1. Home
  2. News
  3. Ushering In The New Era of Cyber Resilience

Ushering in the new era of cyber resilience

Resilient Software Systems Colloquium convenes 300+ leaders from government, Defense Department, academia, and industry to kickstart a new market for formal methods
 

Group photo at DARPA’s Resilient Software Systems Colloquium on June 17, 2025.

From left, DARPA I2O Deputy Director Matt Turek, Special Assistant to the President & National Security Council Senior Director for Cyber Alexei Bulazel, DARPA Deputy Director Rob McHenry, DARPA I2O Director Kathleen Fisher, Defense Information Systems Agency J-2 Intelligence Directorate Director Colonel Richard Leach, Google Threat Intelligence Group Chief Analyst John Hultquist, and Amazon Web Services Senior Principal Scientist and University of Maryland Professor Emeritus Michael Hicks stand for a group photo at the Colloquium, representing the keynotes and moderators in the event program. Source: DARPA
 

Jun 26, 2025

A replay of DARPA’s Resilient Software Systems Colloquium, held June 17, 2025 in Arlington, Va., is now available on the agency’s YouTube page.

The event convened over 300 participants from across the Department of Defense (DOD), defense industry, U.S. government, allies, academia, and formal methods developers. It marked a pivotal moment in advancing DARPA’s goal to catalyze widespread adoption of formal methods, mathematically rigorous techniques that can dramatically improve the security and reliability of software systems.

View the full Resilient Software Systems Colloquium YouTube playlist by clicking the icon in the top right corner of this video.

“At DARPA, we swing for the fences, demanding high-risk / high-payoff research with the goal of providing pivotal offsets that change the national security landscape in our favor,” said DARPA Deputy Director Rob McHenry. “There are a lot of awesome bets in our portfolio, but I believe that the Resilient Software Systems initiative is most likely to be DARPA’s impact of the decade.”

Over the last decade, DARPA’s Information Innovation Office (I2O), which hosted the colloquium, developed scalable tools based on formal methods to secure and prove the absence of exploitable vulnerabilities. I2O Director Kathleen Fisher announced the Resilient Software Systems Accelerator at the event. 

The Accelerator will provide seed funding to defense industrial base companies to partner with formal methods tool developers to apply formal methods tools and measure those tools’ impact and the level of effort to integrate them.

“We are not asking people to adopt bleeding edge technology,” said Fisher. “We're asking people to adopt tried-and-true technology that is ready for widespread adoption.”

Speakers at the colloquium included a variety of perspectives from organizations using formal methods today, such as Amazon Web Services, Sandia National Laboratories, and the U.S. Air Force, as well as demonstrations from formal methods developers in hopes of attracting new users from the defense industry. 

“Our goal is to flip a bit in every one of your minds,” said McHenry. “It simply is no longer OK to accept the risk of cyber-vulnerabilities. We know how to do better. We all must do better. Today is the last day of the cyber-vulnerability era.”

What Are Formal Methods?

Formal methods are a set of mathematical techniques used to specify, develop, and verify software and hardware systems—ensuring code behaves exactly as intended. Unlike traditional testing, which evaluates software after it's written, formal methods verify software during design and development. The result: software that does what it’s supposed to and nothing it’s not – making it inherently more secure.

“Every line of code is a potential target,” said Fisher. “Formal methods help ensure software can’t go wrong in the first place.”

A Clear and Urgent Need

Software controls every mission-critical defense capability—from autonomous drones and cybersecurity systems to logistics, medical platforms, and infrastructure. Yet as the software attack surface grows, so do opportunities for adversaries to exploit flaws. The vast majority of software vulnerabilities can be traced to coding errors—particularly in components like parsers, which account for nearly 80% of vulnerabilities in the MITRE Common Vulnerabilities and Exposures (CVE) database.

DARPA’s Resilient Software Systems portfolio, including SafeDocs and Assured Micropatching, has produced tools that automatically generate secure parsers and integrate formal methods into widely used development environments. These tools are already in use by organizations like NASA’s Jet Propulsion Laboratory and the National Archives, with proven impact in reducing cyber risks.

A Blueprint for the Future

Through the Resilient Software Systems Capstone program, DARPA is partnering with each of the military services and NASA to pilot formal methods on operational platforms. The U.S. Air Force, in collaboration with General Atomics-Aeronautical Systems, Inc. (GA-ASI), is the first to adopt this approach with the MQ-9 Reaper program. These projects aim to prove not just technical impact, but also improvements in cost, development time, and ease of integration.

DARPA is also working with the DoD to develop a transition framework that will help defense agencies and industry partners scale high-assurance practices across the enterprise—regardless of whether tools were developed by DARPA.


Call to Action

DARPA encourages defense stakeholders, technology leaders, and policymakers to:

  • Learn more about formal methods at darpa.mil/formal-methods
  • Watch the Colloquium replays via the DARPA YouTube playlist
  • Stay informed: DARPA encourages partnerships to support the adoption of formal methods. Consider subscribing to the DARPA Information Innovation Office’s newsletter to receive updates on the Resilient Software Systems Accelerator and other office news. | Sign up

###

Media with inquiries should contact DARPA Public Affairs.

Office
Information Innovation Office
Related content

Contact