Software Understanding for National Security

SUNS (“Software Understanding for National Security”) aims to address the extensive risk to our national security and critical infrastructure (NS&CI) missions resulting from our widespread dependence on largely inscrutable third-party and legacy software. We believe our confidence in NS&CI mission software should be based on reliable, technical evidence.  SUNS seeks to:

• revolutionize the nation’s capabilities in software understanding,
• outline and conduct a systematic research agenda,
• drive technical progress using a coordinated and extensive community,
• identify shared impediments and find ways to remove them, and
• work with stakeholders to address their mission challenges.

In January of 2025, four agencies co-released a report entitled “Closing the Software Understanding Gap” about the national need for software understanding. See: CISA press release, NSA press release, OUSD R&E Post, or DARPA news. In June of 2025, SUNS was presented at the National Academies workshop on cyber hard problems (start of day two video)

There are two key documents available:

• The National Need for Software Understanding — a comprehensive report that also includes detailed results from the SUNS 2023 Workshop (announcement, FAQ, synopsis)
• SUNS Technical Research, Development, and Engineering Roadmap (a possible path to technical progress)

SUNS is aligned with two important existing national efforts:

• An ONCD technical report, Back to the Building Blocks: A Path Toward Secure and Measurable Software, calls for improving empirical metrics to effectively measure software and is intrinsically linked to the SUNS call for software understanding capabilities to address the accelerating risk in our NS&CI missions from undiscovered behavior in inscrutable software.
• Software Understanding compliments CISA’s Secure by Design initiative by enhancing software analysis. Software that is secure by design is designed for analysis – that is, designed to support independent efforts to scrutinize software artifacts to verify and validate the software before it is placed into use.

Recently CISA drew attention to The National Need for Software Understanding report and invited software analysis experts and mission owners to engage with CISA and their partners to collectively shape research priorities and maintain a sustained focus on addressing this critical challenge.

For more information about SUNS please contact suns@sandia.gov. Sandia National Laboratories supports the SUNS effort through interagency agreements with the Department of Homeland Security’s Science and Technology Directorate (e.g., 70RSAT23KPM000043).