Defcon is known for hosting a Capture the Flag contest each year in Las Vegas. The competition is designed like a game in order to test the capabilities of hackers, where two sides battle it out to determine a victor.
This year, DARPA has brought forth a challenge that asks each participant to develop and demonstrate a program that can teach computers how to play the game. The competition, known as DARPA’s Cyber Grand Challenge, will be testing entries from over 100 teams.
Each of the entries presents a different approach with respect to the way that the program would work. Such a program that can automatically find bugs in software hasn’t been created to date, as there’s no ideal way of going about it. Theoretically, there can be countless ways in which software can break, but teaching your program to determine the best method for a given situation is where things get tricky.
Michael Walker, who has helped design these games, originally pitched the idea of a computer-driven Capture the Flag challenge to DARPA back in 2013. Despite the difficult task at hand, he is expecting to have a long list of participating bug hunting programs ready by next Summer’s Defcon contest, where they will battle it out in Capture the Flag combat. The winner will receive a grand prize of $2 million, while the first and second runners-up will get $1 million and $750,000 respectively.
While building the perfect bug hunting program seems far from reality at this point, DARPA’s challenge is taking the first step towards what could potentially lead to a pivotal change for the security profession. Even if there never is a program that is capable of finding each and every vulnerability in a piece of software, it can still prove useful as a faster alternative to human researchers, with the potential to speed up the patch cycle and essentially change how software works.
