PALO ALTO, Calif., May 11, 2020 /PRNewswire/ -- ForAllSecure, a NEA portfolio company, today announced that Mayhem, its next-generation fuzzing solution, is being deployed across multiple branches of the U.S. Department of Defense (DoD). ForAllSecure was awarded a contract of up to $45 million with the Defense Innovation Unit (DIU) to expand its software security solution into some of the DoD's most critical systems. Mayhem is being used by multiple DoD entities, including but not limited to: the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command (NAVSEA) and the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR).
Mayhem is a patented next-generation fuzzing solution pioneered at Carnegie Mellon University. It combines two proven dynamic application security testing (DAST) techniques, guided fuzzing with symbolic execution, to continuously uncover defects with unprecedented speed, scale and accuracy. ForAllSecure Mayhem helps the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation.
"Security is about moving faster than the attacker. Mayhem is the result of over two decades of research in how to identify critical software flaws first and not be slowed down by false positives. The benefits go beyond security. Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software," said David Brumley, CEO of ForAllSecure. "Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing."
Mayhem's ability to check weapon systems applications is critical as the DoD moves to embrace cyber as a new domain of warfare. In 2018, the U.S. Government Accountability Office (GAO) reported that there are mounting challenges in protecting DoD weapon systems from increasingly sophisticated attacks: "This state is due to the computerized nature of weapon systems; the DoD's late start in prioritizing weapon systems cybersecurity; and DoD's nascent understanding of how to develop more secure weapon systems. DoD weapon systems are more software dependent and more networked than ever before."
The Defense Innovation Unit recognized a potential match between the weapons system security problem and a potential technological solution to operationalize ForAllSecure's initial work featured during the Cyber Grand Challenge and apply it to select critical missions within the DoD. DIU used its Commercial Solutions Opening to put ForAllSecure on contract to prototype its solution with multiple partners across the DoD. The flexibility of the CSO meant that ForAllSecure was able to rapidly and meaningfully iterate on its product with direct feedback from critical users, leading to a much accelerated time to value.
ForAllSecure's first Mayhem prototype gained recognition in 2016 after competing against 110 teams across the U.S. to win the DARPA Cyber Grand Challenge – a competition to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. Since then, ForAllSecure has raised a $15 million Series A with top tier venture firm, New Enterprise Associates. ForAllSecure is scaling to make Mayhem available within the federal and commercial markets.
About ForAllSecure ForAllSecure was founded on the mission to make the world's software secure. Utilizing patented technology from a decade of research at Carnegie Mellon University, ForAllSecure delivers a next-generation fuzzing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure for scalable, advanced security testing that keeps pace with increasing development speeds and deployment frequencies. DARPA deemed ForAllSecure the winner in the 2016 Cyber Grand Challenge, and MIT Technology Review named ForAllSecure in the 50 Smartest Companies 2017 list. Efficiently and effectively secure mission critical software with ForAllSecure.
About DIU Defense Innovation Unit (DIU) accelerates the adoption of commercial technology and methodologies into the U.S. military to strengthen our nation's security. With offices in Silicon Valley, Boston, Austin, and the Pentagon, DIU connects the Department of Defense customers with leading technology companies to prototype and transition of commercial solutions into the field within 12 to 24 months. Learn more at www.diu.mil.