Protecting U.S. Critical Infrastructure
Protecting U.S. Critical Infrastructure
Ninety percent of reported security incidents in software result from exploits against defects in design or code. ORNL's researchers focus on reducing this percentage to better secure critical infrastructure within the U.S.
Join our team!
Join our team!
Our team has professionals with degrees in computer science, computer engineering, and electrical engineering. The group has over 100 man-years of experience in software reverse engineering, program analysis, and vulnerability research. Specialty skills include binary literacy and program analysis; programming language proficiency such as C, C++, Python, Java, and Rust; operating systems familiarity; reverse engineering; binary analysis tools; tool development; and device and protocol analysis.
Overview
Overview
The Vulnerabilities Science Group seeks to advance the state of practice in software vulnerability research by discovering and implementing innovative analysis methods, then applying them to make our nation's critical infrastructure more secure. Today's vulnerability research requires low-level system expertise across a wide range of computing architectures, as well as understanding how to apply advanced tooling, modern data science, and artificial intelligence technologies to program binaries.
Impact
Impact
The Vulnerabilities Science Group has identified and characterized software and firmware vulnerabilities whose mitigation has led to significant security improvements in critical IT/OT equipment and infrastructures. By partnering closely with government and industry, researchers gain valuable insight into today's most relevant cyber security challenges. These unique partnerships have enabled the team to aid in securing our nation's critical infrastructure.
Capabilities
Capabilities
Today, digital security concerns touch almost all aspects of society. Vulnerability researchers provides technical expertise to the Department of Energy's Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program. Contributions to this program include security-focused hardware testing, system emulation, hardware and software bill-of-materials generation and analysis, reverse engineering, and binary auditing.
Contact
