[Owasp-leaders] 2 Million Dollars

Bill Sempf bill at pointweb.net
Fri Dec 6 21:33:10 UTC 2013


It is a tempting project, but really, is a chance at two million worth it?
I am not sure.

S


On Fri, Dec 6, 2013 at 4:29 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Josh
>
> "The CGC competitions require a fully automated solution – no human
> assistance is permitted in any cyber reasoning processes, including reverse
> engineering and patch formulation.
>
> Bayesian analysis is not exactly AI....
>
> "In statistics <http://en.wikipedia.org/wiki/Statistics>, *Bayesian
> inference* is a method of inference<http://en.wikipedia.org/wiki/Statistical_inference> in
> which Bayes' rule <http://en.wikipedia.org/wiki/Bayes%27_rule> is used to
> update the probability estimate for a hypothesis as additional evidence<http://en.wikipedia.org/wiki/Evidence> is
> acquired. Bayesian updating is an important technique throughout
> statistics, and especially in mathematical statistics<http://en.wikipedia.org/wiki/Mathematical_statistics>
> "
>
> I don't think that ESAPI and APPSENSOR are that far as described
> above, however I believe you can use part of that knowledge to construct
> this solution. Also the areas in the challenge go further than application
> security alone.
>
> I believe you need Neural networks or some Prolog. I think that a
> combination of semantics for programming the rules and decisions (models)
> will be a possible approach.
>
>
> Regards
>
>
> Johanna
>
>
> On Fri, Dec 6, 2013 at 5:19 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> Johanna,
>>
>> Pick up a copy of Ryan Barnett's Web Application Defenders Cookbook and
>> you'll start to realize just how close to AI it is.  Especially given it's
>> ability to perform bayesian analysis and take automated action based on
>> those results.  And if the application can be hooked with ESAPI and
>> AppSensor, then you can do similar based on events at the code level as
>> well.  Autonomous sounds like "AI" to me as well, but I'm pretty sure that
>> toolset is capable with some forethought and minor modifications.
>>
>> ~josh
>>
>>
>> On Fri, Dec 6, 2013 at 3:13 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>
>>> Now we have the start of a party...
>>>
>>> http://www.darpa.mil/cybergrandchallenge/
>>>
>>> On Dec 6, 2013, at 4:03 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>> Well, not so fast , because ...
>>>
>>> "DARPA is soliciting innovative proposals from teams that will develop
>>> and field* autonomous Cyber Reasoning Systems* capable of comprehending
>>> and protecting software during a live exercise. Specifically excluded is
>>> research that primarily results in evolutionary improvements to the
>>> existing state of practice."
>>>
>>> ...
>>>
>>> The DARPA Cyber Grand Challenge will utilize a series of competition
>>> events to test the abilities of a new generation of fully automated cyber
>>> defense systems. During a final competition event, automated Cyber
>>> Reasoning Systems will compete against each other in real time. This event
>>> will be held in a public setting and documented for research purposes.
>>>
>>>
>>> This smells Artificial intelligence ...
>>>
>>>
>>> On Fri, Dec 6, 2013 at 4:56 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>>> ModSecurity + ESAPI + AppSensor.  Done.
>>>>
>>>> ~josh
>>>>
>>>>
>>>> On Fri, Dec 6, 2013 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>>
>>>>>
>>>>> http://www.theregister.co.uk/2013/12/06/darpa_enlists_def_con_talent_for_2m_security_bugswatting_challenge
>>>>>
>>>>> Interested?
>>>>>
>>>>> Now that AppSecUSA is over its time for the next OWASP mission focused
>>>>> project.   Add a 2M dollar bounty you got my attention - how about yours?
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131206/35a362f9/attachment-0001.html>


More information about the OWASP-Leaders mailing list