Autonomous Real-Time Patching and Penetration TestingDavid Brumley of ForAllSecure on Creating the Mayhem Machine
When David Brumley, CEO of ForAllSecure, was a computer security officer for Stanford University, he noticed that people kept breaking into systems by finding software flaws. That started his crusade to figure out how to teach machines to find and fix those flaws, which led to him creating Mayhem.
Mayhem is a machine that applies patching and continuous penetration testing autonomously and in real time. “Mayhem has helped [companies] do two things: Every time we say there’s a bug, we prove it, and the second is we help them better test their software to make sure good stuff works … as well as that no bad things can occur. And Mayhem automates both,” he says.
In this episode of "Cybersecurity Unplugged," Brumley discusses:
- Software flaw detection and how he developed Mayhem;
- ForAllSecure's contract with the Pentagon to find coding flaws in operating systems and custom programs used by the U.S. military;
- Legal barriers to autonomously fixing software bugs.
David Brumley is the CEO of ForAllSecure, a cybersecurity company whose products are based on the Mayhem machine. He is also a researcher in software security, network security and applied cryptography. Brumley won the DARPA Cyber Grand Challenge by demonstrating that Mayhem can fix its own software security flaws.