SoylentNews is people
SoylentNews
“Our mission is to change what’s possible so we can take huge strides forward in our national security capabilities,” said Arati Prabhakar at the post-contest press conference. “We did it today and it was a very satisfying experience.”
Each team was equipped with a server containing 128 Intel Xeon processors running at 2.5 GhZ and boasting over a thousand processing cores, 16TB of RAM and a liquid cooling system that required 250 gallons of water per minute to cool the big iron. They were let loose on a custom-designed operating system and instructed to find flaws, patch them automatically, and provide proof of concepts for flaws in each other's systems.
At the same time seven other similar system were used by the judges to monitor the progress of the event as the systems ran 96 rounds lasting 270 seconds, with 30 second breaks in between rounds. At stake was US$3.75m in government greenbacks.
The competition, which has taken three years and $55m to set up, is designed to automate the whole process of bug hunting.
Mike Walker, the DARPA program manager overseeing the Cyber Grand Challenge, said that this was the first stage in a possibly decade-long process to automate security monitoring and make networks more resilient.
“We have redefined what is possible and we did it in the course of hours with autonomous systems that we challenged the world to build,” he said. “I want people to understand how difficult it is to build prototype revolutionary technology and field it in front of the eyes of the world. I have enormous respect for those folks.”
A DARPA representative told The Reg that at this stage the winning team, with 270,042 points, was the ForAllSecure team, founded by the Carnegie Mellon University professor of electrical and computer engineering David Brumley. Results aren't final, but if confirmed his team will scoop the $2m top prize.
(Score: 2) by Scruffy Beard 2 on Saturday August 06 2016, @07:30AM
If bug-finding is automated, there will be no excuse for bugs^wback doors in production code.
(Score: 2, Interesting) by Anonymous Coward on Saturday August 06 2016, @08:24AM
Backdoors will be ignored by automated bug-finding, rockstar coders will learn to code all their bugs to pass inspection, and nothing will fucking change.
(Score: 3, Insightful) by maxwell demon on Saturday August 06 2016, @10:49AM
Security problem detected: NSA backdoor missing.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hyperturtle on Saturday August 06 2016, @05:10PM
I dunno, it sounds to me the perfect hardware to find, exploit, and prevent appropriate closure of holes by providing a trojan horse in the guise of patching, automatically, has been developed for use by the government.
We will still need security researchers in the private sector, because this tool doesn't seem as if it is intended to help them.
Security-in-depth may become a thing again (remember that buzzword? It just meant no one could do any of it properly and the results were insecure across a number of weak links because of that)... just to keep the spooks, crooks, and marketing robots busy...
(Score: 2) by Hairyfeet on Saturday August 06 2016, @07:54PM
More likely they'll only report a few hard to exploit bugs publicly (to insure funding) while giving all the easy to exploit bugs to the NSA and Homeland for use against US citizens.
Remember the days when it was the Russians and Chinese you had to worry about trying to get into your data? Those were the days...
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.