Raytheon joins 'STONESOUP' team to improve software security

Raytheon Company has been selected as a subcontractor on a program to foil attacks against software of uncertain origin.

Engineers from Raytheon Integrated Defense Systems (IDS) have joined a team led by GrammaTech, Inc., to develop a technology that prevents the exploitation of vulnerabilities in software whose pedigree, or provenance in cyberparlance, is uncertain. The contract is part of STONESOUP - Securely Taking On New Executable Software Of Uncertain Provenance - a program of the Intelligence Advanced Research Projects Activity.

The multiyear contract administered by the Air Force Research Laboratory is for $12.9 million. GrammaTech, a manufacturer of software-analysis tools, is located in Ithaca, N.Y. Other team members include the University of Virginia and the Georgia Institute of Technology. Raytheon's piece of the contract is estimated at $2.5 million.

"Software developers often bundle software components from various sources, not knowing the vulnerabilities that these components bring with them," said Tom Bracewell, Raytheon's principal investigator. "An attacker may know how to exploit these vulnerabilities. Our goal is to eliminate the supply chain risk by removing these vulnerabilities or rendering them harmless."

The team's approach is to remove or mask vulnerabilities through automated analysis, repair, diversification, and visualization of executable code.

Raytheon will perform its role of technology integration, test, evaluation, and transition at IDS' Customer Integration Center in Arlington, Va.

Source: Raytheon

Follow Shephard News on Twitter