The Problem This Solution Solves
Current methods of finding unknown software vulnerabilities in military weapon systems do not scale, which is estimated to be a $1.79 trillion problem. Despite the magnitude of this threat, contemporary DoD software acquisition practices and priorities are roadblocks that slow the intake of innovative, commercially-proven solutions to these problems. In addition, the DoD lacks access to automation to augment the small cadre of experts on staff and verify their work. This gap leaves space for potential adversaries to find and exploit vulnerabilities in weapon systems and other critical software.
Supporting GAO Assesments on military system software vulnerabilities can be found below:
Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities
Weapon Systems Annual Assessment: Update Program Oversight Approach Needed
The Solution
Proteus, GrammaTech’s premier platform, is a system for automated weakness discovery and exploitability reasoning. It works on native Windows binaries (32 and 64 bit). It discovers potential memory corruption vulnerabilities (covering 20+ common, dangerous CWE IDs); recommends and applies patches if desired; develops security policies; and hardens executables against residual, undiscovered vulnerabilities. Proteus focuses on attacks from untrusted malicious files and network connections. Users can identify un/trusted input channels. Proteus accomplishes this functionality by 1. error amplification, 2. weakness amplification, 3. exploitability analysis, 4. binary patching, and 5. binary hardening.