HOME

TheInfoList



Click Here for Items Related To - Code Dx
OR:
Code Dx on:   [Wikipedia]   [Google]   [Amazon]

Code Dx refers to both a software company (Code Dx, Inc.) and its flagship product, a vulnerability management system that combines and correlates the results generated by a wide variety of
static Static may refer to: Places *Static Nunatak, a nunatak in Antarctica United States * Static, Kentucky and Tennessee *Static Peak, a mountain in Wyoming **Static Peak Divide, a mountain pass near the peak Science and technology Physics *Static el ...
and
dynamic Dynamics (from Greek δυναμικός ''dynamikos'' "powerful", from δύναμις ''dynamis'' "power") or dynamic may refer to: Physics and engineering * Dynamics (mechanics) ** Aerodynamics, the study of the motion of air ** Analytical dynam ...
testing tools.


Overview

Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company
Applied Visions, Inc.
in 2015.


History

Applied Visions, Inc. has a division
Secure Decisions
that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”). Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis
vulnerability scanner A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detectio ...
. Consistent with the commercialization goals of the
SBIR The Small Business Innovation Research (or SBIR) program is a U.S. government funding program, coordinated by the Small Business Administration, intended to help certain small businesses conduct research and development (R&D). Funding takes the ...
program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.


Products


Code Dx Enterprise

The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (lik
OWASP Top 10
and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as
HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.


Stat!

'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and runs them automatically after installation. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.


Code Pulse

Code Pulse is an open source testing monitoring tool that was developed by Secure Decisions, again as part of a
DHS The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
research program, and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.


Awards and recognition


Code Dx, Inc.

* Code Dx, Inc. was included among Cyber Defense Magazine's 2016 Top 20 Cyber-security Leaders for the Vulnerability Management category. * Code Dx, Inc. was the Silver Winner in the Information Security Products Guide Best Startup of the Year category for 2016.


Code Dx (Software)

* Code Dx version 2.2 was named the Gold Winner (Best Product of the Year) in the Golden Bridge Awards for the Vulnerability Assessment and Remediation category in 2016. * Code Dx Enterprise Edition won the “Cutting Edge Application Security Solution for 2016” award from Cyber Defense Magazine's Annual InfoSec Awards. * In a report to the White House, the U.S.
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
recognizes Code Dx as a "tool that matches, consolidates and presents the output of analysis tools." * Code Dx has received coverage in
Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also re ...
magazine, as well as the
Long Island Long Island is a densely populated island in the southeastern region of the U.S. state of New York (state), New York, part of the New York metropolitan area. With over 8 million people, Long Island is the most populous island in the United Sta ...
press.


References

{{reflist, 30em Software companies based in New York (state) Software companies of the United States