What’s New In Mayhem 2.10

We’re excited to announce Mayhem 2.10, or “Apricot” (that’s right—we’re naming our releases after fruit now.) This update includes several new features and improvements, including vECU analysis, harness templates, new “daily defect” emails, improved registry RBACs, and improved Windows performance.

‍

Native Analysis for Virtualized ECUs (vECUs)

A challenge for developers building embedded software is the cost and time associated with hardware-in-the-loop (HIL) testing. The costs of hardware environments, and the lack of ‘shift left’ portability make it harder to catch—and fix—issues fast, while keeping development on track.

Mayhem now gives you the ability to perform extensive analysis of your embedded software much earlier in the development process, with our native support for virtualized ECU (vECU) testing. Currently, we support vECUs created with Vector’s vVirtualTarget or exposting the Vector OpenSUT API, but we’ll be expanding the support to other embedded development toolchains in the months ahead. 

‍

How Mayhem's vECU Analysis Works

Analyzing a vECU is very similar to analyzing a binary application. Once you’ve created a vECU that contains your software, along with the base software and environment configuration, Mayhem uses a specialized harness that stimulates pins, observes the behavior of the vECU, and records the results. Each result is fed back into Mayhem’s analysis engine to generate additional tests using our fuzz testing engines or symbolic execution. 

You can customize analysis parameters to fix your specific needs, including error pins, input pins, and delay between pin stimulations.

All test data is collected and triaged by Mayhem for defects, and traces can be easily integrated back into your existing embedded analysis toolchains, such as CANoe. 

‍

Harness Templates 

One of the common questions we hear from customers who are new to techniques like fuzz testing, support execution, or other dynamic analysis tools is, "Where can I start with Mayhem? Can I do it black box, or do I need to write a test harness?"

Mayhem supports both approaches, but we typically recommend that our customers do some level of harnessing to direct Mayhem on where to begin testing. Telling Mayhem to "go figure it out" on its own can slow down the time to reach maximum code coverage and typically results in fewer security results being surfaced in the first minutes of a run.

To better support users who are new to the concept of harnessing, Mayhem now includes built-in harness templates that can be generated from the command line interface. 

How Mayhem Harness Templates Work

When running a "mayhem init" command, you can specify the particular language or instrumentation that you'd like to use. Mayhem will then create a directory structure that contains a templated harness that you can simply drop your code into. This speeds up the setup process and ensures Mayhem starts testing more efficiently, even for users unfamiliar with writing harnesses themselves.

‍

“Daily Defects” Email Notifications

One challenge teams often face is staying on top of newly discovered defects without needing to constantly log in to monitor them. To address this, Mayhem now sends project members a daily email with all newly discovered defects in the projects they have access to in the platform.

 This email includes information about individual projects, the defects found, and potential remediation steps. By providing these updates once a day, we help surface new risks and vulnerabilities that Mayhem exposes without requiring users to log in or copy/paste to integrate Mayhem into chat platforms or CI/CD pipelines. 

‍

Improved Registry RBAC

Managing access to sensitive artifacts across teams can be challenging. To address this, Mayhem 2.10 introduces improved role-based access control (RBAC) for its internal registry, which caches recent artifacts for analysis across your Mayhem instance. 

How Mayhem Registry RBAC Works

Your Mayhem admin can now set project-level permissions in the registry, simply by enabling “Internal Registry Auth Scoping” in the Web Console. Once enabled, this creates RBAC rules within the registry that mirror the RBAC permissions set in your individual Mayhem projects.

This means that when an artifact is pushed to the Mayhem registry, only users who can access that artifact via the Mayhem project have access to it in the registry. This helps ensure that sensitive information isn’t inadvertently exposed across teams. Currently, Mayhem supports C/C++ with options for instrumentation (libFuzzer, honggfuzz) as well as uninstrumented analysis.

‍

Windows Analysis Improvements

Our team’s been hard at work fine-tuning how Mayhem analyzes Windows binaries. We’ve pushed a wide range of changes and updates to the parts of Mayhem’s analysis engine that handle executing tests and triaging results. Our internal benchmarking shows performance improvements between 25-45% when testing Windows applications.

Additionally, for binaries compiled using Microsoft Visual C++ (MSVC), we've re-engineered how Mayhem's analysis runs, providing even more optimized performance speeds and efficiency specifically for binaries compiled with MSVC. 

‍

Web Console UI Updates

The Mayhem Web Console now has a refreshed look and feel, with an updated color palette and a simplified menu that makes navigation easier than ever. We’ve also redesigned our table layouts across main sections of the platform to improve the organization of information, allowing users to access and understand data more efficiently. UI updates are still ongoing across the platform, with the goal of improving your experience and making Mayhem even easier to use.

‍

Bug and Performance Fixes

We’ve also addressed a number of bugs and performance issues in this release, including: 

• Network I/O and Multi-threading Fix: Targets that have network I/O and are multi-threaded would sometimes get stalled during analysis or completely fail. That's now been resolved.
• Improved Input Set Uploads: We fixed an issue where retries of empty uploads at the start of a run were causing delays. Now, Mayhem handles input set uploads more efficiently, allowing runs to start faster.
• Active Runs In Admin View: We fixed a bug causing the aggregate number of active runs and the total runs in a workspace to be transposed in the admin view. 
• ‘Cwd’ in Line Analysis Coverage: Line analysis coverage now properly respects the `cwd` command for the current working directory when starting a run.
• Test Case Triaging Overhaul: We rebuilt Mayhem’s test case triaging and improved how test cases are passed from analysis workers to the database. This fixes a number of issues where test case statistics or individual test cases were not consistent between the CLI and web console. 

And that’s not to mention over 100 additional bug fixes and improvements across the entire Mayhem platform!

‍

Next Up: Upcoming Mayhem Features and Fixes

We’re not slowing down! We’re proud of what we’ve done so far to improve the platform and excited about what’s next. We have some great new features in the pipeline, including:

• Completing Web Console UI updates with new dashboards and an improved new admin section
• Improving API result triage and providing better remediation guidance
• Simplifying ingestion of SBOMs from third parties and improving error handling
• Expanding vECU support across additional toolchains
• Improving harness templates for faster configuration of new Mayhem runs
• Introducing support for external registries to store artifacts under test. 

‍

You'll start seeing these features roll out over the next few months, with the full release of Mayhem 2.11 planned for December 2024. If you have any questions, feel free to reach out—we're always here to help!

‍