The guide is the first release in the Software Acquisition Go Bag series of resources for defense software programs seeking to advance acquisition practices.

Benitez Preciado, M., 2023: Software Isolation: Why It Matters to Software Evolution and Why Everybody Puts It Off. Carnegie Mellon University, Software Engineering ...

Our code translation workflow augments LLMs to translate Ada to C++ incrementally, reducing errors and accelerating large-scale legacy system modernization. Legacy systems written in obsolete ...

CERT Insider Threat Center, T., 2015: Handling Threats from Disgruntled Employees. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Shevchenko, N., 2020: An Introduction to Model-Based Systems Engineering (MBSE). Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Spring, J., 2022: Probably Don’t Rely on EPSS Yet. Carnegie Mellon University, Software Engineering Institute's Insights (blog), Accessed December 23, 2025, https ...

Bernaciak, C., and Ross, D., 2022: How Easy Is It to Make and Detect a Deepfake?. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...

Schmidt, D., and Robert, J., 2024: Applying Large Language Models to DoD Software Acquisition: An Initial Experiment. Carnegie Mellon University, Software Engineering ...

Scanlon, T., 2018: 10 Types of Application Security Testing Tools: When and How to Use Them. Carnegie Mellon University, Software Engineering Institute's Insights ...

CERT/CC advisories are now part of the US-CERT National Cyber Awareness System. We provide these advisories, published by year, for historical purposes.

This collection contains resources about the Architecture Tradeoff Analysis Method (ATAM), a method for evaluating software architectures against quality attribute goals. The Architecture Tradeoff ...

Dormann, W., 2016: Windows 10 Cannot Protect Insecure Applications Like EMET Can. Carnegie Mellon University, Software Engineering Institute's Insights (blog ...