It’s no secret that developers and cyberspace defenders must accurately understand risks within software and hardware to maintain a robust security posture. Today, sophisticated cyberattacks link multiple vulnerabilities to bypass security measures and compromise critical, high-value devices. Yet, often critical vulnerabilities go unfixed as resources are allocated to less significant issues.
That is because today’s metrics fail to capture numerous nuanced factors that differentiate a harmless software flaw from a potent vulnerability. Without accurate methods to measure the exploitability of a particular vulnerability, developers and defenders must rely on empirical evidence to assess its severity and prioritize it for remediation. Such evidence requires time and costly resources and is often insufficient or incomplete, especially for vulnerabilities within complex systems.
DARPA’s Intelligent Generation of Tools for Security (INGOTS) program aims to identify and fix high-severity, chainable vulnerabilities before attackers can exploit them. INGOTS will pioneer new techniques driven by program analysis and artificial intelligence to measure vulnerabilities within modern, complex systems, such as web browsers and mobile operating systems.