ForAllSecure Announces Mayhem Being Deployed Across U.S. DoD Branches

ForAllSecure | May 12, 2020

  • ForAllSecure was awarded a contract of up to $45 million with the Defense Innovation Unit (DIU) to expand its software security solution into some of the DoD's most critical systems.

  • ForAllSecure Mayhem helps the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation.

  • ForAllSecure has raised a $15 million Series A with top tier venture firm, New Enterprise Associates.


ForAllSecure, a NEA portfolio company, today announced that Mayhem, its next-generation fuzzing solution, is being deployed across multiple branches of the U.S. Department of Defense (DoD). ForAllSecure was awarded a contract of up to $45 million with the Defense Innovation Unit (DIU) to expand its software security solution into some of the DoD's most critical systems. Mayhem is being used by multiple DoD entities, including but not limited to: the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command (NAVSEA) and the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR).

Mayhem is a patented next-generation fuzzing solution pioneered at Carnegie Mellon University. It combines two proven dynamic application security testing (DAST) techniques, guided fuzzing with symbolic execution, to continuously uncover defects with unprecedented speed, scale and accuracy. ForAllSecure Mayhem helps the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation.

Read More: White House Talks with TSMC, Intel to Develop Chip Foundries in the U.S.

 

Security is about moving faster than the attacker. Mayhem is the result of over two decades of research in how to identify critical software flaws first and not be slowed down by false positives. The benefits go beyond security. Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software. Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing,

David Brumley, CEO of ForAllSecure.



Mayhem's ability to check weapon systems applications is critical as the DoD moves to embrace cyber as a new domain of warfare. In 2018, the U.S. Government Accountability Office (GAO) reported that there are mounting challenges in protecting DoD weapon systems from increasingly sophisticated attacks: "This state is due to the computerized nature of weapon systems; the DoD's late start in prioritizing weapon systems cybersecurity; and DoD's nascent understanding of how to develop more secure weapon systems. DoD weapon systems are more software dependent and more networked than ever before."

The Defense Innovation Unit recognized a potential match between the weapons system security problem and a potential technological solution to operationalize ForAllSecure's initial work featured during the Cyber Grand Challenge and apply it to select critical missions within the DoD. DIU used its Commercial Solutions Opening to put ForAllSecure on contract to prototype its solution with multiple partners across the DoD. The flexibility of the CSO meant that ForAllSecure was able to rapidly and meaningfully iterate on its product with direct feedback from critical users, leading to a much accelerated time to value.

ForAllSecure's first Mayhem prototype gained recognition in 2016 after competing against 110 teams across the U.S. to win the DARPA Cyber Grand Challenge – a competition to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. Since then, ForAllSecure has raised a $15 million Series A with top tier venture firm, New Enterprise Associates. ForAllSecure is scaling to make Mayhem available within the federal and commercial markets.

Read More: CTA Demands Tariff Exemptions to the U.S. Government on Tech Products Made in China

About ForAllSecure

ForAllSecure was founded on the mission to make the world's software secure. Utilizing patented technology from a decade of research at Carnegie Mellon University, ForAllSecure delivers a next-generation fuzzing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure for scalable, advanced security testing that keeps pace with increasing development speeds and deployment frequencies. DARPA deemed ForAllSecure the winner in the 2016 Cyber Grand Challenge, and MIT Technology Review named ForAllSecure in the 50 Smartest Companies 2017 list. Efficiently and effectively secure mission critical software with ForAllSecure.

Spotlight

As a professional working in state and local government you are well aware of the role of technology in improving access and delivery of government services, cost-saving pportunities and efficient processes to drive innovation. With over 30 years of working closely with hundreds of customers just like you, we understand both the challenges you face and the technology you need to overcome them. We’ve partnered with organizations like yours, to deliver solutions and services that empower state and local government staff and citizens, connect communities and improve service delivery. With a dedicated team of specialists, our solutions have tackled just about every IT operational issue faced in government, from the modernization of data centers to the setting-up of shared infrastructure services.

Spotlight

As a professional working in state and local government you are well aware of the role of technology in improving access and delivery of government services, cost-saving pportunities and efficient processes to drive innovation. With over 30 years of working closely with hundreds of customers just like you, we understand both the challenges you face and the technology you need to overcome them. We’ve partnered with organizations like yours, to deliver solutions and services that empower state and local government staff and citizens, connect communities and improve service delivery. With a dedicated team of specialists, our solutions have tackled just about every IT operational issue faced in government, from the modernization of data centers to the setting-up of shared infrastructure services.

Related News

CYBERSECURITY

PC Matic Achieves FedRAMP Authorization

PC Matic | July 27, 2022

American-based cybersecurity firm, PC Matic, announced it has received authorization from the Federal Risk and Authorization Management Program (FedRAMP) for its federal application execution control solution, PC Matic Federal. PC Matic's Authorization to Operate (ATO) is at the moderate impact level through partnership from the U.S. Small Business Administration (SBA). With the full authorization milestone now achieved, PC Matic Federal joins a small and elite group of cloud technology companies authorized to sell into the federal marketplace. This designation allows the United States federal government to begin purchasing and deploying the company's patented application execution control technology to endpoints across its respective departments and agencies. Application execution control is also commonly referred to as Application Whitelisting or Application Allowlisting. "Zero trust begins with prevention, As the federal government begins to align its IT infrastructure with Zero Trust Architectures (ZTA) as mandated by the President's Executive Order on Improving the Nation's Cybersecurity, the ability to procure and deploy application execution control solutions is mission critical. With our authorization fully approved, PC Matic Federal is now well-positioned to assist the federal government with taking a preventative approach to cybersecurity by enhancing its zero trust architectures." -Rob Cheng, CEO and Founder of PC Matic. PC Matic- It has been granted five patents and is a Technology Partner with the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) Zero-Trust Architecture project. The company was founded in 1999 and pioneered the use of default-deny permit by exception for computer applications. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables federal agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based technology.

Read More

GOVERNMENT BUSINESS

SuperCom Secures New Electronic Monitoring Contract in South California

SuperCom | July 22, 2022

SuperCom (NASDAQ: SPCB), a global provider of secured solutions for the e-Government, IoT, and Cybersecurity sectors, announced today that it has secured a new contract to deploy its Pure Security suite of electronic monitoring with a new customer in South California. This customer is a long-standing provider of products and services to the Criminal Justice market with primary operations in the southern part of California. SuperCom's proprietary electronic monitoring products and robust business model working directly with government agencies as well as electronic monitoring service providers were both instrumental in securing the contract. The contract is structured as a per unit per day lease model, with billing at the end of each month, for the use of the PureSecurity suite. "As a developer of public safety solutions, the stakes are high and we must be selective in who we work with. We are constantly impressed by the high caliber of partnerships with local providers we are able to form. These quality partnerships are a testament to the value our products bring to the market, We were able to secure this contract after our proprietary products were evaluated and compared to other competing products by a long-standing provider in the industry. SuperCom continues to win new business in a competitive and demanding market with legacy incumbent vendors, and each win continues to demonstrate industry acceptance and faith in our unique technology and innovative solutions. We expect to see more wins over our competition going forward." -Ordan Trabelsi, CEO and President of SuperCom. SuperCom's PureSecurity Suite is a best-of-breed electronic monitoring and tracking platform with a comprehensive set of innovative features, including smartphone integration, secure communication, advanced security, anti-tamper mechanisms, fingerprint biometrics, voice communication, unique touch screens, and extended battery life. About SuperCom- Since 1988, SuperCom has been a global provider of traditional and digital identity solutions, providing advanced safety, identification, and security solutions to governments and organizations, both private and public, throughout the world. Through its proprietary e-Government platforms and innovative solutions for traditional and biometrics enrollment, personalization, issuance and border control services, SuperCom has inspired governments and national agencies to design and issue secure Multi-ID documents and robust digital identity solutions to its citizens and visitors. SuperCom offers a unique all-in-one field-proven RFID & mobile technology and product suite, accompanied by advanced complementary services for various industries including healthcare and homecare, security and safety, community public safety, law enforcement, electronic monitoring, livestock monitoring, and building and access automation.

Read More

GOVERNMENT BUSINESS

Four Inc. Collaborates with Synopsys as Federal Aggregator

Four Inc. | June 01, 2022

Synopsys, Inc. has named Four Inc. as a federal aggregator. As part of Four Inc.'s boutique aggregation program, Four Inc. will deliver Synopsys Software Integrity Group application security solutions to the federal government through its government contract vehicles and network of channel partners. The program includes multi-year financial solutions and as-a-service products to support and develop Synopsys' government business. Our agreement with Four Inc. is a milestone that will help expand the Synopsys portfolio's reach within the Federal IT ecosystem via a trusted federal aggregator. Broadening our business through the channel is one of our top strategic priorities. This agreement signals the continued momentum and growth we expect by further extending our world-class application security solutions through the channel in the Federal space moving forward." Tom Herrmann, vice president of global channels and alliances within the Synopsys Software Integrity Group Synopsys has been named a six-time Gartner® Magic QuadrantTM Leader for Application Security Testing, a three-time Forrester WaveTM Leader for Software Composition Analysis, and a two-time Forrester WaveTM Leader for Static Application Security Testing. The Synopsys Software Integrity Group assists development teams in producing safe, high-quality software while minimizing risks and increasing productivity. Synopsys is a well-known leader in application security. Its static analysis, software composition analysis, and dynamic analysis tools help teams quickly find and fix vulnerabilities and problems in proprietary code, open source components, and application behavior. Jeff Nolan, Four Inc.’s COO, avers that their government customers are more vulnerable to sophisticated cyber assaults that target vulnerabilities in source code development and network-based applications. They say Synopsys is a great fit for their boutique aggregation platform of services, and they are delighted to work with them. They are also happy to be able to offer their channel partners and government clients Synopsys application security testing solutions that are made to stop these threats.

Read More