Industry News Coverage
Industry News Coverage
Below is a comprehensive monthly review of the news and other media's coverage of CWE. A brief summary of each news item is listed with its title, author (if identified), date, and media source.
DARPA Web Site, December 24, 2013
CWE was mentioned in the U.S. Defense Advanced Research Projects Agency (DARPA) "Cyber Grand Challenge" announcement on December 24, 2013 in an frequently asked questions document. "The DARPA Cyber Grand Challenge (CGC) is a tournament for fully automated network defense. Similar to computer security competitions currently played by expert software analysts, the CGC intends to allow groundbreaking prototype systems to compete for the first time in a "league of their own." During the competition, automatic systems would reason about software flaws, formulate patches and deploy them on a network in real time."
CWE is mentioned in the answers to two
DARPA Cyber Grand Challenge (CGC) FAQs, as follows: "Q9: What constitutes a software flaw in Cyber Grand Challenge? A9: DARPA CGC will not provide a formal definition of a software flaw; this question lies outside the scope of the challenge. The CGC will operate in the tradition of existing cyber competitions: a flaw is proven when an input delivered from the network to a flawed software program (CB) creates an effect detectable by instrumentation operated by the competition framework. CGC Challenge Binaries will contain memory corruption flaws representative of flaws categorized by the MITRE CWE (cwe.mitre.org), however, Competitor Systems may prove any software flaw they discover through automated reasoning. A list of representative CWE categories will be released prior to the kickoff of Cyber Grand Challenge." And "Q10: What type of security vulnerabilities will CGC address? A10: CGC Challenge Binaries shall contain traditional memory corruption flaws. A subset of relevant flaw types drawn from the MITRE Common Weakness Enumeration entries as found on
http://cwe.mitre.org/ follows; teams are encouraged to make use of this list as a starting point, not a reference." The answer to A10 also lists 39 individual CWE entries by CWE-IDs, for example, "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), etc.".
https://dtsn.darpa.mil/CyberGrandChallenge/default.aspx for additional information.