Company:Checkmarx

From HandWiki
Checkmarx
TypePrivate
IndustrySoftware Security, Application security
Founded2006
FounderMaty Siman (CTO), Emmanuel Benzaquen (Former CEO)
HeadquartersAtlanta, Georgia, US
Key people
Sandeep Johri (CEO)
Websitecheckmarx.com

Checkmarx is an information security company specializing in software application security testing and risk management for software supply chains. It is headquartered in Atlanta, Georgia in the United States.[1] It has over 900 employees.[1]

Background

Before founding Checkmarx, Maty Siman worked in the Mamram unit of the Israeli Defense Forces (IDF) and later in the Matzov unit. Then he worked a two years term until February 2006 as an advisor at the Israeli Prime Minister's Office.[2]

History

Checkmarx was founded in 2006 by Maty Siman and Emmanuel Benzaquen.[3][1]

In 2017, Checkmarx acquired Codebashing to add AppSec training.[4] The following year, it acquired Custodela, DevSecOps consulting firm.[5][6]

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain.[7][8]

In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.'[9]

Checkmarx announced in December 2025 that it had acquired Tromzo, a California-based company known for its AI-native autonomous security agents.[10] No financial details were made public. Checkmarx stated that Tromzo’s founders, Harshil Parikh and Harshit Chitalia, together with their full AI engineering team, will transition to Checkmarx’s product and engineering division.[11] Tromzo’s cognitive architecture and reasoning engine will serve as an intelligence layer throughout the Checkmarx One platform and will drive new Assist agents beginning in early 2026.[12]

Research

Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks:

  • In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance.[13]
  • In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data.[14]
  • In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data.[15]
  • In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws.[16]
  • In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps.[17]

Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique,[18] alongside broader supply-chain findings in public repositories.[19] Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools.[20]

Funding

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange.[21][22][23] In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million.[23][1][3]

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG,[24] acquired Checkmarx for $1.15 billion.[1][3][25] After the acquisition, Insight Partners retained a minority interest in the company.[1][26]

See also

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 "Hellman & Friedman Acquires Checkmarx for $1.15B" (in en). 16 March 2020. https://www.darkreading.com/application-security/hellman-friedman-acquires-checkmarx-for-1-15b. 
  2. Bar-Yosef, Noa (November 20, 2012). "Security Startups: In Focus With CheckMarx Founder Maty Siman". SecurityWeek. https://www.securityweek.com/security-startups-focus-checkmarx-founder-maty-siman/. 
  3. 3.0 3.1 3.2 "Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B" (in en-US). 16 March 2020. https://techcrunch.com/2020/03/16/insight-partners-sells-security-firm-checkmarx-to-hellman-friedman-for-1-15b/. 
  4. "App security co Checkmarx buys UK co Codebashing" (in en). Globes. 2017-07-24. https://en.globes.co.il/en/article-app-security-co-checkmarx-buys-uk-co-codebashing-1001198477. 
  5. Wenkert, Amarelle (2018-11-08). "Cybersecurity Company Checkmarx Buys Ontario-based Custodela". https://www.calcalistech.com/ctech/articles/0,7340,L-3749426,00.html. 
  6. "Checkmarx Acquires Custodela" (in en). 8 November 2018. https://www.darkreading.com/vulnerabilities---threats/checkmarx-acquires-custodela/d/d-id/1333222. 
  7. "Checkmarx acquires open-source supply chain security startup Dustico". 5 August 2021. https://techcrunch.com/2021/08/05/checkmarx-acquires-open-source-supply-chain-security-startup-dustico/. "Checkmarx’s Dustico acquisition bolsters the open source software supply chain" (in en-US). VentureBeat. 2021-08-09. https://venturebeat.com/business/checkmarxs-dustico-acquisition-bolsters-the-open-source-software-supply-chain/. 
  8. Page, Carly (2021-08-05). "Checkmarx acquires open-source supply chain security startup Dustico" (in en-US). https://techcrunch.com/2021/08/05/checkmarx-acquires-open-source-supply-chain-security-startup-dustico/. 
  9. "Checkmarx CEO Benzaquen stepping down after 17 years in latest shakeup at cyber unicorn" (in en). 2023-02-28. https://www.calcalistech.com/ctechnews/article/sjnolii0o. 
  10. "Checkmarx acquires Tromzo: Leap in autonomous AppSec". 10 December 2025. https://www.sourcesecurity.com/news/checkmarx-acquires-tromzo-leap-autonomous-appsec-co-14655-ga-co-1765370195-ga-1765370885.html. 
  11. Dorbian, Iris (10 December 2025). "PE-backed Checkmarx acquires tech company Tromzo". https://www.pehub.com/pe-backed-checkmarx-acquires-tech-company-tromzo/. 
  12. Chowdhry, Amit (9 December 2025). "Checkmarx Buys Tromzo To Advance Agentic Application Security". https://pulse2.com/checkmarx-buys-tromzo/. 
  13. "Camera app vulnerability could allow surveillance of Android users". 19 November 2019. https://www.securityweek.com/camera-app-vulnerability-could-allow-surveillance-android-users. 
  14. "Ring Android bug could let rogue apps spy on camera feeds". 29 August 2022. https://arstechnica.com/information-technology/2022/08/ring-android-bug-could-let-rogue-apps-spy-on-camera-feeds/. 
  15. "Checkmarx surfaces malicious effort to compromise software supply chains". 15 January 2025. https://devops.com/checkmarx-surfaces-malicious-effort-to-compromise-software-supply-chains/. 
  16. "Developers knowingly push vulnerable code, despite growing breach risk". 3 September 2025. https://www.cybersecuritydive.com/news/software-vulnerabilities-breaches-checkmarx-report/757793/. 
  17. "AI code generation creates blind spots in DevSecOps security". 20 July 2025. https://www.itprotoday.com/devops/ai-code-generation-creates-blind-spots-in-devsecops-security. 
  18. "Lies-in-the-loop attack shows risks in AI coding agents". 12 September 2025. https://www.darkreading.com/application-security/-lies-in-the-loop-attack-ai-coding-agents. 
  19. "Checkmarx surfaces malicious effort to compromise software supply chains". 3 September 2025. https://devops.com/checkmarx-surfaces-malicious-effort-to-compromise-software-supply-chains/. 
  20. "Developers knowingly push vulnerable code, despite growing breach risk". 3 September 2025. https://www.cybersecuritydive.com/news/software-vulnerabilities-breaches-checkmarx-report/757793/. 
  21. Scheer, Matt (2020-07-27). "Security Checks When Submitting Apps to the Salesforce ISV Team" (in en). https://www.crmscience.com/single-post/2020/07/22/conduct-security-checks-before-submitting-apps-to-the-salesforce-isv-team. 
  22. "Checkmarx Raises Funding From Salesforce.com, Ofer Hi-Tech" (in en-US). https://techcrunch.com/2011/10/11/checkmarx-raises-funding-from-salesforce-com-ofer-hi-tech/. 
  23. 23.0 23.1 "Insight Venture Partners to buy Israeli co Checkmarx - Globes" (in he). 2015-06-17. https://en.globes.co.il/en/article-insight-venture-partners-to-buy-israeli-co-checkmarx-1001045698. 
  24. "In $1.15 Billion Deal, Hellman & Friedman Acquires DevOps Firm Checkmarx | Israel Defense" (in en). 17 April 2020. https://www.israeldefense.co.il/en/node/42627. 
  25. "3 Israeli cybersecurity firms win Black Unicorn Awards" (in en-US). 2019-08-22. https://www.israel21c.org/3-israeli-cybersecurity-firms-win-black-unicorn-awards/. 
  26. Novinson, Michael (2020-06-24). "The Biggest 10 Cybersecurity Acquisitions Of 2020 (So Far)". https://www.crn.com/slide-shows/security/the-biggest-10-cybersecurity-acquisitions-of-2020-so-far-/8. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Company:Checkmarx&oldid=4221965"