The security landscape changed in August 2011 at the Black Hat Conference when the legendary hacker of the L0pht Peiter “Mudge” Zatko presented the new program Cyber Fast Track (CFT) (DARPA-PA-11-52) from DARPA (Defense Advanced Research Projects Agency of the United States Department of Defense) to finance R&D projects by hackers and SMEs. Detailed information about the program is available on DARPA CFT website (currently offline). DARPA CFT
The idea is simple, times have changed and hackers and small businesses are the ones who have ideas and agility to innovate but not the resources, and this is precisely what the program brings. Many countries should take note of this innovative idea that enhances creativity and R&D.
To facilitate the admission process a series of documents and guides was released. The idea was to streamline and simplify the process for people not accustomed to dealing with government bureaucracy. No doubt a great idea and a great help.
Besides being an unusual event for DARPA to finance hackers (I think that it was the only program of its kind in the world), more unusual was the fact that this program was open to any hacker and security boutique around the world!
Through the company I funded last year VULNEX, a startup specializing in cyber security located in Madrid, we decided to try our luck and created a proposal for R&D that we sent in August 2012 and five days later we received a call from the DARPA communicating that they had accepted our project, incredible.
The objective of the project was to improve security in the software development lifecycle. The project duration was five months analyzing the different compilers (Visual Studio, GCC and LLVM) and versions to determine security/mitigations measures offered, its effectiveness and how they affect the binaries produced.
With this in-depth analysis, the second and third phases of the project consisted in developing two technologies to help developers to produce secure software.
One of the technologies developed is BinSecSweeper, a powerful and easy-to-use tool to analyze binary security posture. The tool is open source, cross-platform and capable of analyzing different types of binaries and architectures. BinSecSweeper will be available on VULNEX website soon.
It is a pity that DARPA did close the CFT program last April 1, 2013, in which about 500 projects of more than 1500 received have benefited. The selected projects have been very interesting tools and are presented in top security conferences, I would recommended to do a web search to find many of these projects.
Certainly a disruptive idea that has been of great help for hackers and SMEs, and for us VULNEX, a Spanish startup, a pleasant experience to collaborate with DARPA and our technology presented at internal events 🙂
From here we will like to thank Mudge, DARPA and the staff of BITSystems (responsible for the CFT management), great folks!
Did you know about the DARPA CFT? What do you think?
— Simon Roses Femerling