Security Ledger Podcast: Security Automation is (and Isn't) the future of InfoSec

Every so often, a technology comes along that seems to perfectly capture the zeitgeist: representing all that is both promising and troubling about the future.

Read More

Why I'm not Sold on Machine Learning in Autonomous Security: Some Hard Realities on the Limitations of Machine Learning in Autonomous netsec

Tell me if you’ve heard this: there is a new advanced network intrusion device that uses modern, super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart, it learns what’s normal on your network and does not immediately inform you when it sees an anomaly. Or maybe it’s an intrusion prevention system..

Read More

Beginning Fuzz Cycle Automation: Improving Testing and Fuzz Development with Coverage Analysis

In my previous post, we covered using bncov to do open-ended coverage analysis tasks to inform our testing. This time we’ll take a look at how to write better tests in the form of harness programs (also known as fuzz drivers, programs written to exercise specific parts of the code) that we will use for fuzz testing.

Read More

ForAllSecure Uncovers Vulnerability in Netflix DIAL Software

Introduction

This month, as interns at ForAllSecure, we participated in a contest to test the beta version of Mayhem on various open source projects. If you’re not familiar with Mayhem, it’s a software security tool that uses behavior testing, a patented technique that combines guided fuzzing and symbolic execution, to uncover defects in..

Read More

New to Autonomous Security? The Components, The Reality, and What You Can Do Today.

Autonomy is just another word for automating decisions. And we can make cyber more autonomous. This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA(the Defense Advanced Research Projects Agency), and new industry tools.

Read More

Key Takeaways from ForAllSecure’s, “Achieving Development Speed and Code Quality with Behavior Testing” Webinar

Security and speed are often perceived to be mutually exclusive, repelling away from each other like identical poles of a magnet. Dr. David Brumley, CEO of ForAllSecure and professor at CMU, posits that they don’t have to be. In ForAllSecure’s latest webinar on “Achieving Development Speed and Code Quality with Behavior Testing”, Brumley..

Read More

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing with ForAllSecure's Mayhem Solution

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities.

Read More

The CyberWire Daily Podcast ep. 389 with Guest Speaker David Brumley

The CyberWire Daily podcast delivers the day's cyber security news into a concise format. The CyberWire Daily includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Read More

Open Source Security Podcast Ep. 151-- The DARPA Cyber Grand Challenge with David Brumley

Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day.

Read More

How Much Testing is Enough? Understanding Test Results with bncov and Coverage Analysis.

A frequently asked question in software testing is “Is that enough testing, or should we do more?” Whether you’re writing unit tests for your programs or finding bugs in closed-source third-party software, knowing what code you have and have not covered is an important piece of information. In this article, we’ll introduce bncov, an open source..

Read More

Stay Connected

Information Management Today

Subscribe to updates