Software Engineering Institute

The goal of the FY14 Vulnerability Discovery project was to reduce the number of vulnerabilities in critical DoD and U.S. government (USG) systems by advancing and transitioning novel research in vulnerability discovery to high-impact DoD and U.S. government stakeholders.

This project is focused on advancing the state of the art in research and the state of practice of stakeholder operations in two categories of DoD-critical system security: (1) sound vulnerability discovery in traditional computing platforms and (2) vulnerability discovery in low-power, low bandwidth networked systems.

This project seeks to mitigate these weaknesses by (1) advancing and facilitating the adoption of an automated process for sound vulnerability discovery and prioritization for traditional computing platforms (2) developing and transitioning vulnerability discovery techniques for networked control systems. Adoption of the proposed techniques into the DoD software acquisition and support processes will result in software applications that are hardened—and more secure—before and after they are deployed into the DoD infrastructure.