Code Dx

Last updated
Code Dx, Inc.
Type Private
Industry Computer software
Development testing
Software assurance
Founded2015-01-15 in Northport, NY, USA
FoundersDr. Anita D'Amico
Ken Prole
Defunct2021
FateAcquired by Synopsys
Headquarters
Northport, New York
,
United States
Key people
Dr. Anita D'Amico (CEO)
Ken Prole (CTO)
Curtis Bragdon (Director of Sales)
Products Code Dx Enterprise
Stat!
Code Pulse
Website codedx.com

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys. [1]

Contents

Overview

Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company, Applied Visions, Inc., in 2015. [2] [3]

History

Applied Visions, Inc. has a division, Secure Decisions, that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program [4] [5] [6] to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”).[ citation needed ]

Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis vulnerability scanner.[ citation needed ]

Consistent with the commercialization goals of the SBIR program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.

Products

Code Dx Enterprise

The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. [7] For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (like OWASP Top 10 and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as HIPAA software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.

Stat!

'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and runs them automatically after installation. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.

Code Pulse

Code Pulse is an open source testing monitoring tool [8] that was developed by Secure Decisions, again as part of a DHS research program, [9] and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.[ citation needed ]

Awards and recognition

Code Dx, Inc.

Code Dx (Software)

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.

<span class="mw-page-title-main">Synopsys</span> American software company

Synopsys is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. As of 2023, the company is a component of both the Nasdaq-100 and S&P 500 indices.

In the context of software engineering, software quality refers to two related but distinct notions:

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

<span class="mw-page-title-main">Application security</span> Measures taken to improve the security of an application

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

<span class="mw-page-title-main">Security testing</span> The process of finding flaws in the security of information systems

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Dynamic program analysis is analysis of computer software that involves executing the program in question. Dynamic program analysis includes familiar techniques from software engineering such as unit testing, debugging, and measuring code coverage, but also includes lesser-known techniques like program slicing and invariant inference. Dynamic program analysis is widely applied in security in the form of runtime memory error detection, fuzzing, dynamic symbolic execution, and taint tracking.

<span class="mw-page-title-main">Fortify Software</span>

Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2022.

<span class="mw-page-title-main">Rogue Wave Software</span> American software company

Rogue Wave Software was an American software development company based in Louisville, Colorado. It provided cross-platform software development tools and embedded components for parallel, data-intensive, and other high-performance computing (HPC) applications.

GrammaTech is a cybersecurity research services company based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech software research services include the following; software analysis, vulnerability detection and mitigation, binary transformation and hardening, and autonomous computing. In September 2023, Battery Ventures acquired GrammaTech's software products division, including the CodeSonar and CodeSentry product lines. Thus establishing a new, independent entity that will operate under the CodeSecure, Inc. name and be headquartered in Bethesda, Maryland.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

Core Security by HelpSystems is an American computer and network security company provides cyber threat prevention and identity access management software products and services, including penetration testing, network traffic analysis, threat detection, privileged access management, and identity governance The company’s research arm, CoreLabs, identifies new IT security vulnerabilities, publishes public vulnerability advisories, and works with vendors to assist in eliminating the exposures they find.

Cigital was a software security managed services firm based in Dulles, VA. The services they offered included application security testing, penetration testing, and architecture analysis. Cigital also provided instructor-led security training and products such as SecureAssist, a static analysis tool that acts as an application security spellchecker for developers.

<span class="mw-page-title-main">Web application firewall</span> HTTP specific network security system

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.

RIPS is a static code analysis software for the automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the Lesser GNU General Public License and was maintained until 2013.

<span class="mw-page-title-main">Software development security</span>

Security, as part of the software development process, is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

<span class="mw-page-title-main">Checkmarx</span> American software security company

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

References

  1. Riley, Duncan (June 8, 2021). "Synopsys snaps up Code Dx for consolidated risk reporting across software vulnerability data". SiliconAngle.
  2. "Code Dx Appoints Cybersecurity Expert, Anita D'Amico, as CEO". Code Dx, Inc. 2015-04-08. Retrieved 2017-04-26.
  3. "Entity Information for CODE DX, INC". NYS Department of State, Division of Corporations. Retrieved 2017-04-26.
  4. "Software Assurance Analysis and Visual Analytics". SBIR.gov. Retrieved 2017-04-26.
  5. "Software Assurance Analysis and Visual Analytics". SBIR.gov. Retrieved 2017-04-26.
  6. "Software Assurance Analysis and Visual Analytics- CRPP". SBIR.gov. Retrieved 2017-04-26.
  7. "Supported SAST and DAST Tools for Code Dx". Code Dx, Inc. Retrieved 2017-04-26.
  8. "OWASP Code Pulse Project". The Open Web Application Security Project. Retrieved 2017-04-26.
  9. "U.S. Department of Homeland Security, Science and Technology Directorate, Cyber Security Division, Software Quality Assurance Project" . Retrieved 2017-04-26.
  10. "Cyber Security Leaders 2016". Cyber Defense Magazine. 25 May 2016. Retrieved 2017-04-26.
  11. "Global Excellence Awards". Info Security Products Guide. Archived from the original on 2018-04-29. Retrieved 2017-04-26.
  12. "Business Awards". Golden Bridge Awards. Archived from the original on 2016-08-14. Retrieved 2017-04-26.
  13. "CDM INFOSEC Award Winners 2016". Cyber Defense Magazine. 26 February 2016. Retrieved 2017-04-26.
  14. Black, Paul E; Badger, Lee; Guttman, Barbara; Fong, Elizabeth (2016-11-01). Dramatically reducing software vulnerabilities: Report to the White House Office of Science and Technology Policy (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology. p. 19. doi: 10.6028/NIST.IR.8151 . Retrieved 2017-04-26.
  15. Bridgwater, Adrian (2015-02-02). "Code Dx: Fewer Data Breaches By Visualizing Code Integrity". Forbes. Retrieved 2017-04-25.
  16. Morgan, Steve. "Long Island Cybersecurity Firm Pops Up On Northrop Grumman's Radar Screen". Forbes. Retrieved 2017-04-26.
  17. "Stopping Cyberattacks Before They Start". Innovate Long Island. 2016-06-07. Retrieved 2017-04-25.
  18. "Code Dx Receives Long Island Software Award". Code Dx, Inc. 2013-04-16. Retrieved 2017-04-26.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.