SBIR-STTR Award

Rapid Code Vulnerability Assessments for USAF Cyberspace Test Missions
Award last edited on: 11/10/2024

Sponsored Program
SBIR
Awarding Agency
DOD : DARPA
Total Award Amount
$719,625
Award Phase
2
Solicitation Topic Code
AF221-DCSO1
Principal Investigator
Derek Doran

Company Information

Tenet 3 LLC

5812 Batsford Drive
Dayton, OH 45459
   (937) 477-8883
   N/A
   www.tenet3.com
Location: Single
Congr. District: 10
County: Montgomery

Phase I

Contract Number: N/A
Start Date: 4/10/2023    Completed: 1/9/2025
Phase I year
2023
Phase I Amount
$1
Direct to Phase II

Phase II

Contract Number: 140D0423C0039
Start Date: 4/10/2023    Completed: 1/9/2025
Phase II year
2023
Phase II Amount
$719,624
Modern weapon systems and their testing infrastructure rely on the use of open-source software. Open source is provided “AS IS”' without guarantees. Code is often vulnerable with hard-to-mitigate attack surfaces. Tenet3, LLC will address this problem with an innovative machine learning-based approach for vulnerability detection as part of the CI/CD process. The solution is based on Explainable Artificial Intelligence (XAI) Neural Network (NN) technology able to consider low level code actions, system calls, and code data and control flows when determining if code has a vulnerability. The NN will associate code with broad vulnerability types, and via an interface based on MITRE Common Weakness Enumerations (CWEs), identify corresponding vulnerability entries in a database (NVD or CVE). The solution incorporates fast lookup of declared vulnerable library use and fast project code inspection to discover code likely copied from a vulnerable library. The solution will target C/C++ software and it will run fast enough for use in modern DevSecOps CI/CD pipelines.