DoD's $12.6M COOP program aims to ensure software correctness using formal methods and side-channels
Contract Overview
Contract Amount: $12,622,799 ($12.6M)
Contractor: Galois, Inc.
Awarding Agency: Department of Defense
Start Date: 2024-10-16
End Date: 2026-04-16
Contract Duration: 547 days
Daily Burn Rate: $23.1K/day
Competition Type: FULL AND OPEN COMPETITION
Number of Offers Received: 8
Pricing Type: COST PLUS FIXED FEE
Sector: R&D
Official Description: THE CONTINUOUS-CORRECTNESS ON OPAQUE PROCESSORS (COOP)PROGRAM SEEKS TO DEVELOP HARDWARE AND SOFTWARE TOOLS TO GUARANTEE THAT SOFTWARE IS RUNNING CORRECTLY BY COMBINING FORMAL METHODS AND SIDE-CHANNELS.
Place of Performance
Location: PORTLAND, MULTNOMAH County, OREGON, 97204
State: Oregon Government Spending
Plain-Language Summary
Department of Defense obligated $12.6 million to GALOIS, INC. for work described as: THE CONTINUOUS-CORRECTNESS ON OPAQUE PROCESSORS (COOP)PROGRAM SEEKS TO DEVELOP HARDWARE AND SOFTWARE TOOLS TO GUARANTEE THAT SOFTWARE IS RUNNING CORRECTLY BY COMBINING FORMAL METHODS AND SIDE-CHANNELS. Key points: 1. The contract focuses on advanced research and development in physical, engineering, and life sciences. 2. Galois, Inc. is the sole awardee for this definitive contract. 3. The project duration is approximately 1.8 years, ending in April 2026. 4. This contract is a Cost Plus Fixed Fee type, indicating payment based on allowable costs plus a fixed fee. 5. The program seeks to develop hardware and software tools for formal methods and side-channel analysis. 6. The research aims to guarantee correct software execution, a critical aspect for secure systems.
Value Assessment
Rating: good
The contract value of $12.6 million for a 1.8-year R&D effort in a specialized field like formal methods and side-channels appears reasonable. Benchmarking against similar advanced research contracts is challenging due to the niche nature of the technology. However, the Cost Plus Fixed Fee structure allows for flexibility in research while managing costs, and the fixed fee component provides a degree of cost certainty for the government.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
The contract was awarded under full and open competition, suggesting that multiple interested parties had the opportunity to bid. The presence of 8 bidders indicates a competitive environment for this specialized research area. This level of competition is generally favorable for price discovery and ensuring the government receives competitive proposals.
Taxpayer Impact: A full and open competition process for this R&D contract helps ensure that taxpayer funds are used efficiently by fostering a competitive environment among potential contractors.
Public Impact
The primary beneficiaries are the Department of Defense and potentially other government agencies requiring highly secure and verifiable software systems. The services delivered include the development of novel hardware and software tools for ensuring software correctness. The geographic impact is primarily within the United States, with the contractor Galois, Inc. based in Oregon. Workforce implications include the potential for highly skilled jobs in cybersecurity, formal methods, and hardware/software engineering.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- The specialized nature of the research may limit the pool of qualified contractors in future procurements.
- The success of the developed tools is dependent on complex theoretical and practical advancements.
- The long-term applicability and integration of these tools into existing DoD systems require further validation.
Positive Signals
- The use of formal methods and side-channels represents a cutting-edge approach to software assurance.
- The competitive award process suggests a robust evaluation of technical capabilities and proposed approaches.
- The clear objective of guaranteeing software correctness addresses a critical national security need.
Sector Analysis
This contract falls within the Research and Development sector, specifically focusing on advanced computing and cybersecurity. The market for formal methods and side-channel analysis tools is highly specialized, often driven by government and defense needs for high-assurance systems. Comparable spending benchmarks are difficult to establish due to the niche nature, but R&D contracts in advanced computing can range from millions to tens of millions of dollars.
Small Business Impact
The contract was awarded under full and open competition and does not indicate any specific small business set-aside. Galois, Inc. is a small business, which is a positive signal for the small business ecosystem. However, the primary contract award itself is not a set-aside, meaning larger businesses could also compete. Subcontracting opportunities for small businesses are not explicitly detailed in the provided data but are possible.
Oversight & Accountability
Oversight will likely be managed by the Defense Advanced Research Projects Agency (DARPA) program managers. Accountability measures are inherent in the Cost Plus Fixed Fee contract type, requiring detailed reporting of costs and progress. Transparency is facilitated through contract awards and reporting requirements, though the specific technical details of the research may be sensitive.
Related Government Programs
- Cybersecurity Research Programs
- High-Assurance Computing Systems
- Formal Verification Tools
- Hardware Security Research
- Software Assurance Initiatives
Risk Flags
- Technical Feasibility Risk
- Integration Complexity Risk
- Reliance on Advanced Theoretical Concepts
- Limited Market Applicability (initially)
Tags
research-and-development, department-of-defense, darpa, definitive-contract, cost-plus-fixed-fee, full-and-open-competition, cybersecurity, formal-methods, software-assurance, oregon, small-business-contractor
Frequently Asked Questions
What is this federal contract paying for?
Department of Defense awarded $12.6 million to GALOIS, INC.. THE CONTINUOUS-CORRECTNESS ON OPAQUE PROCESSORS (COOP)PROGRAM SEEKS TO DEVELOP HARDWARE AND SOFTWARE TOOLS TO GUARANTEE THAT SOFTWARE IS RUNNING CORRECTLY BY COMBINING FORMAL METHODS AND SIDE-CHANNELS.
Who is the contractor on this award?
The obligated recipient is GALOIS, INC..
Which agency awarded this contract?
Awarding agency: Department of Defense (Defense Advanced Research Projects Agency).
What is the total obligated amount?
The obligated amount is $12.6 million.
What is the period of performance?
Start: 2024-10-16. End: 2026-04-16.
What is the track record of Galois, Inc. in performing similar research and development contracts for the Department of Defense?
Galois, Inc. has a demonstrated history of successfully performing complex research and development contracts, particularly in areas related to cybersecurity, formal methods, and secure systems for government clients, including DARPA. Their expertise in applying formal verification techniques and analyzing side-channel vulnerabilities is well-established. While specific contract details and performance reviews are often not publicly disclosed, their continued selection for advanced research programs by agencies like DARPA suggests a strong track record of technical competence and successful project delivery. Their work often involves pushing the boundaries of theoretical computer science and applying it to practical, high-assurance systems.
How does the $12.6 million contract value compare to other R&D efforts in formal methods and side-channel analysis?
The $12.6 million contract value for the COOP program appears to be within a reasonable range for a specialized, multi-year research and development effort in formal methods and side-channel analysis. Such projects often require significant investment in highly skilled personnel, advanced computational resources, and rigorous theoretical work. While direct comparisons are difficult due to the niche nature of the technology and the proprietary aspects of R&D, similar DARPA or other defense-related research initiatives in advanced computing and cybersecurity can range from several million to tens of millions of dollars. The value reflects the complexity and potential impact of developing novel tools for software correctness assurance.
What are the primary risks associated with the successful development and implementation of the COOP program's tools?
The primary risks associated with the COOP program include technical feasibility, integration challenges, and the inherent complexity of formal methods and side-channel analysis. Developing novel hardware and software tools that can reliably guarantee software correctness is a significant scientific and engineering challenge. There's a risk that the proposed methods may prove more difficult to implement or less effective in practice than anticipated. Furthermore, integrating these new tools into existing complex defense systems could face significant hurdles. The reliance on advanced theoretical concepts also means that breakthroughs are not guaranteed, posing a risk to the program's timeline and deliverables.
How effective is the Cost Plus Fixed Fee (CPFF) contract type for managing R&D projects like COOP?
The Cost Plus Fixed Fee (CPFF) contract type is often considered suitable for research and development projects where the scope of work is not precisely defined at the outset, and innovation is a key objective. For the COOP program, CPFF allows the contractor, Galois, Inc., to incur costs deemed necessary and reasonable for performing the work, plus a predetermined fixed fee representing profit. This structure provides flexibility for exploration and adaptation, which is crucial in R&D. The government benefits from oversight of costs, while the fixed fee incentivizes the contractor to control expenses to maximize their profit margin. However, it requires robust government oversight to ensure costs are appropriate and the work is progressing towards the defined objectives.
What are the historical spending patterns for DARPA's research into software assurance and formal methods?
DARPA has a long history of investing in research related to software assurance, formal methods, and high-assurance systems, recognizing the critical need for reliable and secure software in defense applications. Historical spending patterns show consistent, significant investment in programs aimed at improving software verification, developing new security paradigms, and exploring advanced computing architectures. While specific figures for 'software assurance' or 'formal methods' as distinct categories can fluctuate and are often embedded within broader initiatives (like cyber security, artificial intelligence, or advanced computing), DARPA's overall R&D budget, which runs into billions annually, frequently allocates substantial portions to these foundational areas. Programs like COOP are indicative of this ongoing commitment to advancing the state-of-the-art in ensuring software integrity.
What are the potential implications of the COOP program's success for the broader cybersecurity landscape?
The successful development and adoption of tools from the COOP program could have significant implications for the broader cybersecurity landscape. By providing robust methods to guarantee software correctness, it could lead to the creation of more secure operating systems, applications, and hardware, reducing vulnerabilities exploited by malicious actors. This could enhance the security of critical infrastructure, national defense systems, and even commercial technologies. The methodologies developed might also influence future software development practices, encouraging a greater emphasis on formal verification and provable security from the design phase onwards, potentially raising the overall security bar across the industry.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Scientific Research and Development Services › Research and Development in the Physical, Engineering, and Life Sciences (except Nanotechnology and Biotechnology)
Product/Service Code: RESEARCH AND DEVELOPMENT › C – National Defense R&D Services
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION
Solicitation Procedures: BASIC RESEARCH
Solicitation ID: HR001124S0016
Offers Received: 8
Pricing Type: COST PLUS FIXED FEE (U)
Evaluated Preference: NONE
Contractor Details
Address: 421 SW 6TH AVE STE 300, PORTLAND, OR, 97204
Business Categories: Category Business, Corporate Entity Not Tax Exempt, Small Business, Special Designations, Subchapter S Corporation, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $52,815,642
Exercised Options: $25,245,598
Current Obligation: $12,622,799
Contract Characteristics
Commercial Item: COMMERCIAL PRODUCTS/SERVICES PROCEDURES NOT USED
Cost or Pricing Data: NO
Timeline
Start Date: 2024-10-16
Current End Date: 2026-04-16
Potential End Date: 2026-04-16 00:00:00
Last Modified: 2025-09-29
More Contracts from Galois, Inc.
- Sbir Phase III Task Order 2 Adidrus — $33.3M (General Services Administration)
- Securing Information for Encrypted Verification and Evaluation (sieve) Program — $16.7M (Department of Defense)
- Verification Engineering for Real-World Software Engineers — $9.8M (Department of Defense)
Other Department of Defense Contracts
- Federal Contract — $51.3B (Humana Government Business Inc)
- Lrip LOT 12 Advance Acquisition Contract — $35.1B (Lockheed Martin Corporation)
- SSN 802 and 803 Long Lead Time Material — $34.7B (Electric Boat Corporation)
- 200204!008532!1700!AF600 !naval AIR Systems Command !N0001902C3002 !A!N! !N! !20011026!20120430!008016958!008016958!834951691!n!lockheed Martin Corporation !lockheed Blvd !fort Worth !tx!76108!27000!439!48!fort Worth !tarrant !texas !+000026000000!n!n!018981928201!ac15!rdte/Aircraft-Eng/Manuf Develop !a1a!airframes and Spares !2ama!jast/Jsf !336411!E! !3! ! ! ! ! !99990909!B! ! !A! !a!n!r!2!002!n!1a!a!n!z! ! !N!C!N! ! ! !a!a!a!a!000!a!c!n! ! ! !Y! !N00019!0001! — $34.2B (Lockheed Martin Corporation)
- KC-X Modernization Program — $32.0B (THE Boeing Company)