DARPA Turns Finding Software Vulnerabilities Into A Game

DARPA Is Turning Finding Software Vulnerabilities Into a Game

There's no way around the fact that scanning millions of lines of software code for vulnerabilities is a chore. But now DARPA is keen to get volunteers helping out -- by turning it into a game.

DARPA's new Crowd Sourced Formal Verification initiative uses volunteers to help it find code vulnerabilities. Its five free games can be played online -- or in Xylem's case on iPad. Computer World explains how the games work:

The games are designed in such a way that when users solve puzzles in order to advance to the next level of game play, they are actually generating program annotations and mathematical proofs that can identify or prove the absence of flaws in software written in either C or Java. DARPA funded the games and the portal through its Crowd Sourced Formal Verification (CSFV) program...

The idea is to map what in essence are really hard maths problems onto puzzle games that would be fun to play, according to DARPA materials.

In turn, it should ease some of the workload on DARPA analysts -- by "an order of magnitude or more" if their claims are to be believed. The results from the games allow DARPA researchers to focus on "those small snippets of code that need further analysis and turn them into the parameters to generate a puzzle," according to John Murray, who's been involved in the project.

So what are you waiting for? Go play games and help DARPA out at the same time. [Verigames via Computer World]


    Oh, so this is where the Advanced Power botnet came from! (It turned your browser into a site vulnerability scanner) In all seriousness though, this sounds like a Uni subject I had where we used discrete math to prove that code would work. An utterly fascinating subject, but not something you could afford to apply at a normal software development job.

Join the discussion!