Software Understanding for National Security
SUNS (“Software Understanding for National Security”) aims to address the extensive risk to our national security and critical infrastructure (NS&CI) missions resulting from our widespread dependence on largely inscrutable third-party and legacy software. We believe our confidence in NS&CI mission software should be based on reliable, technical evidence. SUNS seeks to:
- revolutionize the nation’s capabilities in software understanding,
- outline and conduct a systematic research agenda,
- drive technical progress using a coordinated and extensive community,
- identify shared impediments and find ways to remove them, and
- work with stakeholders to address their mission challenges.
In January of 2025, four agencies co-released a report entitled “Closing the Software Understanding Gap” about the national need for software understanding. See: CISA announcement, NSA press release, OUSD R&E Post, or DARPA news.
There are two key documents available:
- The National Need for Software Understanding — a comprehensive report that also includes detailed results from the SUNS 2023 Workshop (announcement, FAQ, synopsis)
- SUNS Technical Research, Development, and Engineering Roadmap (a possible path to technical progress)
SUNS is aligned with two important existing national efforts:
- An ONCD technical report, Back to the Building Blocks: A Path Toward Secure and Measurable Software, calls for improving empirical metrics to effectively measure software and is intrinsically linked to the SUNS call for software understanding capabilities to address the accelerating risk in our NS&CI missions from undiscovered behavior in inscrutable software.
- A CISA initiative, Secure by Design, provides guidance on the need for software manufacturers to build more secure software. When software is designed to support analysis, the ability to understand its potential behavior before it is placed into use can be substantially increased. SUNS and Secure by Design are complementary approaches for giving customers and end users better cybersecurity.
For more information about SUNS please contact suns@sandia.gov. Sandia National Laboratories supports the SUNS effort through interagency agreements with the Department of Homeland Security’s Science and Technology Directorate (e.g., 70RSAT23KPM000043).