U.S. DoD signs $45 million contract to boost weapons-system software securityNews
May 11, 2020
PALO ALTO, Calif, Software-security firm ForAllSecure has garnered a contract worth $45 million with the U.S. Department of Defense (DoD) to deploy its "Mayhem" next-generation fuzzing software across multiple DoD branches.
According to officials of ForAllSecure, the Mayhem fuzzing solution combines two proven dynamic application security testing (DAST) techniques -- guided fuzzing and symbolic execution -- to continuously test critical software, including weapon systems, both with and without developer participation to uncover defects with speed, scale, and accuracy.
Fuzz testing, or fuzzing, according to company documents, is a DAST technique for negative testing that endeavors to detect known, unknown, and zero-day vulnerabilities.
David Brumley, CEO of ForAllSecure, said of the Mayhem solution: "Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software ... Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing."