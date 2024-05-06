AI-Powered Intelligence Ensures Solely Reachable CVEs Present During Runtime Are Reported

PITTSBURGH, May 6, 2024 /PRNewswire/ -- ForAllSecure , the world's most advanced application security testing company, today announced the release of Mayhem's Dynamic Software Bill of Materials (SBOM), which looks at an application's actual behavior to find only real, exploitable vulnerabilities. Mayhem eliminates triage and investigations and reduces false positives by leveraging runtime intelligence to increase developer velocity and minimize application risks.

Mayhem's Dynamic SBOM uses runtime intelligence to filter your SCA and SBOM reports to just used components

While conventional software composition analysis (SCA) and SBOM tools provide a static list of dependencies and vulnerable components, Mayhem's runtime profiling creates prioritized views of only the items present when the application runs, putting the spotlight on genuine vulnerabilities to focus and accelerate remediation. Over half of the results from SCA and SBOMs are false positives, with two-thirds of development teams spending more time investigating these than addressing actual vulnerabilities, an inefficiency diverting valuable resources from enhancing software security to chasing non-existent threats.

"Organizations are losing time and unable to optimize due to security teams not knowing their actual risk posture and developers without enough time to fix critical issues that matter," said Josh Thorngren, VP of product at ForAllSecure. "We're solving customer challenges by enabling them to focus on real threats, with Mayhem's dynamic SBOM providing a comprehensive application security platform, reducing the attack surface, and pinpointing vulnerabilities with no false positives so they can ship safer software and release features faster."

With Mayhem's Dynamic SBOM, ForAllSecure offers comprehensive application security, including:

Attack Surface Mapping: Prioritize risk – Mayhem builds a runtime profile of the application as it runs, showing an accurate picture of the CVEs reachable in an application and filtering out the noise from static SCA reports.

When tested against standard open-source software, Mayhem reduced alert noise by over 60%. Significantly reducing noise from false positives and traditional application security, Mayhem's Dynamic SBOM builds a profile during runtime of an organization's application's packages and dependencies. It operates in real-time alongside application containers, empowering security teams to concentrate on genuine threats for improved remediation times and software quality for developers, making it a valuable tool for both teams.

The release of Mayhem's Dynamic SBOM builds atop the award-winning Mayhem platform, which uses attacker techniques to find vulnerabilities in applications and APIs, including:

Runtime profiling . Eliminate false positives from SCA and SBOM by showing only the vulnerabilities reachable when an application runs.

About ForAllSecure

ForAllSecure is a hacker organization focused on advancing cybersecurity through research, education, and product development. Founded in 2012 by CMU researchers, ForAllSecure has over a decade of experience building and participating in CTFs and partnering with K-12 and university departments to develop cybersecurity education programs. In 2016, the company won DARPA's cyber grand challenge focused on autonomous security. Mayhem, ForAllSecure's first commercial product, launched in 2019. Based in Pittsburgh, PA, the company is backed by NEA and KDT and has offices worldwide.

