According to the CERT® Program, part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University, “Organizations must practice strong computer security. CERT is also continuously researching various aspects of computer security that can benefit organizations.”
The primary goals of the CERT program are to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of attacks, accidents, or failures.
The SEI advances software engineering and related disciplines to ensure the development and operation of systems with predictable and improved cost, schedule, and quality. CERT, the home of the well-known CERT Coordination Center, studies security vulnerabilities, research long-term changes in networked systems, and develop information and training to help their clients improve security.
When designing malicious code, attackers often take advantage of vulnerabilities in software. In 2006 alone, the CERT Coordination Center received more than 8,000 reports of vulnerabilities. But many of these vulnerabilities are a result of software defects that could easily have been avoided. Through secure coding initiative, CERT is identifying common programming errors and developing secure coding standards to reduce the number of vulnerabilities introduced into software.
The field of survivable systems engineering explores the current state of systems to identify problems and propose engineering solutions. The work described below focuses on the development lifecycles for both new development and COTS-based systems. It includes analysis of how susceptible these systems are to sophisticated attacks and suggestions for improving the design of systems based on this analysis.
Note: Be certain to download a copy of their pdf-format, 68-page CERT Research 2005 Annual Report. Their URL can be found at the end of this article.
(The Annual Report describes current CERT Research projects in terms of problems addressed, research approaches, expected benefits, accomplishments, and plans. Each project is also summarized and links within project summaries lead to longer project descriptions.)
The current trend seems to indicate that people will continue to seek and purchase concomitant managed security services because they are the best forms of protection available. This level of professional grade technology coupled with a team of security experts available to help with any security problem will continue to grow as protection-sensitive consumer order these services for home and small business computers managed security services are the future of Internet security.
Click here to download the CERT Research 2005 Annual Report as a PDF file.
© MMIX, Etienne A. Gibbs, MSW, Internet Safety Advocate and Educator
The primary goals of the CERT program are to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of attacks, accidents, or failures.
The SEI advances software engineering and related disciplines to ensure the development and operation of systems with predictable and improved cost, schedule, and quality. CERT, the home of the well-known CERT Coordination Center, studies security vulnerabilities, research long-term changes in networked systems, and develop information and training to help their clients improve security.
When designing malicious code, attackers often take advantage of vulnerabilities in software. In 2006 alone, the CERT Coordination Center received more than 8,000 reports of vulnerabilities. But many of these vulnerabilities are a result of software defects that could easily have been avoided. Through secure coding initiative, CERT is identifying common programming errors and developing secure coding standards to reduce the number of vulnerabilities introduced into software.
The field of survivable systems engineering explores the current state of systems to identify problems and propose engineering solutions. The work described below focuses on the development lifecycles for both new development and COTS-based systems. It includes analysis of how susceptible these systems are to sophisticated attacks and suggestions for improving the design of systems based on this analysis.
Note: Be certain to download a copy of their pdf-format, 68-page CERT Research 2005 Annual Report. Their URL can be found at the end of this article.
(The Annual Report describes current CERT Research projects in terms of problems addressed, research approaches, expected benefits, accomplishments, and plans. Each project is also summarized and links within project summaries lead to longer project descriptions.)
The current trend seems to indicate that people will continue to seek and purchase concomitant managed security services because they are the best forms of protection available. This level of professional grade technology coupled with a team of security experts available to help with any security problem will continue to grow as protection-sensitive consumer order these services for home and small business computers managed security services are the future of Internet security.
Click here to download the CERT Research 2005 Annual Report as a PDF file.
© MMIX, Etienne A. Gibbs, MSW, Internet Safety Advocate and Educator
About the Author:
Etienne A. Gibbs, Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, hackers, and other pc-disabling cybercrimes. To obtain more information and receive a free evaluation, visit him at www.SayNotoHackersandSpyware.com.
No comments:
Post a Comment