SBN

Why ForAllSecure Is A 2021 SINET16 Winner

Why ForAllSecure Is A 2021 SINET16 Winner

David Brumley

·

October 14, 2021

I am proud to announce that ForAllSecure is a 2021 SINET16 Innovation Award winner. Through the SINET16 Innovation Award, the Security Innovation Network (SINET) recognizes leading innovators in the cybersecurity industry. A judging committee consisting of 117 cybersecurity experts across federal and commercial sectors considered applications from 190 innovative companies across 18 countries. From this, sixteen companies were named as winners.

ForAllSecure joins an impressive alumni of winners that have gone on to become household names in the cybersecurity industry, including FireEye, CrowdStrike, Duo Security, Cylance, Menlo Security and others. ForAllSecure’s SINET16 win marks a significant moment in cybersecurity history. It is the first fuzz testing company to win, further acknowledging the need for the next-generation of application security. 

SOFTWARE NEEDS AUTOMATION

Have you ever wondered how the world’s best human hackers find new vulnerabilities? Or better yet, how do we replace all that human effort? We’d need automated analysis that actually proves real vulnerabilities, rather than just today’s simple pattern-matching tech. This allows developers to focus on what’s really actionable.

The world is facing a software security crisis.

Github reports there are 570 times more developers than cybersecurity experts.

Worse, 87% of organizations say they can’t keep up with automating security testing, so we are fielding code faster than we can secure it.

The result. The status quo technologies have left offense with a permanent advantage.

But what if there was an autopilot for appsec?

At ForAllSecure, we’re helping companies across the globe realize the value of an autonomous appsec world. We believe that world is possible, and we unleashed Mayhem to prove it. 

APPSEC ON AUTOPILOT

Mayhem is a brand new approach to application security that DARPA called revolutionary, and industry calls next-generation fuzzing. Mayhem has two simple and easy to understand advantages over today’s appsec solutions.

First, Mayhem has zero false positives and proves bugs, eliminating the need for your team to double-check your appsec results. Developers love that Mayhem proves vulnerabilities by giving an actual test case that demonstrates exploitability because they can debug and fix the problem just like any other failing test. Companies love the savings from eliminating the hidden cost of false positives. Levels.fyi reports the average appsec engineer makes $133k/year. OWASP reports industry false positive rates from 25% up to 75% or higher! That means false positives are costing your business $33-100k or more in wasted appsec engineer time.

Second, Mayhem reduces the cloud of uncertainty that lurks over untested code during the entire lifecycle, including security patches. In fact, some studies show that testing improves reliability and security up to 86% because defects are found early in development, Google reports up to 40% of their bugs are regression failures. And by the way, development itself is sped up 8%.  

Mayhem automatically improves your development and security test suite, ensuring vulnerabilities stay fixed and don’t break existing features over the entire lifecycle. 

Whether you’re publishing a compiled app for your customers or providing them an API to use, Mayhem has you covered. 

UNLEASH MAYHEM

Mayhem for Code secures your published applications written in compiled languages. Any compiled code is supported, including C, C++, Go, and Rust. Code you wrote, and third-party executable code you depend on.

Don’t think just because you’re using a “safe” language like Go or Rust you don’t need Mayhem.

For example, both Go Ethereum and Rust Ethereum clients had serious vulnerabilities found with fuzzing. The vulnerabilities were unfortunately even exploited by attackers in 2021, where they were trying to launch a double-spend attack that could’ve undermined the entire cryptocurrency. 

Mayhem for APIs tests your APIs both as you write them and those that are already deployed.  Just point Mayhem at your API URL along with an OpenAPI spec and go.

You’re in good company with Mayhem. Whether you’re building a large network like Cloudflare, a video game platform like Roblox, or securing our nation, Mayhem has you covered. 

Mayhem even helps you satisfy industry-specific security requirements. Automate your appsec, so you can focus on what you do best. 

Interested in learning more? Contact us at forallsecure.com.

Stay Connected


Subscribe to Updates

By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.

*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by David Brumley. Read the original post at: https://forallsecure.com/blog/forallsecure-is-a-2021-sinet16-award-winner