Company:Code Dx

From HandWiki
Revision as of 04:29, 8 March 2023 by NBrushPhys (talk | contribs) (update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Code Dx, Inc.
TypePrivate
IndustryComputer software
Development testing
Software assurance
Founded2015-01-15 in Northport, NY, United States
FoundersDr. Anita D'Amico
Ken Prole
Headquarters
Northport, New York
,
Key people
Dr. Anita D'Amico (CEO)
Ken Prole (CTO)
Curtis Bragdon (Director of Sales)
ProductsCode Dx Enterprise
Stat!
Code Pulse
Websitecodedx.com

Code Dx refers to both a software company (Code Dx, Inc.) and its flagship product, a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.

Overview

Code Dx, Inc. is a software technology company that produces tools designed for software developers and cyber security analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company, Applied Visions, Inc., in 2015.[1][2]

History

Applied Visions, Inc. has a division, Secure Decisions, that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program[3][4][5] to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”).[citation needed]

Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis vulnerability scanner.[citation needed]

Consistent with the commercialization goals of the SBIR program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.

Products

Code Dx Enterprise

The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.[6] For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (like OWASP Top 10 and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as HIPAA software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.

Stat!

'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and installs andruns them automatically. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.

Code Pulse

Code Pulse is an open source testing monitoring tool[7] that was developed by Secure Decisions, again as part of a DHS research program,[8] and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.[citation needed]

Awards and recognition

Code Dx, Inc.

  • Code Dx, Inc. was included among Cyber Defense Magazine's 2016 Top 20 Cybersecurity Leaders for the Vulnerability Management category.[9]
  • Code Dx, Inc. was the Silver Winner in the Information Security Products Guide Best Startup of the Year category for 2016.[10]

Code Dx (Software)

  • Code Dx version 2.2 was named the Gold Winner (Best Product of the Year) in the Golden Bridge Awards for the Vulnerability Assessment and Remediation category in 2016.[11]
  • Code Dx Enterprise Edition won the “Cutting Edge Application Security Solution for 2016” award from Cyber Defense Magazine's Annual InfoSec Awards.[12]
  • In a report to the White House, the U.S. National Institute of Standards and Technology recognizes Code Dx as a "tool that matches, consolidates and presents the output of analysis tools."[13]
  • Code Dx has received coverage in Forbes magazine, as well as the Long Island press.[14][15][16][17]

References

  1. "Code Dx Appoints Cybersecurity Expert, Anita D'Amico, as CEO". 2015-04-08. https://codedx.com/code-dx-appoints-cybersecurity-expert-anita-damico-as-ceo/. Retrieved 2017-04-26. 
  2. "Entity Information for CODE DX, INC.". https://appext20.dos.ny.gov/corp_public/CORPSEARCH.ENTITY_INFORMATION?p_token=2610F7BE7B57295287C3F0998264CBCC3CCFAC627E9A2C0C77931EA6E9376FF98F1111D403B6C61B655C44FD9E09CE1C&p_nameid=D4E6BEDDF91A61C3&p_corpid=593AF0451F5F3649&p_captcha=10186&p_captcha_check=450A8802DA845BFC&p_entity_name=%63%6F%64%65%20%64%78&p_name_type=%41&p_search_type=%42%45%47%49%4E%53&p_srch_results_page=0. Retrieved 2017-04-26. 
  3. "Software Assurance Analysis and Visual Analytics". https://www.sbir.gov/sbirsearch/detail/94804. Retrieved 2017-04-26. 
  4. "Software Assurance Analysis and Visual Analytics". https://www.sbir.gov/sbirsearch/detail/363960. Retrieved 2017-04-26. 
  5. "Software Assurance Analysis and Visual Analytics- CRPP". https://www.sbir.gov/sbirsearch/detail/690540. Retrieved 2017-04-26. 
  6. "Supported SAST and DAST Tools for Code Dx". https://codedx.com/supported-tools/. Retrieved 2017-04-26. 
  7. "OWASP Code Pulse Project". https://www.owasp.org/index.php/OWASP_Code_Pulse_Project. Retrieved 2017-04-26. 
  8. "U.S. Department of Homeland Security, Science and Technology Directorate, Cyber Security Division, Software Quality Assurance Project". https://www.dhs.gov/science-and-technology/csd-sqa. Retrieved 2017-04-26. 
  9. "Cyber Security Leaders 2016". http://www.cyberdefensemagazine.com/cyber-security-leaders-2016/. Retrieved 2017-04-26. 
  10. "Global Excellence Awards". http://www.infosecurityproductsguide.com/world/2016/. Retrieved 2017-04-26. 
  11. "Business Awards". http://www.goldenbridgeawards.com/world/. Retrieved 2017-04-26. 
  12. "CDM INFOSEC Award Winners 2016". http://www.cyberdefensemagazine.com/2016-cdm-infosec-award-winners/. Retrieved 2017-04-26. 
  13. Black, Paul E; Badger, Lee; Guttman, Barbara; Fong, Elizabeth (2016-11-01). Dramatically reducing software vulnerabilities: Report to the White House Office of Science and Technology Policy (Report). Gaithersburg, MD: National Institute of Standards and Technology. p. 19. doi:10.6028/NIST.IR.8151. http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf. Retrieved 2017-04-26. 
  14. Bridgwater, Adrian (2015-02-02). "Code Dx: Fewer Data Breaches By Visualizing Code Integrity". https://www.forbes.com/sites/adrianbridgwater/2015/02/02/code-dx-fewer-data-breaches-by-visualizing-code-integrity/#5f86ab933164. Retrieved 2017-04-25. 
  15. Morgan, Steve. "Long Island Cybersecurity Firm Pops Up On Northrop Grumman's Radar Screen". Forbes. https://www.forbes.com/sites/stevemorgan/2016/02/09/small-cyber-firm-worth-billions-to-northrop-grumman/. Retrieved 2017-04-26. 
  16. "Stopping Cyberattacks Before They Start". Innovate Long Island. 2016-06-07. http://www.innovateli.com/stopping-cyberattacks-start/. Retrieved 2017-04-25. 
  17. "Code Dx Receives Long Island Software Award". 2013-04-16. https://codedx.com/lisoftwareaward/. Retrieved 2017-04-26.