DARPA News September 22, 2021 The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program seeks to give developers a way to explore novel theories and approaches and develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC). The program aims to create mitigation approaches that go well beyond patching. It will also focus on validating the generated approaches by applying broad theories and generic tools to concrete technological use cases of general-purpose integrated software systems…read more. More information on the program
Tag Archives: Software security
Why adding bugs to software can make it safer
MIT Technology Review August 17, 2018 Researchers at New York University introduced a new defensive technique called chaff bugs. Rather than eliminating bugs, they add large numbers of bugs that are provably (but not obviously) non-exploitable. Attackers who attempt to find and exploit bugs in software will, with high probability, find an intentionally placed non-exploitable bug and waste precious resources in trying to build a working exploit. They developed two strategies for ensuring non-exploitability and use them to automatically add thousands of non-exploitable bugs to real-world software such as nginx and libFLAC; they showed that the functionality of the software […]