While the movement to standardize engineering processes into the development of computing systems has been incrementally successful, the defect density of software systems continues to rise. A revolution in synthesizing systems is called for, and was answered by DARPAs Mining and Understanding Software Enclaves (MUSE) program, but how do we know these synthesized systems are verifiably non-exploitable Currently, there are several methods and associated tools available to identify vulnerabilities and malware in code bases. Many of these techniques can pinpoint possible threats, or match exact patterns of known threats. They also produce complex, voluminous and/or false positive results. The objective of this proposal is to demonstrate the feasibility of applying Big Code, i.e. machine learning and statistical analysis approaches aimed at mining software code bases, to develop a unified vulnerability and malware identification process and toolset which we call Eunomia. Eunomia will support the rapid synthesis of complex Systems of Systems (SoS) by providing quantifiable assurances that their components are maximally correct and non-exploitable.
