Changing the Game of Software Security

For a large part of the world population, software increasingly touches all aspects of life. Clearly there are societal and business benefits to be gained, but the pervasiveness of software also presents unprecedented risk. The lack of capable people to either analyze existing or safely create new software paired with the sheer volume and accelerating pace of software development lends to automated approaches to address this risk. The Cyber Grand Challenge presented an opportunity to advance the state of the art and science in autonomous reasoning in software security. The culmination of this contest presented seven fully autonomous systems vying against each other hacking and defending previously unseen computer software, ultimately making sense of zero-day attacks, entirely without any human assistance. This collection of works presents many aspects of autonomous software security from differing perspectives. The authors detail solution approaches as well as evidence of the challenges that remain. As with many aspects of computing, while much has been accomplished software security, much work remains. © 2003-2012 IEEE.