Develop a technology that prevents the exploitation of vulnerabilities in software
Raytheon, a technology and innovation provider specialising in defense, homeland security and other government markets, has been selected as a subcontractor on a programme to foil attacks against software of uncertain origin.
Raytheon Integrated Defense Systems (IDS) engineers have joined a team led by GrammaTech to develop a technology that prevents the exploitation of vulnerabilities in software whose pedigree, or provenance in cyberparlance, is uncertain.
The contract is part of STONESOUP – Securely Taking On New Executable Software Of Uncertain Provenance – a programme of the Intelligence Advanced Research Projects Activity.
The team’s approach is to remove or mask vulnerabilities through automated analysis, repair, diversification, and visualisation of executable code.
Raytheon will perform its role of technology integration, test, evaluation, and transition at IDS’ Customer Integration Center in Arlington, Virginia.
Raytheon’s principal investigator Tom Bracewell said software developers often bundle software components from various sources, not knowing the vulnerabilities that these components bring with them.
"An attacker may know how to exploit these vulnerabilities. Our goal is to eliminate the supply chain risk by removing these vulnerabilities or rendering them harmless," Bracewell said.