Mayhem for Code
From 2012 to 2017, the Department of Defense found vulnerabilities in nearly all critical weapon systems under development. Mayhem for Code is a federally-recommended security solution for continuous, automated, accurate testing.
Static analysis techniques produce high false-positives, slowing development momentum and wasting precious expertise on manual defect validation.
Software composition analysis takes a reactive approach, scanning only for known vulnerabilities in third-party code.
The National Defense Act calls for a report on the enhancement of software security for critical systems, recommending binary analysis and symbolic execution tools developed under the Cyber Grand Challenge of the Defense Advanced Research Projects Agency.