AFRL Awards $13M Software Security Contract to GrammaTech
Subcontractors Raytheon Company, the University of Virginia, and Georgia Tech join effort to neutralize software vulnerabilities in security-critical applications
Ithaca, NY, October 06, 2010 --(PR.com)-- GrammaTech, Inc., a leading manufacturer of software-analysis tools, today announced it has been awarded a multi-year, $12.9M contract focused on improving software security. GrammaTech will lead the development and demonstration effort, working with subcontractors Raytheon Company, the University of Virginia School of Engineering and Applied Science, and the Georgia Institute of Technology; this team brings together world-class expertise in software analysis, security, and development. The effort is part of the Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) program, an initiative of the Intelligence Advanced Research Projects Activity (IARPA) Office of Safe and Secure Operations and administered by the Air Force Research Lab (AFRL).
STONESOUP seeks to address a key problem in today’s world: How can we use software securely if we do not know how or by whom the software was created, or where its component parts originated? Software is produced around the world; component parts come from many different places and are integrated into larger systems. The production of software increasingly involves contract software engineers and off-shore suppliers because it is often prohibitively expensive to generate a major system completely in-house. Accordingly, security-conscious users require ways to assure that the software they utilize performs no malicious actions. GrammaTech, Raytheon, the University of Virginia, and the Georgia Institute of Technology will combine state-of-the-art technologies that together will make a significant contribution to solving this problem.
According to Tim Teitelbaum, GrammaTech’s co-founder and CEO, “Application software is rarely subject to rigorous analysis; this lack of quality control is complicated by the fact that software producers can issue updates and fixes at a rate faster than present processes can evaluate their effects. In concert with our partners, we intend to advance automated techniques for software analysis, to combine them with methods for confining software execution so that known weaknesses cannot be exploited, to diversify software components so that residual vulnerabilities will be more difficult for attackers to discover or exploit, and to remediate software components with automatically-generated and evaluated software patches.”
The URL for the full release is located at: http://www.grammatech.com/news/2010/releases/10-04-10.html
###
STONESOUP seeks to address a key problem in today’s world: How can we use software securely if we do not know how or by whom the software was created, or where its component parts originated? Software is produced around the world; component parts come from many different places and are integrated into larger systems. The production of software increasingly involves contract software engineers and off-shore suppliers because it is often prohibitively expensive to generate a major system completely in-house. Accordingly, security-conscious users require ways to assure that the software they utilize performs no malicious actions. GrammaTech, Raytheon, the University of Virginia, and the Georgia Institute of Technology will combine state-of-the-art technologies that together will make a significant contribution to solving this problem.
According to Tim Teitelbaum, GrammaTech’s co-founder and CEO, “Application software is rarely subject to rigorous analysis; this lack of quality control is complicated by the fact that software producers can issue updates and fixes at a rate faster than present processes can evaluate their effects. In concert with our partners, we intend to advance automated techniques for software analysis, to combine them with methods for confining software execution so that known weaknesses cannot be exploited, to diversify software components so that residual vulnerabilities will be more difficult for attackers to discover or exploit, and to remediate software components with automatically-generated and evaluated software patches.”
The URL for the full release is located at: http://www.grammatech.com/news/2010/releases/10-04-10.html
###
Contact
GrammaTech, Inc
Barbara Stewart
480-488-6909
www.grammatech.com
Contact
Barbara Stewart
480-488-6909
www.grammatech.com
Categories