How Much Testing is Enough? Understanding Test Results with bncov and Coverage Analysis.

A frequently asked question in software testing is “Is that enough testing, or should we do more?” Whether you’re writing unit tests for your programs or finding bugs in closed-source third-party software, knowing what code you have and have not covered is an important piece of information. In this article, we’ll introduce bncov, an open source..

Read More

Top 5 Takeaways From the “ForAllSecure Makes Software Security Autonomous” Livestream

In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms. The Defense Innovation Unit, also known as DIU, is a progressive group within the Department of Defense employing..

Read More

Onward to the Next Chapter in ForAllSecure’s Journey

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post, we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement.

Read More

A Reflection on ForAllSecure's Journey in Bootstrapping Behavior Testing Technology

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures. Mobile..

Read More

Innovators under 35

I am truly honored to share that I have been named to MIT Technology Review’s prestigious annual list of Innovators Under 35 as a Pioneer. The award, first given by the magazine in 1999, celebrates young innovators who are poised to be leaders in their fields. Many amazing people have been given this award: Larry Page and Sergey Brin of..

Read More

Applying Cyber Grand Challenge Technology to Real Software

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debianjust by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get..

Read More

Why ForAllSecure is on MIT Technology Review’s 2017 List of Smartest Companies

I am honored to share that ForAllSecure has been named to MIT Technology Review’s 2017 list of 50 Smartest Companies.   According to the MIT Tech Review team, to make the list, a company must exhibit technological leadership and business acumen, which set them apart from competitors. 

Nanette Byrnes, senior editor for MIT Tech Review business..

Read More

Case Study: LEGIT_00004

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution. We heard that other teams noticed this bug, but..

Read More

Mayhem Wins DARPA CGC

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest...and won.  The team walked away with $2 million dollars, which ForAllSecure will use to continue its..

Read More

Why CGC Matters to Me

By David Brumley

In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song, one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a..

Read More

Categories

Stay Connected

Subscribe to updates