David Brumley

Picture of David Brumley
David started as a Professor of Electrical and Computer Engineering at Carnegie Mellon University and later became the Director of CyLab, the CMU cyber security department. He is a well-known researcher in software security, network security, and applied cryptography. Brumley was the faculty advisor to the Plaid Parliament of Pwning, a Capture the Flag team that is internationally ranked as a top competitive hacking team. In 2016, he led his team of researchers to create Mayhem, an autonomous cyber reasoning system, for the DARPA Cyber Grand Challenge. He and his team took first place, proving the concept of autonomous cyber. Brumley founded ForAllSecure with the mission to secure the world's software and serves as the company's CEO.

Recent Posts

Why fuzzing is your friend for DevSecOps

Leaders proactively mitigate risk. One large risk they can mitigate is being blindsided by an unknown software vulnerability. Attackers who find an unknown vulnerability potentially can exploit all of an agency’s systems. When agency IT teams find a vulnerability first, they can make sure it is fixed or remediated before an attack occurs. With..

Read More

Game Theory: Why System Security Is Like Poker, Not Chess

The 1980’s film “Wargames” asked a computer to learn whether global thermonuclear war made sense. In the film, thermonuclear war didn’t make sense but what if, in real life, preemptive cyberattacks were our best hope for winning? Or better yet, what are the cyberwar scenarios and incentives when peace is the best strategy, just like “Wargames”?..

Read More

Mayhem Moves to Production with the Department of Defense

In 2016, Mayhem -- then still a research prototype -- showed that fully autonomous cybersecurity was possible. This was just the first step.

Read More

ForAllSecure's Response to COVID-19

COVID-19 is a global pandemic that affects everyone. We all need to work together, and I wanted to share with you some of the things ForAllSecure is doing.

Read More

Will Autonomous Security Kill CVEs?

How many potholes did you encounter on your way into work today? How many of them did you report to the city?

Read More

Why I'm not Sold on Machine Learning in Autonomous Security: Some Hard Realities on the Limitations of Machine Learning in Autonomous netsec

Tell me if you’ve heard this: there is a new advanced network intrusion device that uses modern, super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart, it learns what’s normal on your network and does not immediately inform you when it sees an anomaly. Or maybe it’s an intrusion prevention system..

Read More

New to Autonomous Security? The Components, The Reality, and What You Can Do Today.

Autonomy is just another word for automating decisions. And we can make cyber more autonomous. This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA(the Defense Advanced Research Projects Agency), and new industry tools.

Read More

Onward to the Next Chapter in ForAllSecure’s Journey

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post, we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement.

Read More

A Reflection on ForAllSecure's Journey in Bootstrapping Behavior Testing Technology

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures. Mobile..

Read More

Mayhem Wins DARPA CGC

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest...and won.  The team walked away with $2 million dollars, which ForAllSecure will use to continue its..

Read More

Stay Connected

Information Management Today

Subscribe to updates