For any given software vulnerability, the lengthy time window from initial bug report to widespread patch deployment puts cyber security analysts at a significant disadvantage. The slow and reactive nature of this defensive process has created a status quo of ubiquitous software insecurity that favors attackers over defenders.
The DARPA Cyber Grand Challenge (CGC) is a tournament for fully automated network defense. Similar to computer security competitions currently played by expert software analysts, the CGC intends to allow groundbreaking prototype systems to compete for the first time in a “league of their own.” During the competition, automatic systems would reason about software flaws, formulate patches and deploy them on a network in real time. The CGC would unite program analysis experts with the computer security competition community to bring automation research out of the lab and into the field. By acting at machine speed and scale, these technologies may someday overturn today’s attacker-dominated status quo.
To learn more about how to participate in the Cyber Grand Challenge, please see the Rules document linked on this site. Parties interested in collaboration or teaming should register for the teaming forums. To submit a proposal to DARPA to participate as a funded CGC team, please see DARPA-BAA-14-05, linked from this site.