DARPA (Defense Advanced Research Projects Agency) recently held a contest to explore the feasibility of automating the process of finding vulnerabilities on a group of target computers, and automatically fixing the vulnerabilities. Using a game format similar to “capture the flag,” on Aug. 5,at the Paris Las Vegas hotel, seven teams of programmers, hackers and researchers set a cybersecurity milestone.
According to Darpa “Our best data tell us that that hole will work for about a year before it’s discovered by defenders… You want computers to be able to defend themselves, and it’s going to change the balance of power between attackers and defenders.” according to DARPA program manager Mike Walker, on 60 Minutes.
What these teams accomplished was to demonstrate a way that one collection of computers could find and fix vulnerabilities in another group of computers without human intervention. The purpose of this exercise was to find a better way to shorten the time between the discovery of a vulnerability that could be exploited by cyber-criminals, and creating the necessary software patch to close the vulnerability.
The contest was successful, with a team from ForAllSecure won the two million dollar prize.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com