At ForAllSecure, our mission is to help developers find critical bugs in their software quicker, easier, and faster than standard development practices and tools. To facilitate this mission, we have looked to the open source world for exemplar software we can analyze with our next-generation fuzzer Mayhem, in order to get a stronger sense of..
Every so often, a technology comes along that seems to perfectly capture the zeitgeist: representing all that is both promising and troubling about the future.
Tell me if you’ve heard this: there is a new advanced network intrusion device that uses modern, super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart, it learns what’s normal on your network and does not immediately inform you when it sees an anomaly. Or maybe it’s an intrusion prevention system..
In my previous post, we covered using bncov to do open-ended coverage analysis tasks to inform our testing. This time we’ll take a look at how to write better tests in the form of harness programs (also known as fuzz drivers, programs written to exercise specific parts of the code) that we will use for fuzz testing.
This month, as interns at ForAllSecure, we participated in a contest to test the beta version of Mayhem on various open source projects. If you’re not familiar with Mayhem, it’s a software security tool that uses next-generation fuzzing, a patented technique that combines guided fuzzing and symbolic execution, to uncover defects in..
Security and speed are often perceived to be mutually exclusive, repelling away from each other like identical poles of a magnet. Dr. David Brumley, CEO of ForAllSecure and professor at CMU, posits that they don’t have to be. In ForAllSecure’s latest webinar on “Achieving Development Speed and Code Quality with Behavior Testing”, Brumley..
Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities.
The CyberWire Daily podcast delivers the day's cyber security news into a concise format. The CyberWire Daily includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day.