Blog: DARPA Seeks Security Expertise From a Nontraditional Source: the Hacker Community

DARPA Seeks Security Expertise From a Nontraditional Source: the Hacker Community
NextGov.com (02/04/11) Dawn Lim

The U.S. Defense Advanced Research Projects Agency (DARPA) recently launched the Cyber Fast Track program, which will reward security research done quickly and inexpensively, criteria designed to attract nontraditional developers such as hobbyists, startups, and hackers. "Since the early '80s there has been some contingent of cyber researchers and hobbyists operating in low-budget settings," says DARPA's Peiter Zatko. He says limited resources force these groups to be extremely creative. DARPA also wants to apply the Cyber Fast Track process to other areas of defense. Zatko says the agency is looking toward unconventional solutions to cybersecurity problems because the current strategy of layering costly defensive security applications onto large IT infrastructures isn't sustainable. DARPA found that defensive applications contained about 10 million lines of code, while 9,000 samples of malware used only 125 lines of code. Although it is counterintuitive, more lines of code makes a system more vulnerable to attacks. An IBM metric suggests that for every 1,000 lines of code, there could be as many as five bugs introduced to the system. "You're spending all this effort layering on all this extra security, and it turns out that's introducing more vulnerabilities," Zatko says.

View Full Article