ForAllSecure to deploy Mayhem fuzzing solution across US DoD branches

12 May 2020 (Last Updated May 12th, 2020 11:52)

ForAllSecure has won a contract with the Defense Innovation Unit (DIU) for the deployment of its next-generation fuzzing solution.

ForAllSecure has won a contract with the Defense Innovation Unit (DIU) for the deployment of its next-generation fuzzing solution.

Known as Mayhem, the solution will be implemented across the US Department of Defense’s (DoD) several branches.

Under the $45m contract, the company will integrate its software security solution into some critical systems of the DoD.

Currently, Mayhem is used by the Naval Sea Systems Command (NAVSEA), the Air Force 90th Cyberspace Operations Squadron, the Air Force 96th Cyberspace Test Group and the US Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR).

The patented technology is the result of more than a decade of research at Carnegie Mellon University.

It brings together technologies of guided fuzzing and symbolic execution and offers continuous security when integrated into software development cycles.

Guided fuzzing and symbolic execution are two dynamic application security testing (DAST) techniques.

ForAllSecure CEO David Brumley said: “Mayhem is the result of over two decades of research in how to identify critical software flaws first and not be slowed down by false positives. The benefits go beyond security.

“Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software.

“Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing.”

Following its win in the Defense Advanced Research Projects Agency (DARPA) Cyber Grand Challenge, the first prototype of Mayhem gained recognition in 2016.

To date, ForAllSecure has raised $15m Series A funding with New Enterprise Associates to expand Mayhem’s availability.