Building Resilient Software Systems

Original broadcast 10/1/25

Presented by Carahsoft

At the Billington CyberSecurity Conference in Washington, DC, Dan Wallach, Program Manager in the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), detailed how his agency is tackling one of the most persistent challenges in cybersecurity: building resilient software systems. Through a portfolio of programs and a capstone initiative focused on transitioning technologies into real-world use, DARPA is working to give the Department of Defense (DoD) and other federal partners new tools to secure both legacy and modern systems.

Wallach began by describing the Capstone initiative, which brings together several DARPA programs under a unified goal—getting innovations into operational environments. A prime example, he explained, involves work with Navy submarines. These systems must integrate modern capabilities with older, legacy technologies, creating a pressing need for secure interoperability. To address this, DARPA is deploying “safe parsing” technology, essentially building digital firewalls that protect sensitive internal systems from potentially vulnerable external interfaces. This approach ensures that even when old and new systems must connect, they do so securely.

This challenge—balancing new features with old infrastructure—is a recurring reality in software engineering. Wallach emphasized that rarely do engineers have the luxury of starting from scratch. Instead, they must incrementally enhance systems while simultaneously improving security. DARPA’s mission, therefore, is to provide solutions that make this process more effective and less risky.

One such solution is the Assured Micro Patching (AMP) program. Wallach explained that agencies often encounter situations where the source code of a program is no longer available, leaving only the compiled binary. This is more common than one might think, especially when dealing with legacy systems. When a bug or vulnerability emerges, patching without source code is extremely difficult. AMP equips developers with tools for reverse engineering—disassembling binaries, making precise changes, and then reassembling them. These tools are designed to provide assurances that the patch will not introduce new problems. By enabling targeted fixes at the binary level, AMP reduces the need for costly, large-scale reengineering.

Another project Wallach highlighted was SafeDocs, which addresses vulnerabilities in the way software systems parse data from external sources. Parsing—converting bits of incoming data into usable information—represents a large portion of the attack surface in most applications. Maliciously crafted files or messages often exploit weaknesses at this boundary. SafeDocs takes a different approach: instead of writing parsers by hand, developers formally define data formats, and tools automatically generate secure parsers. If a message doesn’t conform to the specification, the parser simply rejects it, reducing the risk of exploitation. This technology is already being tested on Navy submarines and holds promise for broader applications across government systems.

When asked about common threads among these diverse programs, Wallach pointed to DARPA’s focus on solving discrete but critical pain points in the broader cybersecurity puzzle. Each initiative—whether AMP, SafeDocs, or others—targets a specific vulnerability that adversaries exploit. By developing sophisticated engineering solutions and transitioning them into the defense industrial base, DARPA ensures that its research does not remain theoretical but directly improves security where it is most needed.

Wallach also discussed emerging trends shaping DARPA’s work. One is the use of formal methods—mathematically rigorous techniques for verifying that software behaves as intended. Rather than relying solely on testing or intuition, formal methods provide provable assurance that a system will not introduce new vulnerabilities. This level of certainty is increasingly essential as software systems grow in complexity and as the stakes of cyber conflict rise.

Another trend is artificial intelligence, which has already shown surprising skill in generating code. However, AI can also produce errors or “hallucinations.” Wallach suggested that combining AI with formal methods could yield powerful results: AI could generate potential solutions quickly, while formal methods would validate them with mathematical rigor. This fusion, though still an open research challenge, could transform how secure software is designed and maintained.

Looking ahead, Wallach acknowledged that significant hurdles remain. Integrating advanced tools into existing defense systems requires not just technical innovation but also cultural change. Developers, program managers, and operators must all gain confidence in these new approaches. Building that trust will take time and repeated demonstrations of success. Still, he expressed optimism that the direction is clear: more rigorous engineering, more automation, and more reliance on proven science to secure the foundation of government systems.

Wallach’s remarks underscored an essential point about cybersecurity: while adversaries innovate constantly, so too must defenders. By addressing longstanding vulnerabilities in parsing, patching, and integration, DARPA is laying the groundwork for software systems that are not just functional, but resilient. These efforts, he concluded, represent the kind of sophisticated, forward-looking engineering that will enable the U.S. to maintain technological superiority in an era of escalating cyber threats.

Key Takeaways

• DARPA’s Capstone initiative is transitioning advanced software security tools, such as SafeDocs and Assured Micro Patching, into operational use.

• Formal methods and AI, when combined, could deliver provably secure software systems at scale.

• Resilient software requires secure integration of legacy and modern systems, along with cultural trust in new tools.