Code Dx

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.^[1]

Code Dx, Inc.

Company type	Private
Industry	Computer software Development testing Software assurance
Founded	2015-01-15 in Northport, NY, USA
Founders	Dr. Anita D'Amico Ken Prole
Defunct	2021
Fate	Acquired by Synopsys
Headquarters	Northport, New York , United States
Key people	Dr. Anita D'Amico (CEO) Ken Prole (CTO) Curtis Bragdon (Director of Sales)
Products	Code Dx Enterprise Stat! Code Pulse
Website	codedx.com

Overview

Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company, Applied Visions, Inc., in 2015.^[2][3]

History

Applied Visions, Inc. has a division, Secure Decisions, that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program^[4][5][6] to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”).^{[citation needed]}

Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis vulnerability scanner.^{[citation needed]}

Consistent with the commercialization goals of the SBIR program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.

Products

Code Dx Enterprise

The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.^[7] For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (like OWASP Top 10 and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as HIPAA software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.

Stat!

'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and runs them automatically after installation. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.

Code Pulse

Code Pulse is an open source testing monitoring tool^[8] that was developed by Secure Decisions, again as part of a DHS research program,^[9] and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.^{[citation needed]}

Awards and recognition

Code Dx, Inc.

• Code Dx, Inc. was included among Cyber Defense Magazine's 2016 Top 20 Cyber-security Leaders for the Vulnerability Management category.^[10]
• Code Dx, Inc. was the Silver Winner in the Information Security Products Guide Best Startup of the Year category for 2016.^[11]

Code Dx (Software)

• Code Dx version 2.2 was named the Gold Winner (Best Product of the Year) in the Golden Bridge Awards for the Vulnerability Assessment and Remediation category in 2016.^[12]
• Code Dx Enterprise Edition won the “Cutting Edge Application Security Solution for 2016” award from Cyber Defense Magazine's Annual InfoSec Awards.^[13]
• In a report to the White House, the U.S. National Institute of Standards and Technology recognizes Code Dx as a "tool that matches, consolidates and presents the output of analysis tools."^[14]
• Code Dx has received coverage in Forbes magazine, as well as the Long Island press.^{[15][16][17][18]}

References

1. Riley, Duncan (June 8, 2021). "Synopsys snaps up Code Dx for consolidated risk reporting across software vulnerability data". SiliconAngle.
2. "Code Dx Appoints Cybersecurity Expert, Anita D'Amico, as CEO". Code Dx, Inc. 2015-04-08. Retrieved 2017-04-26.
3. "Entity Information for CODE DX, INC". NYS Department of State, Division of Corporations. Retrieved 2017-04-26.
4. "Software Assurance Analysis and Visual Analytics". SBIR.gov. Retrieved 2017-04-26.
5. "Software Assurance Analysis and Visual Analytics". SBIR.gov. Retrieved 2017-04-26.
6. "Software Assurance Analysis and Visual Analytics- CRPP". SBIR.gov. Retrieved 2017-04-26.
7. "Supported SAST and DAST Tools for Code Dx". Code Dx, Inc. Retrieved 2017-04-26.
8. "OWASP Code Pulse Project". The Open Web Application Security Project. Retrieved 2017-04-26.
9. "U.S. Department of Homeland Security, Science and Technology Directorate, Cyber Security Division, Software Quality Assurance Project". Retrieved 2017-04-26.
10. "Cyber Security Leaders 2016". Cyber Defense Magazine. 25 May 2016. Retrieved 2017-04-26.
11. "Global Excellence Awards". Info Security Products Guide. Archived from the original on 2018-04-29. Retrieved 2017-04-26.
12. "Business Awards". Golden Bridge Awards. Archived from the original on 2016-08-14. Retrieved 2017-04-26.
13. "CDM INFOSEC Award Winners 2016". Cyber Defense Magazine. 26 February 2016. Retrieved 2017-04-26.
14. Black, Paul E; Badger, Lee; Guttman, Barbara; Fong, Elizabeth (2016-11-01). Dramatically reducing software vulnerabilities: Report to the White House Office of Science and Technology Policy (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology. p. 19. doi:10.6028/NIST.IR.8151. Retrieved 2017-04-26.
15. Bridgwater, Adrian (2015-02-02). "Code Dx: Fewer Data Breaches By Visualizing Code Integrity". Forbes. Retrieved 2017-04-25.
16. Morgan, Steve. "Long Island Cybersecurity Firm Pops Up On Northrop Grumman's Radar Screen". Forbes. Retrieved 2017-04-26.
17. "Stopping Cyberattacks Before They Start". Innovate Long Island. 2016-06-07. Retrieved 2017-04-25.
18. "Code Dx Receives Long Island Software Award". Code Dx, Inc. 2013-04-16. Retrieved 2017-04-26.