Software Assurance Methods in Support of Cyber Security
Information Security for Technical Staff
Information Security for Technical Staff – eLearning
Related Area of Work
The Secure Coding team works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors before software is deployed.