![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
- Joined
- Mar 3, 2018
- Messages
- 1,713
IEEE Spectrum reports that engineers from Carnegie Mellon University won a DARPA challenge to develop a machine that finds, and fixes, software exploits in bytecode all by itself. "Mayhem," as they call it, reportedly found over 14,000 unique vulnerabilities within the entire Debian Linux distribution within a one week period in 2014, though only 250 of them were "new". Later, in the DARPA challenge's 2016 finals, Mayhem competed against 6 other massive racks from competitors, edging out all the other systems even though it crashed close to the end of the competition. The report mentions that there were about 180 tons of water below the stage to keep all the systems cool, and that all the competing systems were airgapped, meaning they had to find and fix software vulnerabilities with no outside assistance.
ForAllSecure uploaded a video of their efforts awhile ago, which you can check out here.
Mike Walker, the DARPA program director, said that the event’s demonstration of autonomous cyberdefense was “just the beginning of a revolution” in software security. He compared the results to the initial flights of the Wright brothers, which didn’t go very far but pointed the way to transcontinental routes. Right now, ForAllSecure is selling the first versions of its new service to early adopters, including the U.S. government and companies in the high-tech and aerospace industries. At this stage, the service mostly indicates problems that human experts then go in and fix. For a good while to come, systems like Mayhem will work together with human security experts to make the world’s software safer. In the more distant future, we believe that machine intelligence will handle the job alone.
ForAllSecure uploaded a video of their efforts awhile ago, which you can check out here.
Mike Walker, the DARPA program director, said that the event’s demonstration of autonomous cyberdefense was “just the beginning of a revolution” in software security. He compared the results to the initial flights of the Wright brothers, which didn’t go very far but pointed the way to transcontinental routes. Right now, ForAllSecure is selling the first versions of its new service to early adopters, including the U.S. government and companies in the high-tech and aerospace industries. At this stage, the service mostly indicates problems that human experts then go in and fix. For a good while to come, systems like Mayhem will work together with human security experts to make the world’s software safer. In the more distant future, we believe that machine intelligence will handle the job alone.
