DARPA Makes Finding Software Flaws Fun

alphadogg writes "The U.S. Department of Defense may have found a new way to scan millions of lines of software code for vulnerabilities: by turning the practice into a set of video games and puzzles and having volunteers do the work. Having gamers identify potentially problematic chunks of code could help lower the work load of trained vulnerability analysts by 'an order of magnitude or more,' said John Murray, a program director in SRI International's computer science laboratory who helped create one of the games, called Xylem. DARPA has set up a site, called Verigames, that offers five free games that can be played online or, in Xylem's case, on an Apple iPad."

The real game is finding bugs on their site...

Welcome null null ( Logout )

Greetings, Professor Falken

[MonkeyDancer]

I'm disappointed they do not have the game 'Global Thermonuclear War'.

Re: Greetings, Professor Falken

[davester666]

you have to find the user name on your own, but the password is '00000000'

It's decent

[eyenot]

These puzzles are definitely interesting. I had a chance to get on and play the preliminaries of the pipe game about two hours ago from a college terminal. I get home to continue my "work" and the site is 505'd. I'm guessing it may have been simply slashdotted. If that's the case, then I've lost a bit of confidence in the project.

It sort of reminds me of that scene in "Sneakers" when the guys roll by to get the box back from the "NSA", and the building is being torn down. Which raises the question, if I can imagine using a site to quickly test a population sample's IQ and then to run like heck with the results, then is there a feasible reason to do so?