We are working hard to quickly build out Samaritan and make it available to you.
Our ability to offer the service is dependent on the continuation of our Small Business Innovation Research (SBIR) contract with DARPA. We are at a point where we need your voice to help ensure the continued funding of the project.
Please consider submitting your name and email to lend support to our work.
Discovering where vulnerabilities are hiding in software is of critical importance to making software safer.
Existing vulnerability hunting methods include technical approaches like fuzzing and concolic execution, as well as human-centric approaches like manual inspection and penetration testing. While both methods have demonstrated success, there is still plenty of room for improvement. For example, scaling fuzzing to large systems is very difficult and the best means of focusing limited human vulnerability hunting resources is not settled fact.
I voice my support for the continued development of metrics and related measurement technologies that can capture human dimensions of software engineering.
We know from exiting research that multiple metrics have been empirically shown to correlate with the density of real-world vulnerabilities in open source software. We also know from the transportation and medical fields that human factors are an important determinant of performance and safety.
Improving our understanding and ability to measure human dimensions of software engineering offers a promising set of benefits, including hunting bugs faster, increasing developer productivity, and better assessing organizational and supply chain risk.
We support the work that Secure Decisions has performed and look forward to the fruits of their future labor, including Samaritan.