This technical report proposes a formal semantics for EMV2 and shows how to leverage this semantics to generate fault trees from an AADL model enriched with EMV2 information.

CERT Division at Carnegie Mellon University's Software Engineering Institute. He has supported national security efforts for over 10 years in civilian, military, and contractor roles. Before joining ...

Speakers at a September 4 event reflected on four decades of innovation in software, cybersecurity, and AI for defense—and what’s to come.

Software is vital to our country’s global competitiveness, innovation, and national security. It also ensures our modern standard of living and enables continued advances in defense, infrastructure, ...

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Sarvepalli, V., 2023: UEFI: 5 Recommendations for Securing and Restoring Trust. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Spring, J., 2022: Probably Don’t Rely on EPSS Yet. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 10, 2025, https ...

McGregor, J., and Cohen, S., 2022: Modeling Languages for Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's ...

Groce, P., 2021: Remote Work: Vulnerabilities and Threats to the Enterprise. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed ...

Shevchenko, N., 2018: Threat Modeling: 12 Available Methods. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed September 9, 2025 ...

PSP: A Self-Improvement Process for Software Engineers presents a disciplined process for software engineers and anyone else involved in software development. Most software-development groups have ...

The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic ...