Forgot your password?
Bug Software Games

DARPA Makes Finding Software Flaws Fun 46

Posted by Soulskill
from the zynga-racing-to-copy dept.
alphadogg writes "The U.S. Department of Defense may have found a new way to scan millions of lines of software code for vulnerabilities: by turning the practice into a set of video games and puzzles and having volunteers do the work. Having gamers identify potentially problematic chunks of code could help lower the work load of trained vulnerability analysts by 'an order of magnitude or more,' said John Murray, a program director in SRI International's computer science laboratory who helped create one of the games, called Xylem. DARPA has set up a site, called Verigames, that offers five free games that can be played online or, in Xylem's case, on an Apple iPad."
This discussion has been archived. No new comments can be posted.

DARPA Makes Finding Software Flaws Fun

Comments Filter:
  • by tlambert (566799) on Saturday December 07, 2013 @04:39PM (#45628559)

    Finding bugs is ALWAYS fun!

    What's even more fun is that Tesla Roadster you were able to buy by selling the bugs you find to intelligence agencies, rather than reporting them to the vendor and being sued under the DMCA for reverse engineering their product.

  • by Anonymous Coward on Saturday December 07, 2013 @05:22PM (#45628817)

    Are you kidding me? Nginx is the second most used web-server. You might see more nginx errors because it's used more than practically everything else.

    Nginx outperforms pretty much all other servers. As usual the errors are a result of poor admin skills.

  • by J Story (30227) on Saturday December 07, 2013 @07:53PM (#45629569) Homepage

    If you've tried playing any of those "games" then you'd know they are not fun at all. Just a big fail.

    I agree that the one "game" I played didn't keep me enthralled once the novelty wore off, but it seems to me that there is the *seed* of something that could be fun, for given definitions of "fun". For example, suppose that these games were games-within-a-game, which one could play to win points or "gold" to use in the larger game. Consider it a form of grinding.

  • by Lewisham (239493) on Saturday December 07, 2013 @09:47PM (#45630145)

    DARPA funded the project, and DARPA fund lots of projects. I think a debate about whether DARPA is good or bad is pretty out-of-scope for this particular work: we made a game that might show how software verification could be crowdsourced.

    The games do try to be fun, that's why none of them are "look at this loop and write an invariant". Xylem dresses up the problem statement as logic puzzles that surround the growth of exotic plants. I don't have an iPad to play the final version of Xylem on, but we tried hard to come up with a compelling game.

    I don't believe the expected player base really cares about whether the project was funded by DARPA or not. I understand if you don't, but I think you would also have to stop using the Internet if you have such an issue with DARPA funded projects :)