FETT
FETT




DARPA FETT BUG BOUNTY PROGRAM

DARPA’s first ever bug bounty program – the Finding Exploits to Thwart Tampering (FETT) Bug Bounty –stress-tested novel secure hardware architectures and designs in development on the DARPA System Security Integration Through Hardware and Firmware (SSITH) program. DARPA partnered with the Department of Defense’s Defense Digital Service (DDS) and Synack, a trusted crowdsourced security company, on this effort that ran from July to October 2020. Researchers and ethical hackers were invited to attack SSITH technology, with cash rewards offered for successful attacks. Nearly 600 researchers spent more than 13,000 hours attacking SSITH defenses. Overall, only 10 attacks were successful, leading to the deployment and successful verification of three fixes during the course of the competition. The remaining vulnerabilities will be fixed during the final phase of the program.

In 2017, DARPA launched the SSITH program to create novel hardware defenses that can thwart the most common software exploitations of hardware vulnerabilities. Specifically, SSITH is developing secure processors to take on seven classes of hardware vulnerabilities that range from memory errors to code injection. These foul attacks seek to wreak havoc on electronic systems, just like your classic sci-fi villains. To help illustrate how these attacks work and their potential wrath, DARPA developed "The Malicious 7" – a cast of characters that personify each vulnerability class. With FETT, we asked bounty hunters to help us ensure that SSITH's novel hardware defenses can generate a heroic outcome from electronic security. We want to know - can SSITH prevent the Malicious 7 from wreaking havoc once and for all?

For more information on the vulnerability disclosure process, visit our Bug Bounty page here.

For more information on the underlying technologies behind SSITH hardware defenses, visit our Technology page here.

NEWS

IEEE Recaps FETT Results

FETT fends off most attacks

READ MORE

Homeland Security Today

DARPA announces results of first hardware bug bounty

READ MORE

The Daily Swig

Bug bounty strengthens security defenses

READ MORE

Computing

Morpheus chip foils attacks

READ MORE

Notebook Check

World’s best cybersecurity experts fail to hack the Morpheus processor

READ MORE

DARPA Announces FETT Bug Bounty

FETT opens SSITH hardware defenses to ethical hackers to strengthen electronic security

READ MORE

Synack Issues FETT Call for Security Researchers

Synack announces Capture-the-Flag qualifier for DARPA's FETT Bug Bounty

READ MORE

Washington Post: The Cybersecurity 202

DARPA wants hackers to try to crack its new generation of super-secure hardware

READ MORE

CyberScoop

DARPA invites hackers to break hardware to make it more secure

READ MORE

Dark Reading

DARPA Launches Bug Bounty Program

READ MORE

EnterpriseAI

DARPA Stress Tests its Hardware-Centric Security Approach

READ MORE

DARPA Announces FETT Bug Bounty is Live

FETT has opened its virtual doors to a community of ethical hackers and cybersecurity researchers

READ MORE

IEEE Spectrum

DARPA is running a bug bounty aimed at further hardening new malware-proof architectures

READ MORE

The Daily Swig

DARPA launches hardware security bug bounty program

READ MORE

Intelligence Community News

DARPA launches FETT bug bounty

READ MORE
DARPA Logo
DDS
Synack

You are now leaving the website that is under the control and management of DARPA. The appearance of hyperlinks does not constitute endorsement by DARPA of non-U.S. Government sites or the information, products, or services contained therein. Although DARPA may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.


After reading this message, click  to continue immediately.

Go Back