There's no way around the fact that scanning millions of lines of software code for vulnerabilities is a chore. But now DARPA is keen to get volunteers helping out — by turning it into a game.
DARPA's new Crowd Sourced Formal Verification initiative uses volunteers to help it find code vulnerabilities. Its five free games can be played online — or in Xylem's case on iPad. Computer World explains how the games work:
The games are designed in such a way that when users solve puzzles in order to advance to the next level of game play, they are actually generating program annotations and mathematical proofs that can identify or prove the absence of flaws in software written in either C or Java. DARPA funded the games and the portal through its Crowd Sourced Formal Verification (CSFV) program...
The idea is to map what in essence are really hard maths problems onto puzzle games that would be fun to play, according to DARPA materials.
In turn, it should ease some of the workload on DARPA analysts — by "an order of magnitude or more" if their claims are to be believed. The results from the games allow DARPA researchers to focus on "those small snippets of code that need further analysis and turn them into the parameters to generate a puzzle," according to John Murray, who's been involved in the project.