Cigital

Last updated
Cigital
Company typePublic
Industry software security
Founded1992, as Reliable Software Technologies, renamed in 2000 to Cigital [1]
Fateacquired by Synopsys
Headquarters Mountain View, CA,
Dulles, VA
,
U. S.
Number of locations
Atlanta, Bangalore, Bloomington, Boston, Chicago, Dallas, Minneapolis, New York, Santa Clara, Seattle, London
Area served
Worldwide
Key people
 Gary McGraw
Services Architecture Analysis, Ethical Hacking, Penetration Testing, Static Analysis, Training, Policy Development
OwnerPublic Company
Number of employees
400 security consultants [2]
Parent Synopsys
Website https://www.synopsys.com/software-integrity.html

Cigital was a software security managed services firm based in Dulles, VA. [3] The services they offered included application security testing, penetration testing, and architecture analysis. Cigital also provided instructor-led security training and products such as SecureAssist, a static analysis tool that acts as an application security spellchecker for developers. [4] [5] [6] [7] [8]

Contents

History

Cigital was established in 1992 with grants from DARPA. [9] [10] In 1999 the firm created ITS4, which according to Cigital, was the world's first static analysis tool. [11] The technology in this product was eventually licensed to Kleiner Perkins and used as the basis for the creation of Fortify Software in 2003. In 2010, Fortify was acquired by Hewlett Packard for $300 million. [12]

BSIMM (Build Security In Maturity Model) [13] is a software security measurement framework that helps organizations compare their software security to other organizations. [14] BSIMM was started as a joint project by Cigital and Fortify Software. [15] [16]

In 2002, Cigital announced finding a vulnerability in Visual C++ .Net compiler [17] [18] [19] (related to a GS compiler flag being inefficient). [20] Cigital was criticized for not following responsible disclosure in this case, [20] however, Cigital has defended its position due to the nature of the vulnerability. [20]

On November 30, 2016, Cigital was acquired by Synopsys, an electronic design automation company. [21]

Acquisitions

In November 2014, Cigital acquired IViz Security, an information security company in the field of on-demand application penetration testing.

In November 2016, it was announced that Synopsys, Inc. would be acquiring Cigital and Codiscope. [22]

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.

<span class="mw-page-title-main">Synopsys</span> American software company

Synopsys, Inc. is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. As of 2023, the company is a component of both the Nasdaq-100 and S&P 500 indices.

<span class="mw-page-title-main">Ansys</span> American technology company

Ansys, Inc. is an American multinational company with its headquarters based in Canonsburg, Pennsylvania. It develops and markets CAE/multiphysics engineering simulation software for product design, testing and operation and offers its products and services to customers worldwide.

The Open Web Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

<span class="mw-page-title-main">Coverity</span> American software company

Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects.

<span class="mw-page-title-main">Fortify Software</span> American software company

Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2023.

<span class="mw-page-title-main">Rogue Wave Software</span> American software company

Rogue Wave Software was an American software development company based in Louisville, Colorado. It provided cross-platform software development tools and embedded components for parallel, data-intensive, and other high-performance computing (HPC) applications.

Micro Focus International plc was a British multinational software and information technology business based in Newbury, Berkshire, England. The firm provided software and consultancy. The company was listed on the London Stock Exchange and the New York Stock Exchange until it was acquired by the Canadian software firm OpenText in January 2023.

Gary McGraw is an American computer scientist, author, and researcher.

<span class="mw-page-title-main">Red Lizard Software</span>

Red Lizard Software was a privately held software vendor for static analysis tools. The company was founded in 2009 as a spinout from the Australia research centre NICTA. It was headquartered in Sydney, Australia. In December 2015, the company was acquired by Synopsys and merged into the Coverity product line.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

Core Security by HelpSystems is an American computer and network security company provides cyber threat prevention and identity access management software products and services, including penetration testing, network traffic analysis, threat detection, privileged access management, and identity governance The company’s research arm, CoreLabs, identifies new IT security vulnerabilities, publishes public vulnerability advisories, and works with vendors to assist in eliminating the exposures they find.

Perforce Software, Inc. is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle management, web application servers, debugging tools and agile planning software.

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.

Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver, Colorado, United States with development offices in Vancouver, British Columbia, Tel Aviv, Israel, Austin, Texas, Denver, Colorado, Boston, Massachusetts and Edinburgh, Scotland. Ping also has European operations with offices in London, Paris, and Switzerland as well as offices in Bangalore, Melbourne, and Tokyo, serving Asia-pacific. It was a publicly traded company until getting acquired by Thoma Bravo and taken private in October 2022.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

References

  1. Cigital Inc. profile
  2. "The Cigital Story". Cigital. May 2016. Archived from the original on August 3, 2016. Retrieved May 27, 2016.
  3. Schafer, Sarah (January 25, 2001). "Cigital Helps Wired World Stay That Way; Dulles Firm Works to Minimize Its Clients' Risks of Software Failure". The Washington Post .
  4. "Home". cigital.com.
  5. Johnston, Nicholas (August 26, 2002). "Cigital Sees Secure Opportunities; Already Profitable, the 10-Year- Old Software Maker Is Poised to Grow". The Washington Post .
  6. Overly, Steven (October 7, 2013). "The Download: Dulles-Based Cigital Secures $50M from Private Equity Firm LR Partners (Posted 2013-10-07 15:56:28); Software Security Firm Brings in Private Equity Shop to Expand in Existing Markets, Reach New Ones". The Washington Post .
  7. King, Mason (October 7, 2013). "Town, gown and techies team up in Bloomington". Indianapolis Business Journal .
  8. Smeltz, Adam (October 7, 2013). "Hackers Who Attack U.S. in Line for Lucrative Payoffs". Pittsburgh Tribune Review . Retrieved October 27, 2012.[ dead link ]
  9. Calnan, Christopher. "Praetorian pours profits into new products" . Retrieved 28 June 2013.
  10. "Reliable Software Technologies Corp". SBIRSource. Retrieved 29 July 2013.
  11. "ITS4: Software Security Tool". Archived from the original on 21 April 2015. Retrieved 21 April 2015.
  12. Rao, Leena (17 August 2010). "HP Acquires Software Security Company Fortify". Tech Crunch.
  13. "Building Security In Maturity Model | BSIMM". www.bsimm.com. Retrieved 2019-08-29.
  14. McGraw, Gary; rian Chess; Sammy Migues (March 16, 2009). "Software [In]security: The Building Security In Maturity Model (BSIMM)". InformIT. Retrieved 28 June 2013.
  15. The Rocky Road To More Secure Code, Wall Street and Technology
  16. New Effort Hopes to Improve Software Security, Wall Street Journal
  17. Microsoft's New 'Compiler' Program Has Security Flaw, Consultancy Says. WSJ
  18. Flaw spotted in new Microsoft tool. CNet
  19. "Net Security Company Reports Flaw". Associated Press . February 15, 2002.
  20. 1 2 3 Was Cigital security warning too hasty? CNet
  21. "Synopsys Completes Acquisitions of Cigital and Codiscope" . Retrieved 2018-10-29.
  22. "Synopsys (SNPS) to Acquire Cigital and Codiscope". StreetInsider.com. Retrieved 11 November 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.