I don’t typically amplify security tool vendors’ announcements.

However, for about 15 years, I’ve been urging vendors to address the millions of developers who do not work for a company large enough to afford million dollar tools, or even tools whose entrance is $10’s of thousands. Millions of programmers cannot afford commercial tools as currently priced; I’m sorry to be so very blunt.

ForAllSecure have done it! The Mayhem for API Free Plan*
This is a significant step in the right direction to everyone’s benefit.

(Please attend my keynote at FuzzCon, August 5th, for what’s wrong with #appsec and why multiple techniques that must include #fuzzing comprise our current best hope for software security.)

Kudos to the folk at ForAllSecure. You’re leading the way towards a brighter, more secure future.

To be fair, a couple of static analyzer vendors have offered open source projects free scanning for quite some time. Open source programmers: there’s no excuse for not taking advantage of these services!

Still, much software is proprietary with lot of that written by startups, small shops, lone programmers. These coders need tools, too. We all suffer because a large percentage of coders don’t have access to a broad selection of commercial grade tools.

Other vendors, are you listening? I hope so.

*50 free scans/month

cheers,

/brook