SBIR/STTR Award attributes
Our proposal addresses the solicitation requirements: we will develop and deploy tools and methods to automatically repair vulnerabilities in code. The ACR solution will apply and extend the Phase I research and development to produce a prototype solution to the problem of automatically repairing vulnerabilities. ACR will scan and fix code in multiple languages, provide a detailed list of changes, and verify the functionality of the corrected code. These capabilities will verify new software as free of cyber vulnerabilities more quickly, and accelerate their approval to operate on government information systems. Phase I results demonstrated the ACR solution’s feasibility and confirmed that ECI’s expertise is ideally-suited to applying scanning tools, developing automated code correction methodology (including applying machine learning), and providing traceability of and verifying code changes, which are key to achieving the objective to automatically repair code and foster developer confidence in the changes. There is currently a significant backlog of applications to be deployed to government systems due to cyber vulnerabilities. These are often discovered too late to allow for code correction under the development contract. The ACR solution will greatly reduce or eliminate the manual repair of these vulnerabilities and speed their deployment to meet mission requirements. Approved for Public Release | 20-MDA-10643 (3 Dec 20)
