CSIS pioneered the field of Topological Vulnerability Analysis (TVA) attack graph technology, with several publications. Over the last 7 years, CSIS has conducted R&D in TVA technology under various government agencies, with average funding of over $1 million per year. This TVA technology development has culminated in the tool CAULDRON (Combinatorial Analysis Utilizing Logical Dependencies Residing On Networks). CAULDRON has been independently evaluated in a variety of settings, including red team/blue team exercises, support for penetration testing, and as a tool for security risk assessment and network administration. CAULDRON delivers the efficient construction, analysis, and graphical depiction of attack paths through enterprise networks.
CSIS has filed for 5 U.S. patents in TVA/CAULDRON technology. CAULDRON has been licensed to a security firm for commercialization. CAULDRON is currently being used at several government organizations.