Home News The US military wants to understand the most important software on Earth

The US military wants to understand the most important software on Earth


But experts like Aitel argue that while the open source movement has spawned a vast ecosystem that we all depend on, we don’t fully understand it. With countless software projects, millions of lines of code, countless mailing lists and forums, and a sea of ​​contributors whose identities and motivations are often ambiguous, it’s hard to hold them accountable.

That could be dangerous. For example, hackers have quietly inserted malicious code into open source projects several times in recent years. Backdoors can evade detection for long periods of time, and at worst, entire projects have been handed over to bad actors who exploit people’s trust in the open source community and code. At times, the social networks these projects rely on are disrupted or even taken over. Tracking all this is mostly (though not entirely) manual work, which means it doesn’t match the astronomical scale of the problem.

Bratus believes that we need machine learning to digest and understand the ever-expanding universe of code — which means useful tricks like automatic vulnerability discovery — and the tools to understand the communities that write, fix, implement, and influence code.

The ultimate goal is to detect and counteract any malicious activity to submit flawed code, initiate impact actions, disrupt development, or even take control of open source projects.

To do this, researchers will use tools such as sentiment analysis to analyze social interactions within open source communities, such as the Linux kernel mailing lists, which will help determine who is positive or constructive and who is negative and destructive.

Researchers want to gain insight into which events and behaviors disrupt or harm open source communities, which members are trustworthy, and whether there are specific groups that need to be extra vigilant. These answers are necessarily subjective. But there is almost no way to find them now.

Experts worry that blind spots in people running open-source software could ripen the entire edifice for potential manipulation and attack. For Bratus, the main threat is the prospect of “untrusted code” running America’s critical infrastructure — a situation that could lead to unwelcome surprises.

unanswered question

Here’s how the SocialCyber ​​program works. DARPA has contracted several so-called “performer” teams, including small boutique cybersecurity research institutions with deep technical expertise.

Source link

Previous articleMeet the Lobbyist Next Door
Next articleI Was So Scared At First: Sargun Mehta Expresses Upon Her Bollywood Debut Alongside Akshay Kumar: Read


Please enter your comment!
Please enter your name here