Glossary

CERT

CERT is a non-profit program that was developed by the Carnegie Mellon University in their Software Engineering Institute. It focuses on the practices associated with online application security and vulnerability identification with the goal of helping to improve the security and resilience of modern computer networks, systems, and software – and the internet as a whole.

The program has analyzed thousands of different vulnerability reports across multiple applications to identify the areas in which the vast majority of vulnerabilities arise. They have determined that a small handful of errors in code development are to blame for those vulnerabilities. Their work then focuses on helping software development teams to adopt better working practices to take proactive action to avoid those errors.

Their ultimate objective is for software application developers to eliminate or vastly reduce vulnerable areas in their code prior to release. They have also developed a series of international standards for software development to support this work.

The CERT Program continues to conduct source code analysis in SCALe (Source Code Analysis Laboratory), which assesses how these standards are being adopted and their practical impact on the deployment of applications. As a result, it should offer a continuously improving model for implementation of techniques identified.

Developers interested in examining their approach can also access a range of tools and libraries that are designed to reduce flaws in coding that lead to vulnerabilities.

Finally, the program offers TSP-Secure, designed to enable developers to work in environments where security becomes a paramount part of the development process. This helps organizations  meet the CMMI (the Capability Maturity Model Integration) standards.

To assist in cases that concern US national security, the Department of Homeland Security created the US-CERT, in cooperation with Carnegie Mellon University. While they are in cooperation with each other, CERT is a separate entity than the US-CERT.