CybersecurityArmy seeks public collaboration in developing security software

Published 6 March 2015

Researchers working on a new cybersecurity project at the Army Research Lab (ARL) in Adelphi, Maryland have made available their project to anyone on the Internet in order to prompt professional collaboration and help. This atypical development tactic is intended to kick-start public collaboration on a software tool intended to aid soldiers in understanding where hackers might be targeting military systems.

Researchers working on a new cybersecurity project at the Army Research Lab (ARL) in Adelphi, Maryland have made available their project to anyone on the Internet in order to prompt professional collaboration and help.

As theBaltimore Sun reports, this atypical development tactic is intended to kick-start public collaboration on a software tool intended to aid soldiers in understanding where hackers might be targeting military systems.

“The Army is open and willing to collaborate,” said William Glodek, the project leader. “Hopefully, we can attract some bright talent to contribute to the project.”

By offering up code rather than data, Glodek’s team was able to bypass federal security rules regarding the sharing of information on threats. Their initiative is part of a broadening effort by some within the military and intelligence coding communities to release what they are working on in order better to refine the operational aspects of the project.

Some government agencies have released code in the past, but the efforts of the ARL mark the first time for a collaboration with GitHub, a popular spot for programmers around the world.

“It [GitHub] lets it get into more people’s hands,” said Dan Guido, a computer security researcher. “That benefit is clear.” Guido added that the Army’s decision to share the code on such a high traffic site was “really amazing.”

Those who interact with the code on GitHub will review lines for vulnerability against hackers and other potential defects. They can then suggest patches to the Army in whatever holes they uncover.

Ben Balter, an attorney and developer at GitHub, compared the initiative to locksmithing. Instead of keeping the design of the overall lock secret, it is made public and allowed to be picked – and, ultimately, improved.

According to Glodek, the software tool has already seen 700 versions of the tool created by GitHub users since its release in December, and some have suggested significant modifications to the ARL project team.

“We’re actually getting meaningful dialogue and technical contributions from the security community. This could be another great shining example of this approach.” Glodek said.

Balter, who also specializes in reaching out to agencies to use GitHub, said that he is seeing a growing interest from government programmers in the site. He said that government coders rarely are against offering up their projects for public assistance, but that bureaucratic hurdles remain.

If the Army is now willing, however, perhaps things are beginning to change.

“It’s very new and very exciting in the sense of having the military and intelligence community, who you’d expect to be the most secretive…really coming around,” he said.