DARPA Makes Finding Software Flaws Fun

alphadogg writes "The U.S. Department of Defense may have found a new way to scan millions of lines of software code for vulnerabilities: by turning the practice into a set of video games and puzzles and having volunteers do the work. Having gamers identify potentially problematic chunks of code could help lower the work load of trained vulnerability analysts by 'an order of magnitude or more,' said John Murray, a program director in SRI International's computer science laboratory who helped create one of the games, called Xylem. DARPA has set up a site, called Verigames, that offers five free games that can be played online or, in Xylem's case, on an Apple iPad."

Re:Breaking: DARPA under DDOS attack

1.4.1? As in, still vulnerable to CVE-2013-4547? Now that's ironic.

Seriously, this whole thing stinks. Think about it for a moment. What is this programme FOR?

That's right. Now, why would we work for free for the internet's greatest enemy, the Nation State Adversary? We don't just want to find software flaws, we want to FIX them. They want to find them so they can not fix them, but instead keep them secret and try to turn them into weapons, leaving everybody vulnerable.

They're black-hats. So I'm sorry, but fuck DARPA and the horse they rode in on. Yes, I know their legacy, and history, and that the internet would not even have existed were it not for them - but this is the poison the NSA's actions has left behind; this is the trust they have burned; the integrity they might never reclaim. The NSA have by their past and continued actions and intent profoundly and almost irrevocably damaged the national security and economic interests of the United States of America. So don't start waving this shit around like it's a fun little videogame when you're helping them fuzz for bugs they're going to use to spy on everyone. I'm insulted.