CERT is a non-profit program that was developed by the Carnegie Mellon University in their Software Engineering Institute. It focuses on the practices associated with online application security and vulnerability identification with the goal of helping to improve the security and resilience of modern computer networks, systems, and software – and the internet as a whole.
The program has analyzed thousands of different vulnerability reports across multiple applications to identify the areas in which the vast majority of vulnerabilities arise. They have determined that a small handful of errors in code development are to blame for those vulnerabilities. Their work then focuses on helping software development teams to adopt better working practices to take proactive action to avoid those errors.
Their ultimate objective is for software application developers to eliminate or vastly reduce vulnerable areas in their code prior to release. They have also developed a series of international standards for software development to support this work.
The CERT Program continues to conduct source code analysis in SCALe (Source Code Analysis Laboratory), which assesses how these standards are being adopted and their practical impact on the deployment of applications. As a result, it should offer a continuously improving model for implementation of techniques identified.
Developers interested in examining their approach can also access a range of tools and libraries that are designed to reduce flaws in coding that lead to vulnerabilities.
Finally, the program offers TSP-Secure, designed to enable developers to work in environments where security becomes a paramount part of the development process. This helps organizations meet the CMMI (the Capability Maturity Model Integration) standards.
To assist in cases that concern US national security, the Department of Homeland Security created the US-CERT, in cooperation with Carnegie Mellon University. While they are in cooperation with each other, CERT is a separate entity than the US-CERT.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.