The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), the Defense Advanced Research Projects Agency (DARPA), and the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), has released a report on the state of software understanding. This report, titled Closing the Software Understanding Gap, calls for action from the United States government to develop a thorough understanding of software-controlled systems. Furthermore, the report advocates for software-controlled systems with verifiable functionality, safety, and security across all conditions.
According to the report, technology manufacturers create software that outpaces the abilities of mission owners and operators to understand it. This lack of understanding contributes to exploited vulnerabilities, as these software-controlled systems are not built secure by design.
The report provides potential solutions to improve the security of legacy software and emerging software. It also includes recommendations for improving knowledge on software-controlled systems and AI-based systems.
