DARPA makes games of finding software vulnerabilities

The U.S. Department of Defense may have found a new way to scan millions of lines of software code for vulnerabilities, by turning the practice into a set of video games and puzzles and having volunteers do the work.

Having gamers identify potentially problematic chunks of code could help lower the work load of trained vulnerability analysts by “an order of magnitude or more,” said John Murray, a program director in SRI International’s computer science laboratory who helped create one of the games, called Xylem.

DARPA (the Defense Advanced Research Projects Agency) has set up a site, called Verigames, that offers five free games that can be played online or, in Xylem’s case, on an Apple iPad.

Verigames is set up in a manner similar to other online crowd-sourcing projects, such as SETI@homel, which has users’ computers scan for extraterrestrial signals, and Fold.it, which invites participants to play online puzzles for protein folding.

Read more