Code Dx, a competitor in the 2017 ‘ASTORS’ Homeland Security Awards Program, and a provider of an award-winning application security solution that automates and accelerates the discovery, prioritization and management of software vulnerabilities, was recognized by Gartner in its Hype Cycle for Application Security, 2017 report published July 28, 2017.
Code Dx was identified by Gartner analysts as a sample vendor in its new category for Application Security Testing Orchestration (ASTO), and also in the Application Vulnerability Correlation (AVC) category.
“Application security testing orchestration (ASTO) integrates security tooling across a software development life cycle (SDLC), typically as part of DevSecOps initiatives,” according to Gartner.
As stated in the report, “Application vulnerability correlation (AVC) tools are workflow and process management tools that streamline software development application vulnerability testing and remediation.”
“They incorporate findings from various security-testing data sources (static and dynamic application security testing, software composition analysis, penetration testing, and code reviews) into a centralized tool.”
“AVC tools correlate vulnerability findings to centralize data, perform analysis, prioritize remediation and coordinate application security activities.”
(Code Dx® is a software assurance analytics tool that consolidates and normalizes software vulnerabilities detected by multiple code analysis tools. Its visual analytics help to triage and prioritize software vulnerabilities for efficient remediation. Courtesy of Brianne OBrien and YouTube)
“Gartner is a respected thought leader in information technology, known for forecasting and assessing the potential impact of new security markets,” said Anita D’Amico, Ph.D., CEO of Code Dx.
“We feel their mention of Code Dx, Inc. in two on-the-rise markets validates the direction we are taking Code Dx.”
“As the Application Security Testing (AST) market continues to evolve and mature, comprehensive solutions that automate correlation and vulnerability management are becoming a necessity.”
“These solutions not only speed the testing process and enable teams to focus on developing software, they also provide the peace of mind that comes from knowing the code being developed is secure.”
“We believe Gartner clearly understands the current AST challenges and the need for tools that go beyond just testing code.”
The result of using Code Dx Enterprise is greater vulnerability coverage and a better assessment of overall software security risk.
In the report, Gartner discusses the business impact of ASTO solutions stating that they “aid security, development and operations teams in coordinating the many security tests that should be performed on code.”
“As such, these solutions can be a significant enabler in implementing DevSecOps initiatives, and they promise substantial benefits to the organization in terms of more consistent testing and smoother operations.”
“To the extent individual solutions provide them, additional capabilities – such as the ability to correlate, analyze, and assess defects and vulnerabilities – help improve the speed and effectiveness of vulnerability remediation efforts.”
For the Application Vulnerability Correlation (AVC) tools, the Hype Cycle report states that “the most important business impact is that application security testing programs can realize tangible operational efficiencies in their efforts to manage remediation workflows, and they can prioritize scarce resources for the most critical efforts.”
“As noted, the sources of vulnerability data are growing, and managing and interpreting the data is increasingly challenging.”
“By providing a single view into the wider range of vulnerabilities within an application portfolio, AVC tools can serve as a viewpoint into the relative risk posed by individual applications.”
“By increasing the visibility of the vulnerabilities contained within applications, senior management also gains perspective and an understanding of this critical source of risk — which is likely to enhance overall risk management efforts and potentially lead to increased funding of and prioritization for application security efforts.”
(Watch and Learn… The award-winning Code Dx solution integrates the results of multiple static and dynamic Application Security Testing (AST) tools and manual reviews into a consolidated set of results for quick and easy triage, prioritization and remediation. Courtesy of Code Dx and YouTube)
Code DX at a Glance
Code Dx Enterprise is an automated application vulnerability correlation and management tool that enables multiple testing tools to work together to provide one set of correlated results, then helps users prioritize and manage those vulnerabilities — integrating with application lifecycle management tools so security and development teams work together for faster remediation.
The technology underlying this solution was initially developed as part of a DHS-funded R&D project to make is easier to conduct and analyze multiple application security tests through the development lifecycle, and reduce the barriers to securing the software supply chain.
The people working on this R&D started Code Dx, Inc. to mature the technology into the commercial product now known as Code Dx Enterprise.
Customers include defense contractors, state and federal government agencies, large financial institutions, and health care systems.
They see Code Dx as a valuable addition to their existing investments in Application Security Testing (AST).
Code Dx increases the value of their commercial tool chest with the addition of results from open source tools.
It also enables enterprises to augment their application security testing program by economically distributing AST tools to a broader audience of developers in their organization while maintaining commercial AST tools within their quality assurance and security analysis functions.
With this seamless integration and use of open source and commercial AST tools through Code Dx, security reviews are performed earlier and more frequently in the software development lifecycle, reducing the time to develop and secure production-ready software and decreasing organizational application security risk.
The core technology was partially funded by Department of Homeland Security Science & Technology (DHS S&T) to help secure the nation’s software supply chain.
The Code Dx website provides additional information on Code Dx Enterprise, key features, why to use it, who should use it (security analysts, CISOs, software developers, software QA engineers, etc.), supported tools and languages and information on future releases, including the addition of Hybrid Application Security Testing (HAST).
Code Dx Enterprise in 2017 ‘ASTORS’ Homeland Security Awards Program
The 2017 ‘ASTORS’ Homeland Security Awards Program, organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, Code Dx Enterprise will be competing against the industry’s leading providers of cyber security solutions.
American Security Today will be holding the 2017 ‘ASTORS’ Awards Presentation Luncheon at 12:00 p.m. to 2:00 p.m, Wednesday, November 15th at ISC East, the Northeast’s largest security industry event, in the Jacob Javits Exhibition Center in New York City.
At ISC East you will have the chance to meet with technical reps from over 225 leading brands in the security industry, allowing you to find out about new products and stay ahead of the competition.
Encompassing everything from Video Surveillance and Access Control to Smart Home Technologies and Unmanned Security, you’re sure to find products and services that will benefit your company and clients.