The Defense Advanced Projects Agency (DARPA) is seeking ways to better patch legacy software in mission-critical systems through its new Assured Micropatching program.
According to a solicitation, DARPA is seeking research proposals on micropatching to repair legacy binaries of mission-critical systems that will not impact the functionality of the system.
“Even after a particular flaw is fully understood, and a remediation approach has been developed and expressed as a source code change in the software, a vendor’s ability to produce patches for all of their deployed devices in a timely, assuredly safe, and scalable manner is limited,” program manager in DARPA’s Information Innovation Office Dr. Sergey Bratus said in a post. “This results in mission-critical software going unpatched for months to years, increasing the opportunity for attackers.”
The Assured Micropatching program from DARPA aims to address challenges incorporated into patching legacy binaries in mission-critical systems and infrastructure and accelerate the process of patching.
“Think of how many times you have updated software on your personal device and the update inadvertently caused some of the software to stop working, or worse, ‘bricked’ the device,” Bratus said. “Assured Micropatching aims to create and apply fixes in an automated and assured way, giving us a means to expedite the time to test and deploy the patched system from months and years to just days.”