Ever more rarify cyber-attacks exploit software unsafe in the commercial off the shelf (COTS) IT systems and applications upon which military, government and commercial organizations trust.
The most stringent way to prevent from these attacks is formal verification; an analysis process helps to certify that software is free from exploitable faults and vulnerabilities. However for the formal methods it requires the trained engineers to manually scour software’s-a process is now too slow and costly to employ outside of the small software components.
Getting, quicker and the cost effective means to accomplish formal verification is a national security priority, So DARPA’s CSFV (Crowd sourced formal verification) has constructed and establish its verigames web portal (www.verigames.com) offering online formal verification games.
The CSFV games alter the players’ actions into program comments and gives mathematical proofs to assure the lack of important classes of errors in software written in the C and Java programming languages. CSFV motive is to investigate whether the non-experts will be able to play the formal verification games in a formal verification manner in a faster way and in the more cost effective way than conventional processes.
Drew Dean said that we took the really hard math problems and map it into the interesting and attractive puzzle games that online players will solve for joy, The DARPA managers’ By leveraging the player’s intelligence and creativity on a broader term, in which hope to reduce the security analysts to overcome in the formal verification.
CSFV has constructed the automatic procedure which permits the creation of new puzzles for each math issue the program pursues to analyze. If its reveal the harmful code, DARPA will implement the approve notification and modification procedures, by notifying the organization responsible for the affected software. Because CSFV authenticates open source software which government or any commercial department of defense may utilize, quick notification is required to correct the software instantly and modify the risk of security failures.