Company type | Public |
---|---|
Industry | software security |
Founded | 1992, as Reliable Software Technologies, renamed in 2000 to Cigital [1] |
Fate | acquired by Synopsys |
Headquarters | Mountain View, CA, , |
Number of locations | Atlanta, Bangalore, Bloomington, Boston, Chicago, Dallas, Minneapolis, New York, Santa Clara, Seattle, London |
Area served | Worldwide |
Key people | Gary McGraw |
Services | Architecture Analysis, Ethical Hacking, Penetration Testing, Static Analysis, Training, Policy Development |
Owner | Public Company |
Number of employees | 400 security consultants [2] |
Parent | Synopsys |
Website | https://www.synopsys.com/software-integrity.html |
Cigital was a software security managed services firm based in Dulles, VA. [3] The services they offered included application security testing, penetration testing, and architecture analysis. Cigital also provided instructor-led security training and products such as SecureAssist, a static analysis tool that acts as an application security spellchecker for developers. [4] [5] [6] [7] [8]
Cigital was established in 1992 with grants from DARPA. [9] [10] In 1999 the firm created ITS4, which according to Cigital, was the world's first static analysis tool. [11] The technology in this product was eventually licensed to Kleiner Perkins and used as the basis for the creation of Fortify Software in 2003. In 2010, Fortify was acquired by Hewlett Packard for $300 million. [12]
BSIMM (Build Security In Maturity Model) [13] is a software security measurement framework that helps organizations compare their software security to other organizations. [14] BSIMM was started as a joint project by Cigital and Fortify Software. [15] [16]
In 2002, Cigital announced finding a vulnerability in Visual C++ .Net compiler [17] [18] [19] (related to a GS compiler flag being inefficient). [20] Cigital was criticized for not following responsible disclosure in this case, [20] however, Cigital has defended its position due to the nature of the vulnerability. [20]
On November 30, 2016, Cigital was acquired by Synopsys, an electronic design automation company. [21]
In November 2014, Cigital acquired IViz Security, an information security company in the field of on-demand application penetration testing.
In November 2016, it was announced that Synopsys, Inc. would be acquiring Cigital and Codiscope. [22]
In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.
Synopsys, Inc. is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. As of 2023, the company is a component of both the Nasdaq-100 and S&P 500 indices.
Ansys, Inc. is an American multinational company with its headquarters based in Canonsburg, Pennsylvania. It develops and markets CAE/multiphysics engineering simulation software for product design, testing and operation and offers its products and services to customers worldwide.
The Open Web Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.
Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).
Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.
Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects.
Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2023.
Rogue Wave Software was an American software development company based in Louisville, Colorado. It provided cross-platform software development tools and embedded components for parallel, data-intensive, and other high-performance computing (HPC) applications.
Micro Focus International plc was a British multinational software and information technology business based in Newbury, Berkshire, England. The firm provided software and consultancy. The company was listed on the London Stock Exchange and the New York Stock Exchange until it was acquired by the Canadian software firm OpenText in January 2023.
Gary McGraw is an American computer scientist, author, and researcher.
Red Lizard Software was a privately held software vendor for static analysis tools. The company was founded in 2009 as a spinout from the Australia research centre NICTA. It was headquartered in Sydney, Australia. In December 2015, the company was acquired by Synopsys and merged into the Coverity product line.
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.
Core Security by HelpSystems is an American computer and network security company provides cyber threat prevention and identity access management software products and services, including penetration testing, network traffic analysis, threat detection, privileged access management, and identity governance The company’s research arm, CoreLabs, identifies new IT security vulnerabilities, publishes public vulnerability advisories, and works with vendors to assist in eliminating the exposures they find.
Perforce Software, Inc. is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle management, web application servers, debugging tools and agile planning software.
Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.
Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver, Colorado, United States with development offices in Vancouver, British Columbia, Tel Aviv, Israel, Austin, Texas, Denver, Colorado, Boston, Massachusetts and Edinburgh, Scotland. Ping also has European operations with offices in London, Paris, and Switzerland as well as offices in Bangalore, Melbourne, and Tokyo, serving Asia-pacific. It was a publicly traded company until getting acquired by Thoma Bravo and taken private in October 2022.
Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.
Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."