Former ONCD official urges defense industrial base to integrate formal methods to ensure software cyber resilience

Former Office of the National Cyber Director official Anjana Rajan said the defense industrial base should move toward integrating formal methods to prove software is secure from cyber vulnerabilities, as the Defense Department and other agencies look to prioritize efficiencies.

“The Pentagon has made it clear where the future is headed. The defense industrial base should be thinking now about how to integrate formal methods into their engineering processes. Those who start early will be best positioned to deliver resilient systems that meet the DoD’s expectations,” Rajan told Inside Cybersecurity.

Rajan emphasized the Defense Department’s push toward efficiency, and how efficiency requires assurance that software systems will not fail.

Rajan worked on a 2024 ONCD report titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” on addressing software vulnerabilities through building secure hardware structures, secure programming languages and using formal methods to mathematically prove software security.

She also emphasized that emerging technologies, such as artificial intelligence, are increasing the need for formal methods instead of traditional testing methods.

“The complexities of these systems are just becoming so big that traditional methods of testing are not sufficient, and that gap of what we understand about our software, and how complex it is getting, is only widening because of artificial intelligence,” Rajan said.

Read more at the original article here: https://insidecybersecurity.com/share/17284