Information Security News mailing list archives
DARPA's first bug bounty: Find vulnerabilities in hardware-based security
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 16 Jun 2020 05:53:06 +0000 (UTC)
https://gcn.com/articles/2020/06/15/darpa-ssith-bug-bounty.aspx By Susan Miller GCN.com June 15, 2020 The Defense Advanced Research Projects Agency is inviting security researchers to find vulnerabilities in its System Security Integration Through Hardware and Firmware systems. Launched in 2017, SSITH aims to secure electronic systems with hardware security architectures and tools that protect against common classes of hardware vulnerabilities regularly exploited through software. DARPA’s first bug bounty program, called the Finding Exploits to Thwart Tampering (FETT) program, will be held in partnership with the Department of Defense’s Defense Digital Service and Synack, a crowdsourcing security company. Participants will try to penetrate the SSITH hardware security schemes developed by researchers at SRI International, the University of Cambridge, the Massachusetts Institute of Technology, the University of Michigan and Lockheed Martin. Their approaches generally involve providing the hardware with more information about what the attacking software is trying to do so it can become an active participant in its own defense, DARPA officials said. The SSITH development teams are working with Galois, a computer science research and development company, to move the hardware instances systems to the cloud for the evaluations. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- DARPA's first bug bounty: Find vulnerabilities in hardware-based security InfoSec News (Jun 15)