Michael Peck
October 20, 2015
How good can cyber defenses be if there is no good way to test them? The Pentagon lacks tools to do this, according to DARPA, which is why the agency is looking for evaluation tools.
The first phase will involve a feasibility study "to determine innovative cyber techniques and mechanisms that are capable of automatically generating and injecting realistic vulnerabilities to real-world applications written in C or C++. Design, prototype, and evaluate a concept system for automatic generation and insertion of vulnerability test cases using a single vulnerability class (e.g., integer overflows) and support a small set of vulnerability hiding techniques (e.g., masquerade as incomplete integer overflow)."
Phase II will increase the number of vulnerability classes supported and develop additional hiding techniques.
No comments:
Post a Comment