Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Calling all independent security researchers: The government wants to fund your work.
As part of a new initiative, called Cyber Fast Track, described Thursday at the Black Hat conference in Las Vegas, the U.S. Defense Department will fund small hacker groups and independent researchers in the development of cutting-edge solutions that can be created in short intervals for a low cost.
The program is the brainchild of Peiter Zatko, a respected hacker known as “Mudge,” who last February took on the role of program manager at the Defense Advanced Research Projects Agency (DARPA), the Defense Department's central research organization.
“Small groups of motivated and like-minded researchers have repeatedly shown talent and capability,” Zatko said in his keynote speech. “I want the people out there doing the cool research work.”
The program aims to make it easier for independent researchers to obtain government funding for cybersecurity projects, he said. Historically, federal security funding has been awarded to large contractors that often have whole teams dedicated to crafting proposals. Under the current system, it is difficult for an independent researcher to be awarded funding due to the time and cost of the application process alone.
“Welcome to the new DARPA,” Zatko said.
The program, in development for the past eight months, will fund between 20 and 100 projects each year, addressing a range of cybersecurity issues, Zatko said. Those who are chosen to participate can retain their own intellectual property.
While security solutions are growing larger and more complicated than ever, most malware today is still small and efficient, Zatko said. A typical unified threat management solution, for example, is made up of 10 million lines of code, while the average piece of malware contains just 125.
With millions of lines of code, today's security solutions may actually be introducing more vulnerabilities, Zatko said. Moreover, adding layers of security on top of each other is further increasing the attack surface. Security researchers must now consider the “unintended consequences” of current defense efforts, he added.
Zatko's talk was well received by those in attendance.
“Most inspiring talk here,” Scott Crawford, research director at consultancy Enterprise Management Associates, tweeted after the session. “[Cyber Fast Track] could take some of the asymmetry out of the security status quo.”
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.