Play online games to help improve software security
The Defense Advanced Research Projects Agency (DARPA) recognizes the ubiquity of video games. The government agency’s Crowd Sourced Formal Verification (CSFV) program is an attempt to crowdsource formal verification—a form of testing that aims to ensure that software is bug-free and isn’t vulnerable to attack or misuse—with purpose-built games. The DARPA-backed Verigames is a site created explicitly for formal verification games.
All of the games available on the site generate mathematical proofs used during the formal verification process. Potentially harmful code will be reported to software developers with “approved notification and mitigation procedures.” To gamers, all of the titles should seem like ordinary online games. Graphics, story, and even leaderboards are a part of most of the games. Behind the scenes, automated processes generate new puzzles that correspond to the math problems the CSFV wants to review.
“We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun,” said Drew Dean, DARPA program manager. “By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.”
Formal verification is usually a time intensive process that requires specially trained engineers who review code line-by-line for potential flaws. It’s a necessity that isn’t always practical. Using formal verification games to crowdsource the task means that the open source software can be rigorously tested at a far larger scale than is currently possible.
If you’re 18 or over—government regulations require adult volunteers—head on over to Verigames and try your hand at some of the formal verification games.