Certificate Transparency Does More Harm Than Good – Here’s Why
With Google’s recent decision to change the lock icon, I’ve been spending a lot of time thinking about TLS/SSL - and certificate transparency in general. In this blog post, I’ll explore both how Certificate Transparency is helpful and the downsides, including the way it shares users' information and the rise of beg ... Read More
SCA, SBOM, Vulnerability Management, SAST, or DAST Tools: Which Is Best for Your Team?
There are a lot of options for software security testing tools. How do you know which ones are right for you? In this blog post, I'm going to cover a simple two-step process that will allow you to pick the best software security tool for your organization ... Read More
3 Steps to Automate Offense to Increase Your Security in 2023
I was recently challenged to come up with the best methods you can use in 2023 to make the systems you are developing more secure. I realized it boils down to one thing: automating offense as part of your defensive security program ... Read More
Top 3 Cyber Predictions in 2023 and How You Can Prepare
What will cyber offense start doing this year, and how can you prepare? I’m David Brumley, CEO of ForAllSecure, and here are my top three predictions for offense in 2023 ... Read More
Why “Complete Coverage” SAST Tools Fall Short for Developers
Using SAST alone can cause significant frustration for developers and fall short for security for two fundamental reasons ... Read More
Running iob-cache in Mayhem
Today verilog test vectors are written by hand, which is slow and expensive. ForAllSecure's Mayhem is the first approach for automatically creating new test vectors to achieve code coverage on Verilog programs, saving companies potentially millions and allowing them to move faster ... Read More
Why The Next-Generation Of Application Security Is Needed
From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. As we continue to accumulate security debt and struggle to solve the cybersecurity workforce shortage, it becomes clear that we’re living on borrowed ... Read More
Record-Breaking Zero-Days Require New Approach
We’re facing an application cybersecurity crisis. Today, we’re shipping code faster than we can secure it and that’s left criminals with an offensive advantage. The fix? Move to a more autonomous application security pipeline. You can build an autopilot for appsec, but it won’t be by using the same old ... Read More
Why ForAllSecure Is A 2021 SINET16 Winner
I am proud to announce that ForAllSecure is a 2021 SINET16 Innovation Award winner. Through the SINET16 Innovation Award, the Security Innovation Network (SINET) recognizes leading innovators in the cybersecurity industry ... Read More
Leveraging Fuzz Testing to Achieve ED-203A / DO-356A
What is ED-203A / DO-356A? Aerospace has become a software industry. Software drives every area of flight, including flight control, ground-based systems, communication, weather, maintenance systems, infotainment and more. Like any software-based system, aerospace must continually and proactively find and fix security and safety issues before cyber-attackers can exploit them ... Read More
