Hello, Guest!

Defense and Intelligence

DARPA Makes Hardware Vulnerability Disclosure Platform Open-Source

White hat hacking

DARPA Makes Hardware Vulnerability Disclosure Platform Open-Source

The Defense Advanced Research Projects Agency has made its hardware vulnerability disclosure platform for ethical hackers and cybersecurity researchers open-source.

DARPA launched the Finding Exploits to Thwart Tampering bug bounty program in April 2020, providing white-hat hackers the opportunity to help protect processors being developed for the System Security Integration Through Hardware and Firmware program.

FETT had since remained a closed-off collaboration among DARPA, California-based penetration testing company Synack, the Department of Defense’s Defense Digital Service and a select community of hackers.

With FETT’s open-source structure, DARPA expects cybersecurity researchers to have an easier time identifying weaknesses in semiconductor designs and helping in the design of prototype processors, FedScoop reported Tuesday.

The platform can virtualize hardware and firmware to provide researchers unlimited access to the chip designs before they are finalized for military systems. 

Synack Chief Technology Officer Mark Kuhr told FedScoop that the point of FETT is not to patch out known vulnerabilities but to prevent them from existing in the first place. 

According to a report by Homeland Preparedness News, FETT researchers have analyzed hardware architectures and approaches developed by research teams from the University of Cambridge, SIR International, University of Michigan, Lockheed Martin and the Massachusetts Institute of Technology.

In May, the Pentagon also expanded its Vulnerability Disclosure Program and allowed ethical hackers to target all of the department’s publicly accessible information systems. 

Hackers were previously limited to the DOD’s public-facing websites. They may now also research and report vulnerabilities related to frequency-based communication, the internet of things and industrial control systems, among others.