Software firm ForAllSecure has received a $45 million deal from the Pentagon’s emerging technologies office to deploy a new tool across the department used to discover security loopholes in software, the company said Monday.
ForAllSecure’s Mayhem “fuzzing” capability will be employed to check for flaws in critical weapon systems and is set to be initially used by the Air Force 96th Cyberspace Test Group and 90th Cyberspace Operations Squadron, the Naval Sea Systems Command and the Army’s C5ISR Center.
“Security is about moving faster than the attacker. Mayhem is the result of over two decades of research in how to identify critical software flaws first and not be slowed down by false positives. The benefits go beyond security. Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software,” David Brumley, the company’s CEO, said in a statement. “Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing.”
Defense Innovation Unit found Mayhem through its Cyber Grand Challenge, which sought out potential solutions for weapon systems security applications.
“[Mayhem] combines two proven dynamic application security testing techniques, guided fuzzing with symbolic execution, to continuously uncover defects with unprecedented speed, scale and accuracy. It will help the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation,” the company wrote in a statement. “Mayhem’s ability to check weapon systems applications is critical as the DoD moves to embrace cyber as a new domain of warfare.”