It’s a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack.
Mike Walker, DARPA program manager, said that the challenge was to start a “revolution for information security” and said that today’s detection software left much room for improvement.
“Today, our time to patch a newly discovered security flaw is measured in days,” he said in a statement. “Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second.”
Teams have until January 14, 2014, to put themselves forward, then they’ll be expected to come up with tech that can scrutinize and patch a system without any human intervention. Up to $750,000 in funding will be available to teams that have plausible designs for fixing security holes in a basket of commercially available software; early trials will take place this December to weed out weaker applicants.