DARPA sees automated tools helping streamline software certification

Jun 6, 2024 Uncategorized

The Defense Advanced Research Projects Agency is working to push tools it’s developing to automatically prove that software is secure out to the commercial sector and help companies overcome the cumbersome Pentagon verification process, according to Benjamin Bishop, deputy director of transition in the agency’s Adaptive Capabilities Office,

“One of the things that we hear from the warfighter is we’ll have a technology solution that is available, but getting it through that process to have the authority to operate and be able to get it through the approval process is very laborious,” Bishop said Wednesday said at the annual C4ISRNet conference. “I will add, for good reason, because in the past these DOD steps have shown improvement to generate a higher quality solution.”

While humans doing math can prove software works as it’s designed, there are tools that can look at file metadata, which contains proof that the software is secure, and automatically verify its safety, he explained at the virtual event.

DARPA’s program Automated Rapid Certification of Software, or ARCOS, is working on developing that capability, Bishop said. The goal of the program is to automate the evaluation of software assurance evidence to enable certifiers to determine rapidly that system risk is acceptable, according to the agency.

The capability is viable, he added, but “what I’m really interested in is not just that it’s technically viable, but we can we do it in a way that can be adopted across the DOD ecosystem?”

In order to do so, the DOD will need to provide incentive for commercial partners to use it, Bishop noted.

“We have seen big tech or large tech companies are embracing some of these tools and they’re moving out with it because they see the value in these methods,” according to Bishop.

Another element in developing such a capability is ensuring its user friendliness. “Are there ways that we can get these tools, not only to be able to be acceptable by the certifying organizations but can they be used by people that don’t have PhDs,” Bishop said, “to be able to navigate these tools.”

Leave a Reply

Your email address will not be published. Required fields are marked *