The Software for National Security Partnership Forum (SPF-25) will be held at Vanderbilt University in Nashville, TN, on March 11–12, 2025.
Our nation is presently facing extensive, unmeasurable risk to our national security, critical infrastructure, telecommunications, economy, agriculture, healthcare, and more. This risk arises through society’s widespread dependence on software which is typically constructed in such a way as to contain behaviors—whether inadvertent or malicious—that put those systems at critical risk. Ideally, system owners and operators of these systems would routinely pose any critical question of the software in these systems and receive rigorous answers in a timely, cost-effective, fashion. Today, critical system owners and operators lack adequate capabilities to do this, despite their enormous and accelerating dependence on the software involved in these systems. The result is an unacceptable and rising rate of ransomware, data breaches, costly software crashes, foreign presence on U.S. systems, and more.
This lack of capability stems from the software understanding gap—a gap born from a continuing disparity of technical investment—resulting in the ability to build software that greatly outstrips our ability to understand it. The ramifications of this software understanding gap manifest themselves in our inability to create software without defects, remediate them once discovered, maintain software at the speed and scale of mission relevance, and to secure systems against exploits. Society’s historical choices on how to construct and leverage software have resulted in economic opportunity and prosperity but have also resulted in widespread dependence on software systems whose behavior is placing society, government, and national security at risk.
These are significant challenges, but the technologies needed to analyze software to prevent or discover undesirable behavior rest upon technical foundations with decades of progress. Making progress on these critical issues will require coordinated effort across government, industry, and academia, involving technical, organizational, policy, and resourcing decisions.
A recent NSA, CISA, DARPA, and OUSD R&E report, Closing the Software Understanding Gap, further explores this urgent issue: NSA Jointly Releases Recommendations for Closing the Software Understanding Gap
The SUNS Partnership Forum seeks to engage a select number of luminaries from industry, academia, and government to discuss these issues.