The MIT Technology Review writes in a long form article about how DARPA has rediscovered Free and Open Source Software [technologyreview.com], or at least the latter, and how it is now found everywhere across the board. As far as the Internet and the World Wide Web goes, its ubiquity has been a given since they were founded on it, but nowadays even at least 70% of closed source, proprietary products also contain lots of it. DARPA is worried about the kernel Linux in particular and the vetting process for adding code to the project specifically.
Now DARPA, the US military’s research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it’s too late.
DARPA’s “SocialCyber” program [darpa.mil] is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It’s different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.
“The open-source ecosystem is one of the grandest enterprises in human history,” says Sergey Bratus, the DARPA program manager behind the project.
“It’s now grown from enthusiasts to a global endeavor forming the basis of global infrastructure, of the internet itself, of critical industries and mission-critical systems pretty much everywhere,” he says. “The systems that run our industry, power grids, shipping, transportation.”
Recently, software appears to have been occupying a lot of attention over in Washington, DC. Unfortunately occasional lines in mainstream articles indicate that it is M$ and M$ lobbyists are steering the policy discussion there. It appears that they are spending an enormous amount of time in direct contact with politicians and policy makers, all the while log4j is still getting milked by them as a distraction from all the actively exploited vulnerabilities in their own products.