Cybersecurity is an urgent and major societal challenge. Highly correlated with the digitalization of our societies, cyberthreats have an increasing impact on our lives. It is therefore essential to ensure digital security and strategic autonomy of the EU by strengthening leading cybersecurity capacities. This challenge will require the coordination of Europe’s best competences, towards common research and innovation goals.
SPARTA is a novel Cybersecurity Competence Network, supported by the EU’s H2020 program, with the objective to develop and implement top-tier research and innovation collaborative actions. Strongly guided by concrete challenges forming an ambitious Cybersecurity Research & Innovation Roadmap, SPARTA will setup unique collaboration means, leading the way in building transformative capabilities and forming a world-leading Cybersecurity Competence Network across the EU. From basic human needs (health) to economic activities (energy, finance, and transport) to technologies (ICT and industry) to sovereignty (eGovernment, public administration), four research and innovation programs will push the boundaries to deliver advanced solutions to cover emerging challenges.
The SPARTA consortium assembles, for the first time, 44 actors from more than 14 Member States, bringing together the expertise of different kind of stakeholders, be they research institutes, private organizations or national authorities,
Re-imagining the way cybersecurity research, innovation, and training are performed in Europe across domains and expertise, from foundations to applications, in academia and industry. SPARTA will create a long-lasting community capable of collaboration to define, develop, share, and evolve solutions that will help practitioners prevent cybercrime and enhance cybersecurity.
In sharing experiences and excellence, challenges and capabilities, SPARTA makes decisive contributions to European strategic autonomy.
Eclipse Steady (Incubator Project)
Discover, assess and mitigate known vulnerabilities in Open-source Software Libraries
The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The risks that come from the reuse of community-developed libraries were mercilessly demonstrated by the (in)famous Equifax data breach where personal and financial data of millions of US citizens were stolen. The root cause of the Equifax data breach lies on a web server application which was depending on an old, vulnerable OSS library.
Nowadays several tools exist to detect whether vulnerable libraries are among application dependencies, however most of them rely on meta-data for mapping libraries to vulnerabilities. A team of security researchers at SAP has developed a different approach based on the detection of vulnerable code rather than vulnerable libraries (see https://arxiv.org/pdf/1806.05893.pdf).
Eclipse Steady, the tool implementing this code-centric and usage-based approach, is officially recommended by SAP to scan its Java software. It has been recently released as an open source tool and has now found a new home at the Eclipse Foundation. It will be further improved as part of SPARTA’s CAPE program.