A method for protecting a software system against cyber attacks comprising the following steps: subdividing the software system into components, wherein each component maps a set of input vectors to a non-deterministic set of stochastic output vectors; saving the components in a database; testing the software system by associating each component in the database with at least two mutually random input/output (I/O) test vector pairs that serve to map a random input vector to correct a non deterministic output vector; storing I/O test vectors with their respective component, wherein components in satisfaction of their I/O test vectors are valid by definition; and expunging components having invalid output vectors.