The Defense Advanced Research Projects Agency (DARPA) has found a way to scan millions of lines of software code for vulnerabilities using volunteers who are playing video games.
Called Verigames , volunteers identify problematic chunks of code that assists analysts in lowering the work load.
These free games are marketed to users of Apple or iPads and are set up as most online crowd-sourcing games are.
In the game SETI@home , the gamer can scan the skies for extraterrestrial life.
CircuitBot encourages players to assemble a team of robots to carry out a mission.
The game Fold It allows the user to play puzzles that are actually analyzing protein folding.
Ghost Map allows the gamer to develop pathways through the human brain’s neuro-net.
All DARPA games use Crowd Sourced Formal Verification (CSFV) programs which relies on engineers to review code for errors and omissions that could be used by a hacker.
CSFV is alleged to assist in:
- Increased frequency and cost-effectiveness of formal verification for more types of common COTS software
- Greatly expanded audience to participate in formal verification
- Establishment of a permanent community of game players interested in improving software security
Drew Dean, program manager for DARPA commented : “We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun. By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.”