Military Embedded Systems

U.S. DoD signs $45 million contract to boost weapons-system software security


May 11, 2020

Lisa Daigle

Assistant Managing Editor

Military Embedded Systems

PALO ALTO, Calif, Software-security firm ForAllSecure has garnered a contract worth $45 million with the U.S. Department of Defense (DoD) to deploy its "Mayhem" next-generation fuzzing software across multiple DoD branches.

According to officials of ForAllSecure, the Mayhem fuzzing solution combines two proven dynamic application security testing (DAST) techniques -- guided fuzzing and symbolic execution -- to continuously test critical software, including weapon systems, both with and without developer participation to uncover defects with speed, scale, and accuracy.

Fuzz testing, or fuzzing, according to company documents, is a DAST technique for negative testing that endeavors to detect known, unknown, and zero-day vulnerabilities.

David Brumley, CEO of ForAllSecure, said of the Mayhem solution: "Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software ... Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing."



Featured Companies