Government agencies, financial institutions, airlines, and even the military, nearly every major sector in the United States is dealing with legacy IT that makes resolving issues difficult and fixing vulnerabilities expensive.
These legacy systems are prone to bugs that may cause outages and waste engineering time to reconcile. Increasingly, the culprit is outdated software, which is software that is no longer supported by the vendor, or software whose original source code is not available.
To address these challenges, Draper is partnering with Carnegie Mellon University (CMU) to develop a capability for rapidly patching legacy software in its original binary form.
By creating this new capability, IT teams will be able to analyze, modify, and fix legacy binaries, as well as produce assured targeted micro-patches for known security flaws.
The new capability is designed to address several challenges. Fixing security vulnerabilities in legacy software, for instance, requires patching at the binary level. Manual binary editing, however, is slow and error-prone. Additional challenges arise when patched, and recompiled binary code changes an IT system’s performance, making recertification difficult and slow.
These challenges and limitations can result in mission-critical software going unpatched for months to years, increasing the opportunity for attackers and the risk of the software becoming non-compliant.
Therefore, it’s crucial to have a patch management solution that can make sure critical aspects of an IT system stay up to date, explains Michael Crystal, program manager at Draper.
“Today, software patching is complicated, and the recertification process is largely manual and relies on human evaluators combing through piles of documentation, or assurance evidence, to determine whether the software meets certain certification criteria,” says Crystal.
“We want to take the guesswork out of the process and enable the certification to go forward with confidence.”
Funded under DARPA’s Assured Micropatching Program, the toolset, named VIBES, (which stands for Verified, Incremental Binary Editing with Synthesis), uses program synthesis and constraint programming techniques to compile a source-level patch and insert it into a preexisting binary program.
VIBES uses formal verification to prove that only the intended change is made and provides evidence of correct behavior for subsequent recertification or accreditation processes.
VIBES underwent development during a series of challenges arranged by the DARPA AMP program in 2021 and 2022.
(Learn More… Courtesy of Draper and Vimeo.)
Micropatches change the fewest possible bytes to achieve their objective, which minimizes potential side effects and should enable proof that the patches will preserve the original baseline functionality of the system.
With these proofs, the time to test, recertify and deploy the patched system should be reduced from months to days.
“The technologies developed by Draper and Carnegie Mellon University aim to enable professionals to quickly and accurately patch legacy binaries in the deployed software systems upon which their enterprises depend,” explains Philip Zucker, Ph.D., senior computer scientist and programmer at Draper.
“You can test, package, stage and deploy patches automatically, saving your time and money over limited, manual processes.”
“We’re thrilled that Draper is building on top of the CMU Binary Analysis Platform, a framework we developed and open sourced to enable analysis of programs in the machine code representation,” added David Brumley, a professor in CMU’s department of Electrical and Computer Engineering and a core member of CMU’s CyLab.
Patching is difficult in that manual updates can take an extremely long time.
A study by the Ponemon Institute found that more than half of all companies (55%) say that when it comes to patching, they spend more time manually navigating the various processes involved than actually patching vulnerabilities.
Most companies (61%) feel that they are at a disadvantage for relying on manual processes for applying software patches.
In February, VIBES was released as open-source software. CMU’s open-sourced software is called ‘Binary Analysis Platform,’ was originally released in 2015.
Draper believes exciting things happen when new capabilities are imagined and created, whether formulating a concept and developing each component to achieve a field-ready prototype or combining existing technologies in new ways. Draper engineers apply multidisciplinary approaches that deliver new capabilities to customers.
As a nonprofit engineering innovation company, Draper focuses on the design, development, and deployment of advanced technological solutions for the world’s most challenging and important problems.
Draper provides engineering solutions directly to the government, industry, and academia, and offers unbiased assessments of technology or systems designed or recommended by other organizations, custom designed, as well as commercial-off-the-shelf.
To Learn More, visit Draper at www.draper.com.
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now in its Seventh Year, recognizes industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
HELIAUS® is a sophisticated Artificial Intelligence (AI)-driven solution that goes beyond the outmoded “detect and respond” model of risk management.
More than just a tour or incident management system, HELIAUS® is a comprehensive workforce management solution that uses powerful algorithms to generate risk-adverse recommendations to keep your security professionals connected and engaged, situationally informed, and armed with the right recommendations to effectively create safer, more secure environments.
The bottom line is HELIAUS® can help reduce security and safety incidents by up to 20%, all while improving profitability and your bottom line.
(Learn about HELIAUS®, a revolutionary integrated solution beyond the archaic “detect and respond” model of risk management. It’s not just a tour or incident management system. HELIAUS® is a comprehensive workforce management solution with AI technology at its core. Courtesy of Allied Universal and YouTube.)
Allied Universal Programs have been recognized with Multiple Awards in the 2020, 2019, and 2018 ‘ASTORS’ Homeland Security Awards Programs.
OnSolve offers a suite of AI-powered risk intelligence, critical communications, and incident management capabilities, so organizations can control the entire critical event management process, keep ahead of change, monitor disasters, and be empowered to make quicker, more accurate decisions during the times that matter most.
Organizations are able to gain risk intelligence information that allows them to prepare in advance for disasters and ensure business resiliency, send out mass alerts to notify the right people at the right time during a crisis, leverage a mobile incident management platform to retain full control during emergencies, and more.
Before, during, and after a critical event strikes, organizations now have the power of AI to inform timely and accurate situational awareness, the relevance and speed of leading mass notification services to manage critical communications, and the ability to holistically and seamlessly manage critical events through incident management – all from OnSolve.
OnSolve risk intelligence technology continues to keep people safe and informed, allowing them to better protect themselves, their employees, and communities.
(Learn how AI-powered OnSolve Risk Intelligence delivers intelligence that is truly actionable so you can make accurate and informed decisions. Courtesy of OnSolve and YouTube.)
*OnSolve was also recognized with Multiple Wins in the 2020, 2019, and 2018 ‘ASTORS’ Awards Programs.
|Access Control/ Identification||Personal/Protective Equipment||Law Enforcement Counter Terrorism|
|Perimeter Barrier/ Deterrent System||Interagency Interdiction Operation||Cloud Computing/Storage Solution|
|Facial/IRIS Recognition||Body Worn Video Product||Cyber Security|
|Video Surveillance/VMS||Mobile Technology||Anti-Malware|
|Audio Analytics||Disaster Preparedness||ID Management|
|Thermal/Infrared Camera||Mass Notification System||Fire & Safety|
|Metal/Weapon Detection||Rescue Operations||Critical Infrastructure|
|License Plate Recognition||Detection Products||COVID Innovations|
|Workforce Management||Government Security Programs||And Many Others to Choose From!|
Submit your category recommendation for consideration to Michael Madsen, AST Publisher, at: firstname.lastname@example.org.
And who better to address the aforementioned challenges, and initiatives to meet today’s threat landscape than Deputy Executive Assistant Commissioner (DEAC) Diane J. Sabatino of the Office of Field Operations, U.S. Customs and Border Protection (CBP), the opening keynote speaker at the much-anticipated 2022 ‘ASTORS’ Awards Presentation Luncheon, on Wednesday, November 16th, 2022.
(Hear a recent interview with Deputy Executive Assistant Commissioner (DEAC) Diane J. Sabatino held at Identity Week Europe on leveraging biometric comparison technology in U.S. air, maritime, and land border environments for the security of passengers, enhancing the customer experience and limiting the transmission of biological pathogens while respecting personal privacies and educating the public as the CBP further expands the implementation of biometrics to keep up with threats to the aviation and other border sectors. These new technological tools are there to automate administrative functions so that the most valuable component of the process, the officers, are able to focus on critical issues as they arise. Courtesy of evie kim sing and YouTube. Posted on Jul 13, 2022.)
Enter, American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields with a circulation of over 75,000 readers and many tens of thousands more visiting our AST Website at www.americansecuritytoday.com each month.
The continually evolving ‘ASTORS’ Awards Program will emphasize the trail of Accomplished Women in Leadership in 2022, as well as the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders. #MentorshipMatters
The United States forever changed on September 11th, 2001, and we were fortunate to have many of those who responded to those horrific tragedies join us at our 2021 ‘ASTORS’ Awards Presentation Luncheon.
Our 2021 keynote speaker featured a moving and informative address from TSA Administrator and Vice-Admiral of the United States Coast Guard (Ret), David Pekoske; to our attendees who traveled from across the United States and abroad, on the strategic priorities of the 64,000-member TSA workforce in securing the transportation system, enabling safe, and in many cases, contactless travel.
In 2021 over 200 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields, which included:
Each year, in order to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government, and law enforcement/first responder practitioners, convene in New York City to network, learn and evaluate the latest technologies and solutions from premier exhibiting brands.
This combination of one-on-one conversations with top innovators, high-quality special events, and cutting-edge education and training, make ISC East the most comprehensive East Coast event to guide the industry in getting back to business.
Taking place November 15-17 at the Javits Center in NYC (SIA Education@ISC: November 15-17 | Exhibit Hall: November 16-17), ISC East will be co-locating again with the Natural Disaster & Emergency Management Expo (NDEM EXPO), a comprehensive trade event and online resource dedicated to the preparation, response, and recovery of physical and human assets of public and private organizations. Qualified professionals who register for ISC East will be granted access to both events.
Corporate firms, the majority of which return year to year to build upon their Legacy of Wins include:
AlertMedia, Allied Universal, AMAROK, ATI Systems, Attivo Networks, Axis Communications, Automatic Systems of America, BriefCam, Canon U.S.A., Fortior Solutions, guardDog.ai, Hanwha Techwin of America, HID Global, Mark43, IPVideo Corporation, Konica Minolta Business Solutions, Lumina Analytics, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Senstar Corporation, ShotSpotter, Singlewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and Wiresecure, just to name a few!
The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state, and local levels as well as from private firms allied to the government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
(See just a few highlights of American Security Today’s 2021 ‘ASTORS’ Awards Presentation Luncheon at ISC East. Courtesy of My Pristine Images and Vimeo.)
To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, please see the 2021 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2021 ‘A Year in Review.’
The Annual CHAMPIONS edition includes a review of Annual ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.
It serves as your Go-To Source throughout the year for ‘The Best of 2021 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware, and Networking Security – Just to name a few), the 2021 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2021 ‘ASTORS’ Awards Program.
For a complete list of 2021 ‘ASTORS’ Award Winners, begin HERE.
For more information on All Things American Security Today, as well as the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at email@example.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos
Subscribe to the AST Daily News Alert Here.