ForAllSecure Announces Mayhem Being Deployed Across U.S. DoD Branches

ForAllSecure | May 12, 2020

ForAllSecure Announces Mayhem Being Deployed Across U.S. DoD Branches
  • ForAllSecure was awarded a contract of up to $45 million with the Defense Innovation Unit (DIU) to expand its software security solution into some of the DoD's most critical systems.

  • ForAllSecure Mayhem helps the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation.

  • ForAllSecure has raised a $15 million Series A with top tier venture firm, New Enterprise Associates.


ForAllSecure, a NEA portfolio company, today announced that Mayhem, its next-generation fuzzing solution, is being deployed across multiple branches of the U.S. Department of Defense (DoD). ForAllSecure was awarded a contract of up to $45 million with the Defense Innovation Unit (DIU) to expand its software security solution into some of the DoD's most critical systems. Mayhem is being used by multiple DoD entities, including but not limited to: the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command (NAVSEA) and the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR).

Mayhem is a patented next-generation fuzzing solution pioneered at Carnegie Mellon University. It combines two proven dynamic application security testing (DAST) techniques, guided fuzzing with symbolic execution, to continuously uncover defects with unprecedented speed, scale and accuracy. ForAllSecure Mayhem helps the DoD achieve its mission to test critical software, including weapon systems, both with and without developer participation.

Read More: White House Talks with TSMC, Intel to Develop Chip Foundries in the U.S.

 

Security is about moving faster than the attacker. Mayhem is the result of over two decades of research in how to identify critical software flaws first and not be slowed down by false positives. The benefits go beyond security. Mayhem automatically builds a test suite, lowering QA effort to create great and trustworthy software. Our work with the DoD has showcased the powerful benefits of automation in code testing, using the combined technologies of symbolic execution and advanced fuzzing,

David Brumley, CEO of ForAllSecure.



Mayhem's ability to check weapon systems applications is critical as the DoD moves to embrace cyber as a new domain of warfare. In 2018, the U.S. Government Accountability Office (GAO) reported that there are mounting challenges in protecting DoD weapon systems from increasingly sophisticated attacks: "This state is due to the computerized nature of weapon systems; the DoD's late start in prioritizing weapon systems cybersecurity; and DoD's nascent understanding of how to develop more secure weapon systems. DoD weapon systems are more software dependent and more networked than ever before."

The Defense Innovation Unit recognized a potential match between the weapons system security problem and a potential technological solution to operationalize ForAllSecure's initial work featured during the Cyber Grand Challenge and apply it to select critical missions within the DoD. DIU used its Commercial Solutions Opening to put ForAllSecure on contract to prototype its solution with multiple partners across the DoD. The flexibility of the CSO meant that ForAllSecure was able to rapidly and meaningfully iterate on its product with direct feedback from critical users, leading to a much accelerated time to value.

ForAllSecure's first Mayhem prototype gained recognition in 2016 after competing against 110 teams across the U.S. to win the DARPA Cyber Grand Challenge – a competition to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. Since then, ForAllSecure has raised a $15 million Series A with top tier venture firm, New Enterprise Associates. ForAllSecure is scaling to make Mayhem available within the federal and commercial markets.

Read More: CTA Demands Tariff Exemptions to the U.S. Government on Tech Products Made in China

About ForAllSecure

ForAllSecure was founded on the mission to make the world's software secure. Utilizing patented technology from a decade of research at Carnegie Mellon University, ForAllSecure delivers a next-generation fuzzing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure for scalable, advanced security testing that keeps pace with increasing development speeds and deployment frequencies. DARPA deemed ForAllSecure the winner in the 2016 Cyber Grand Challenge, and MIT Technology Review named ForAllSecure in the 50 Smartest Companies 2017 list. Efficiently and effectively secure mission critical software with ForAllSecure.

Spotlight

Devastating extreme-weather events and natural disasters are becoming normal occurrences across the country. In 2018, the US sustained 14 separate billion-dollar natural disasters, and, the previous year, it experienced 16 billion-dollar disaster events totaling $309.5 billion in damages, making 2017 the most expensive year in US history in terms of disaster spending. All told, from 2016 through 2018, the years 2016, 2017, and 2018 have had a three-year average of 15 billion-dollar disaster events per year, the highest on record.

Related News

J&J Agreement with U.S. Government for 100 Million Doses of Investigational COVID-19 Vaccine

Johnson & Johnson | August 06, 2020

Johnson & Johnson today announced its Janssen Pharmaceutical Companies have entered into an agreement with the U.S. government for the large scale domestic manufacturing and delivery in the U.S. of 100 million doses of Janssen's SARS-CoV-2 investigational vaccine, Ad26.COV2.S, for use in the United States following approval or Emergency Use Authorization by the U.S. Food and Drug Administration (FDA). The Biomedical Advanced Research and Development Authority (BARDA), part of the U.S. Department of Health and Human Services' Office of the Assistant Secretary for Preparedness and Response, in collaboration with the U.S. Department of Defense, is committing over $1 billion for this agreement. The vaccine will be provided at a global not-for-profit basis for emergency pandemic use. The U.S. government may also purchase an additional 200 million doses of Ad26.COV2.S under a subsequent agreement.

Read More

Trump administration proposes rolling back protections for big tech

Google | June 18, 2020

The U.S. Justice Department proposed on Wednesday that Congress take up legislation to curb protections big tech platforms like Alphabet’s Google and Facebook have had for decades, a senior official said, following through on President Donald Trump’s bid to crack down on tech giants. The goal of the proposal, which is being finalized, is to push tech companies to address criminal content on their platforms such as child exploitation, terrorism or cyber stalking, and boost transparency for users when the outlets take down lawful material, the Justice Department official said, speaking on condition of anonymity.

Read More

GOVERNMENT BUSINESS

Intel to Collaborate with Microsoft on Defense Advanced Research Projects Agency Program

Intel | March 09, 2021

What’s New: Intel today announced that it has signed a concurrence with Defense Advanced Research Projects Agency (DARPA) to act in its Data Protection in Virtual Environments (DPRIVE) program. The program intends to build up a gas pedal for completely homomorphic encryption (FHE). Microsoft is the key cloud biological system and homomorphic encryption accomplice driving the business selection of the innovation once created by testing it in its cloud contributions, including Microsoft Azure and the Microsoft JEDI cloud, with the U.S. government. The multiyear program addresses a cross-collaboration across different Intel gatherings, including Intel Labs, the Design Engineering Group and the Data Platforms Group, to handle "the last outskirts" in data security, which is registering on completely encoded data without admittance to decoding keys. “Fully homomorphic encryption remains the holy grail in the quest to keep data secure while in use. Despite strong advances in trusted execution environments and other confidential computing technologies to protect data while at rest and in transit, data is unencrypted during computation, opening the possibility of potential attacks at this stage. This frequently inhibits our ability to fully share and extract the maximum value out of data. We are pleased to be chosen as a technology partner by DARPA and look forward to working with them as well as Microsoft to advance this next chapter in confidential computing and unlock the promise of fully homomorphic encryption for all.” – Rosario Cammarota, principal engineer, Intel Labs, and principal investigator, DARPA DPRIVE program Why It Matters: Ensuring the privacy of basic data — regardless of whether individual data or corporate intellectual property — is of key significance to organizations. Today, many depend on an assortment of data encryption strategies to secure data while it is on the way, being used and very still. Notwithstanding, these methods necessitate that data be unscrambled for preparing. It is during this decoded express that data can turn out to be more powerless for abuse. Completely homomorphic encryption empowers clients to register on consistently scrambled data, or cryptograms. The data never should be unscrambled, lessening the potential for cyberthreats. FHE, when actualized at scale, would empower associations to utilize methods, for example, AI, to separate full an incentive from enormous datasets while ensuring data classification across the data's life cycle. Clients across businesses like medical care, protection and money would profit by new uses made conceivable by having the option to utilize and separate an incentive from delicate data to its fullest degree without danger of openness. About Democratizing Adoption of Fully Homomorphic Encryption: FHE selection in the business has been moderate since preparing data utilizing completely homomorphic encryption techniques on cryptograms is data concentrated and brings about a gigantic "execution charge" in any event, for straightforward tasks. Under the DARPA DPRIVE program, Intel plans to plan an application-explicit coordinated circuit (ASIC) gas pedal to decrease the exhibition overhead as of now connected with completely homomorphic encryption. At the point when completely understood, the gas pedal could convey an enormous improvement in executing FHE responsibilities over existing CPU-driven frameworks, possibly lessening cryptograms' handling time by five significant degrees. With its mastery in cloud framework, programming stacks and completely homomorphic encryption, Microsoft will be a basic accomplice in speeding up the commercialization of this innovation when prepared, empowering free data sharing and coordinated effort while advancing protection all through the data life cycle. “We are pleased to bring our expertise in cloud computing and homomorphic encryption to the DARPA DPRIVE program, collaborating with Intel to advance this transformative technology when ready into commercial usages that will help our customers close the last-mile gap in data confidentiality —– keeping data fully secure and private, whether in storage, transit or use,” said Dr. William Chappell, chief technology officer, Azure Global, and vice president, Mission Systems, Microsoft. What’s Next: The multiyear DARPA DPRIVE program will traverse a few stages beginning with the plan, advancement and check of essential IP hinders that will be incorporated into a framework on-chip and a full programming stack. All through the undertaking, Intel will survey progress against pre-set up execution focuses on man-made consciousness preparing and derivation responsibilities utilizing homomorphically scrambled data at scale.1 Beyond the advancement of the center innovations required for the plan of the gas pedal, Intel and Microsoft will work with worldwide principles bodies to create global norms for FHE. Intel will likewise keep on putting resources into continuous scholastic examination in the field. About Intel Intel (Nasdaq: INTC) is an industry leader, creating world-changing technology that enables global progress and enriches lives. Inspired by Moore’s Law, we continuously work to advance the design and manufacturing of semiconductors to help address our customers’ greatest challenges. By embedding intelligence in the cloud, network, edge and every kind of computing device, we unleash the potential of data to transform business and society for the better.

Read More

Spotlight

Devastating extreme-weather events and natural disasters are becoming normal occurrences across the country. In 2018, the US sustained 14 separate billion-dollar natural disasters, and, the previous year, it experienced 16 billion-dollar disaster events totaling $309.5 billion in damages, making 2017 the most expensive year in US history in terms of disaster spending. All told, from 2016 through 2018, the years 2016, 2017, and 2018 have had a three-year average of 15 billion-dollar disaster events per year, the highest on record.