Code Dx: A Software Vulnerability Correlation and Management System

Anita D’Amico

Most computer security incidents can be traced back to weaknesses in software that were inadvertently put there when the code was developed. Attackers can–and very often do–find and exploit such weaknesses as a means to attack organizations’ applications. Information security has focused primarily on network security and less on securing the software that resides on networks and poses risks. Numerous Application Security Testing (AST) tools help software developers and security analysts find vulnerabilities during all stages of the software development lifecycle, but many don’t use these tools until it’s too late.

Code Dx Enterprise is a software vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Code Dx addresses several obstacles to deploying secure software: the high cost of using multiple AST tools; combining and correlating the results of multiple tools into one format; and prioritizing vulnerabilities for easy remediation and reporting.

Code Dx overcomes these obstacles by first providing an easy-to-use and affordable tool that automatically selects, configures and runs open-source software tools for the user’s specific code base. It also correlates and de-duplicates the results of multiple commercial and open-source static source code and DAST tools. Finally, it provides a vulnerability management solution that helps prioritize vulnerabilities, assign them to developers for remediation and track the remediation process.

Uniqueness of Code Dx

Code Dx differentiates itself from its competitors on ease of use, lower cost, the number and types of static and dynamic testing tools supported, and seamless integration into software development environments. In the business of making software more secure, Code Dx helps software developers, testers and security analysts find vulnerabilities before the attackers can exploit them. It provides easy and affordable application vulnerability correlation and management systems that enable users to search for and manage vulnerabilities in software.

The award-winning Code Dx solution integrates the results of multiple static and DAST tools and manual reviews into a consolidated set of results for quick and easy triage, prioritization and remediation. By offering the hybrid combination of findings from static an dynamic application security testing, Code Dx provides users with broader vulnerability testing coverage to better identify those vulnerabilities which are easily accessible to an external attacker.

Service with Satisfaction

Code Dx addresses a number of issues across its diverse clientele. For those who are relatively new to application security, Code Dx offers support for understanding the output of the testing tools embedded within Code Dx. In fact, the company has been lauded by several customers for its excellent support. For the veterans of application security, it addresses their need for customization. For example, Code Dx can be used to prioritize vulnerabilities based on an organization’s unique perception of threats to their applications, incorporate the results of manual code reviews, and produce reports customized to each organization’s needs.

Prime Mover of Code Dx

Anita D’Amico, CEO of Code Dx, is a Ph.D. in psychology and a thought leader in the cyber security industry. Information Security Buzz credited her with being responsible for one of the top five product names in cyber security; she ‘ingeniously thought of a simple name for a complex topic – software vulnerability management.’

Anita has been in the cyber security industry for more than 20 years – starting as the head of Northrop Grumman’s first Information Warfare team. She is a human factors psychologist, a specialist in cyber security situational awareness and a security researcher. She is also a self-proclaimed ‘starter-upper.’ She develops a vision and fuels it with the energy, communication and leadership that is needed to make that vision a reality. Anita has done this repeatedly throughout her 35+ years in advanced technology and is currently doing it as CEO of Code Dx.

In just under two years, Anita has taken Code Dx from a product idea to a successful company offering multiple solutions being used by organizations of all shapes and sizes to protect software from malicious attacks. Under her leadership, Code Dx has won multiple awards for its innovation.

Valuable for Customer

Top Code Dx customers include large financial institutions, health care systems, defense contractors, and state and federal government agencies. They see Code Dx as a valuable addition to their existing investments in AST. Code Dx increases the value of its commercial tool chest with the addition of results from open-source tools. It also enables enterprises to augment their application security testing program by economically distributing AST tools to a broader audience of developers in their organization while maintaining commercial AST tools within their quality assurance and security analysis functions. With this seamless integration and use of open-source and commercial AST tools through Code Dx, security reviews are performed earlier and more frequently in the software development lifecycle, reducing the time to develop and secure production-ready software, and decreasing organizational application security risk. Finally, Code Dx’s ability to automatically correlate, consolidate and de-duplicate results from multiple AST tools saves weeks of time.