[Owasp-leaders] 2 Million Dollars

johanna curiel curiel johanna.curiel at owasp.org
Fri Dec 6 21:37:28 UTC 2013


Hi Bill,


You mean.. are we selling the idea way too cheap? ;-)

regards

Johanna


On Fri, Dec 6, 2013 at 5:33 PM, Bill Sempf <bill at pointweb.net> wrote:

> It is a tempting project, but really, is a chance at two million worth it?
> I am not sure.
>
> S
>
>
> On Fri, Dec 6, 2013 at 4:29 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Josh
>>
>> "The CGC competitions require a fully automated solution – no human
>> assistance is permitted in any cyber reasoning processes, including reverse
>> engineering and patch formulation.
>>
>> Bayesian analysis is not exactly AI....
>>
>> "In statistics <http://en.wikipedia.org/wiki/Statistics>, *Bayesian
>> inference* is a method of inference<http://en.wikipedia.org/wiki/Statistical_inference> in
>> which Bayes' rule <http://en.wikipedia.org/wiki/Bayes%27_rule> is used
>> to update the probability estimate for a hypothesis as additional
>> evidence <http://en.wikipedia.org/wiki/Evidence> is acquired. Bayesian
>> updating is an important technique throughout statistics, and especially in
>> mathematical statistics<http://en.wikipedia.org/wiki/Mathematical_statistics>
>> "
>>
>> I don't think that ESAPI and APPSENSOR are that far as described
>> above, however I believe you can use part of that knowledge to construct
>> this solution. Also the areas in the challenge go further than application
>> security alone.
>>
>> I believe you need Neural networks or some Prolog. I think that a
>> combination of semantics for programming the rules and decisions (models)
>> will be a possible approach.
>>
>>
>> Regards
>>
>>
>> Johanna
>>
>>
>> On Fri, Dec 6, 2013 at 5:19 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> Johanna,
>>>
>>> Pick up a copy of Ryan Barnett's Web Application Defenders Cookbook and
>>> you'll start to realize just how close to AI it is.  Especially given it's
>>> ability to perform bayesian analysis and take automated action based on
>>> those results.  And if the application can be hooked with ESAPI and
>>> AppSensor, then you can do similar based on events at the code level as
>>> well.  Autonomous sounds like "AI" to me as well, but I'm pretty sure that
>>> toolset is capable with some forethought and minor modifications.
>>>
>>> ~josh
>>>
>>>
>>> On Fri, Dec 6, 2013 at 3:13 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>
>>>> Now we have the start of a party...
>>>>
>>>> http://www.darpa.mil/cybergrandchallenge/
>>>>
>>>> On Dec 6, 2013, at 4:03 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>> Well, not so fast , because ...
>>>>
>>>> "DARPA is soliciting innovative proposals from teams that will develop
>>>> and field* autonomous Cyber Reasoning Systems* capable of
>>>> comprehending and protecting software during a live exercise. Specifically
>>>> excluded is research that primarily results in evolutionary improvements to
>>>> the existing state of practice."
>>>>
>>>> ...
>>>>
>>>> The DARPA Cyber Grand Challenge will utilize a series of competition
>>>> events to test the abilities of a new generation of fully automated cyber
>>>> defense systems. During a final competition event, automated Cyber
>>>> Reasoning Systems will compete against each other in real time. This event
>>>> will be held in a public setting and documented for research purposes.
>>>>
>>>>
>>>> This smells Artificial intelligence ...
>>>>
>>>>
>>>> On Fri, Dec 6, 2013 at 4:56 PM, Josh Sokol <josh.sokol at owasp.org>wrote:
>>>>
>>>>> ModSecurity + ESAPI + AppSensor.  Done.
>>>>>
>>>>> ~josh
>>>>>
>>>>>
>>>>> On Fri, Dec 6, 2013 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>>>
>>>>>>
>>>>>> http://www.theregister.co.uk/2013/12/06/darpa_enlists_def_con_talent_for_2m_security_bugswatting_challenge
>>>>>>
>>>>>> Interested?
>>>>>>
>>>>>> Now that AppSecUSA is over its time for the next OWASP mission
>>>>>> focused project.   Add a 2M dollar bounty you got my attention - how about
>>>>>> yours?
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131206/22d4ca1e/attachment.html>


More information about the OWASP-Leaders mailing list