Welcome Guest. | Log In | Register | Membership Benefits

'Mudge' Announces New DARPA Hacker Spaces Program

Former L0pht hacker-turned DARPA executive launches a new federal program to fast-track research by indie and small-firm hackers

Aug 04, 2011 | 11:14 PM | 

By Kelly Jackson Higgins
Dark Reading
BLACK HAT USA 2011 -- Las Vegas -- Peiter "Mudge" Zatko, famed member of the legendary L0pht hacker group, announced the launch here today of a new program at the Defense Advanced Research Projects Agency (DARPA) aimed at funding hacker spaces and research in cybersecurity.

Click here for more of Dark Reading's Black Hat articles.

Mudge, who has been the program manager for the information innovation office at DARPA for a year now, says the idea behind the new DARPA-RA-11-52 initiative is to fast-track security research among independent researchers and small, boutique security firms. The program is called Cyber Fast Track.

"It's time to start funding hacker spaces, labs, and boutique security companies to make it easier to compete with large government contractors" for research money, Mudge said in his keynote address here today. "When I was at L0pht, we all had day jobs and did our [research] in the off-hours of the night … I want a lot of people who are doing cool research work all day long to not have to have day jobs and do their big work at night."

Mudge says the new DARPA-RA-11-52 project will aim to fund somewhere between 20 to 100 projects per year, with a straightforward proposal template that streamlines and simplifies the traditionally onerous application process for DARPA funding. The contracts will be awarded around 10 days from their submission.

"And you get to keep your IP," he said.

It has been difficult for hackers to interface with DARPA with the previous model. "The way the government is set up, it's almost impossible for small boutique firms and hackers to actually say, 'I'm doing cool research work, and how do I get funding without giving up IP to venture capitalists or ownership,' or getting purchased by a large government contractor and your company basically being gutted," he said.

DARPA's Mudge is in the process of traveling around the country visiting hackerspaces and briefing them on the new fast-track program. "What's good for this community is good for DARPA," he said.

The Cyber Fast Track website is here.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS












Featured Webcasts
Featured Whitepapers
Featured Reports
Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.