Cybernet created a software validation system that helps ensure the integrity and trustworthiness of software. This is done by using an instrumented validation machine that watches software behavior, and notes any suspicious activity. The instrumentation consists of watching various system attributes such as file activity, user activity, code execution location, network activity, and so on. Suspicious activity is defined by a probabilistic method utilizing combinations of system behaviors, and is logged on an application or module basis. Good and bad behaviors are trained using known good and malicious software pieces.