Mayhem Blog

Recently, Mozilla, makers of the Firefox browser, reported 20 vulnerabilities they found through fuzz testing their code.

I was recently challenged to come up with the best methods you can use in 2023 to make the systems you are developing more secure. I realized it boils down to one thing: automating offense as part of your defensive security program.

In this blog, we’ll take a look at Part One of the Securing The Software Supply Chain series released by the NSA, the CISA, and the ODNI.

Learn how SAST and Mayhem can work together to identify both known-unknown and unknown-unknown risks.

With vulnerability scanning, you are only addressing the known vulnerabilities and missing the bigger picture, which are the unknown vulnerabilities.

Using SAST alone can cause significant frustration for developers and fall short for security for two fundamental reasons.

This post outlines some of the techniques used to identify the vulnerability CVE-2022-36086 in RustOS and how Mayhem helped discover it.

When executing the target in the context of a dynamic analysis, Mayhem employs mechanisms that first identify the root cause of a potential issue and then try to resolve it by intelligently providing different configuration values.

Mayhem for Code helps developers save time by eliminating the need to manually write test cases and comb through false positives, as well as helping find and fix vulnerabilities before software is released.