The SEI has released the CERT UEFI Parser, an open-source Python tool to parse firmware ROMs, UEFI firmware images, PE files, installer packages, and more - https://t.co/aO7hg2v5XF, https://t.co/eVIS59qxJN

A New #CERT #Vulnerability Note: Fluent Bit contains five vulnerabilities, including stack buffer overflow, authentication bypass, and path traversa - https://t.co/YGoZJCbisI

A New #CERT #Vulnerability Note: Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications - https://t.co/Jk1WpUnNs7

Our latest post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning - https://t.co/wIM3StXCvt

A New #CERT #Vulnerability Note: Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities - https://t.co/DRo8sArmj4

Congratulations to SEI CERT Division director Greg Touhill for being inducted into the Air Force Command, Control, Communications and Computers Hall of Fame - https://t.co/HA4h2UnI3n

Our latest podcast explores the AI Robustness (AIR) tool, which allows users to gauge #AI and #ML classifier performance with data-based confidence -

SEI researchers discuss their work on System Theoretic Process Analysis, or #STPA, a hazard-analysis technique uniquely suitable for dealing with complexity when assuring #AI systems - https://t.co/R0UNh4yVfx

A New #CERT #Vulnerability Note: Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation - https://t.co/FQixhoh0LK

A New #CERT #Vulnerability Note: Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function - https://t.co/ieZbGh4zFU

A New #CERT #Vulnerability Note: Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution https://t.co/FOmJZqsGug

A recent report suggests that despite investments of $30 billion to $40 billion into #GenerativeAI, 95 percent of organizations are realizing zero returns. What methods can they use to measure and improve adoption for long-term success? -

Secure Software by Design 2025 presentations are now available. SEI security researchers and industry software practitioners gathered in August to share ways to address, prevent, or eliminate security weaknesses earlier in the #SDLC - https://t.co/9N48j8I8Sa

The Department of War is undergoing a significant transformation in how it acquires and develops #software systems. As this post details, central to this evolution is the shift from traditional document-based processes to model-centric methodologies - https://t.co/ewFwLEgnn0

What Could Possibly Go Wrong? Safety Analysis for #AI Systems. Our final installment for #CybersecurityAwarenessMonth is a podcast from a #CERT #DataScience team on System Theoretic Process Analysis #STPA -

ICYMI for #Cybersecurity Awareness Month: Joe McIlvenny reviews common #radiofrequency attacks and investigates how software and cybersecurity play key roles in these exploitations - https://t.co/1W4r9Atzgo

Our latest post explores an approach to designing services using model-based systems engineering (#MBSE) with OMG’s Unified Architecture Framework (#UAF) - https://t.co/aiQWApZFS3

A New #CERT #Vulnerability Note: Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation - https://t.co/fgZSH4iFxX

#Zerotrust cybersecurity applies most directly to enterprise IT, but the Air Force and other services must begin adopting ZT for their weapon systems. An SEI study analyzed the applicability and tradeoffs of security and ZT principles in weapon systems - https://t.co/GugceXoFXJ

No matter what #SBOM tool you use, output should be consistent. In our latest podcast, Dr. Jessie Jamieson, a #cyber risk engineer, discusses how to achieve more accuracy in SBOMs and present and future SEI research on this front #CyberAwareness -