DARPA Leads Effort to Secure Software Vulnerability Reporting

DARPA Leads Effort to Secure Software Vulnerability Reporting
Defense Advanced Research Projects Agency

The Defense Advanced Research Projects Agency (DAPRA) is working on a computer science effort to address the security risks associated with reporting software vulnerabilities. 

DARPA said Thursday that its Securing Information for Encrypted Verification and Evaluation (SIEVE) program will use zero-knowledge proofs (ZKP) to better protect exchanges of vulnerability information.

ZKPs refer to problem statements that analysts may use to mathematically explain software matters. The SIEVE effort aims to produce computer science theory and corresponding software that would simplify cryptography and boost the effectiveness of ZKPs.

A Galois-led team demonstrated ZKP's use in communicating a memory-safety vulnerability found in the Game Boy Advance device. The team combined different protocols and program analyses to evaluate ZKP statements.

Trail of Bits leads a second team to model architecture-level vulnerabilities as ZKP-compatible Boolean circuits.

You may also be interested in...


QTS Further Expands its Connectivity Ecosystem with Telia Carrier, the World’s #1 Ranked Global Internet Backbone

QTS Realty Trust (NYSE: QTS), a leading provider of software-defined and mega scale data center solutions, today announced that Telia Carrier, owner and operator of the world's #1 ranked global Internet backbone, has deployed its full suite of connectivity services in QTS' Piscataway, NJ and Irving, TX mega data centers.