Defense Advanced Research Projects Agency (DARPA) officials are espousing the benefits of its Intelligent Generation of Tools for Security (INGOTS) program, which they maintain would bolster cybersecurity efforts.
“In an attack paradigm where exploitability depends on the emergent behavior of vulnerability combination, risk depends on understanding the complex relationships between neighboring vulnerabilities,” DARPA Information Innovation Office INGOTS Program Manager Perri Adams said. “Rather than develop a fully automatic process, we want to create a computer-human pipeline that seamlessly allows human intervention in order to fix high-severity vulnerabilities before an attack.”
According to DARPA, developers and defenders are reliant on empirical evidence to assess its severity and prioritize it for remediation without accurate methods to measure the exploitability of a particular vulnerability.
The evidence requires time and costly resources and is often insufficient or incomplete, especially for vulnerabilities within complex systems.
INGOTS is a three-year program possessing two phases, with the initial phase focusing on exploring, designing, developing and demonstrating tools and techniques.
Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.
Both phases will include intermediate meetings, hackathons and demonstrations, per officials, culminating with an evaluation in collaboration with government partners.