DARPA (Defense Advanced Research Projects Agency) recently held a contest to explore the feasibility of automating the process of finding vulnerabilities on a group of target computers, and automatically fixing the vulnerabilities. Using a game format similar to “capture the flag,” on Aug. 5,at the Paris Las Vegas hotel, seven teams of programmers, hackers and researchers set a cybersecurity milestone.
According to Darpa “Our best data tell us that that hole will work for about a year before it’s discovered by defenders… You want computers to be able to defend themselves, and it’s going to change the balance of power between attackers and defenders.” according to DARPA program manager Mike Walker, on 60 Minutes.
What these teams accomplished was to demonstrate a way that one collection of computers could find and fix vulnerabilities in another group of computers without human intervention. The purpose of this exercise was to find a better way to shorten the time between the discovery of a vulnerability that could be exploited by cyber-criminals, and creating the necessary software patch to close the vulnerability.
The contest was successful, with a team from ForAllSecure won the two million dollar prize.