The Defense Advanced Research Projects Agency (DARPA) has finalized the results of a recent bug bounty event that tested the effectiveness of new hardware- and firmware-based security technologies.
The Finding Exploits to Thwart Tampering or FETT bounty discovered 10 vulnerabilities across 980 processors developed under DARPA's System Security Integration Through Hardware and Firmware or SSITH program, the agency said Thursday.
FETT ran from July to October last year with the participation of over 580 cybersecurity experts. DARPA then reviewed the program's findings over three months to determine the final results. Researchers from Synack, a crowdsourced security platform, performed the penetration tests on SSITH technologies.
“The majority of the bug reports did not come from exploitation of the vulnerable software applications that we provided to the researchers, but rather from our challenge to the researchers to develop any application with a vulnerability that could be exploited in contradiction with the SSITH processors’ security claims," said Keith Rebello, the DARPA's program manager for SSITH and FETT.
With FETT concluded, SSITH is now in the final stage where researchers are working to further develop the tested technologies with bolstered security.