Cigital was a

software security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security ...

managed services Managed services is the practice of outsourcing the responsibility for maintaining, and anticipating need for, a range of processes and functions, ostensibly for the purpose of improved operations and reduced budgetary expenditures through the re ...

firm based in Dulles, VA. The services they offered included

application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security ...

testing,

penetration test A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. ...

ing, and

architecture Architecture is the art and technique of designing and building, as distinguished from the skills associated with construction. It is both the process and the product of sketching, conceiving, planning, designing, and constructing buildings ...

analysis. Cigital also provided instructor-led security training and products such as SecureAssist, a

static analysis Static analysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without regard to the longer-term response of the system to that change. If the short-term effect i ...

tool that acts as an application security spellchecker for developers.

History

Cigital was established in 1992 with grants from

DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...

. In 1999 the firm created ITS4, which according to Cigital, was the world's first

tool. The technology in this product was eventually licensed to

Kleiner Perkins Kleiner Perkins, formerly Kleiner Perkins Caufield & Byers (KPCB), is an American venture capital firm which specializes in investing in incubation, early stage and growth companies. Since its founding in 1972, the firm has backed entrepreneur ...

and used as the basis for the creation of

Fortify Software Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2022. Fortify offerings included Static application se ...

in 2003. In 2010, Fortify was acquired by

Hewlett Packard The Hewlett-Packard Company, commonly shortened to Hewlett-Packard ( ) or HP, was an American multinational information technology company headquartered in Palo Alto, California. HP developed and provided a wide variety of hardware components ...

for $300 million.

BSIMM Cigital was a software security managed services firm based in Dulles, VA. The services they offered included application security testing, penetration testing, and architecture analysis. Cigital also provided instructor-led security training an ...

(Build Security In Maturity Model) is a software security measurement framework that helps organizations compare their software security to other organizations. BSIMM was started as a joint project by Cigital and

. In 2002, Cigital announced finding a vulnerability in Visual C++ .Net compiler (related to a GS compiler flag being inefficient).Was Cigital security warning too hasty? CNet
/ref> Cigital was criticized for not following

responsible disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties ...

in this case, however, Cigital has defended its position due to the nature of the vulnerability. On November 30, 2016, Cigital was acquired by

Synopsys Synopsys is an American electronic design automation (EDA) company that focuses on silicon design and verification, silicon intellectual property and software security and quality. Products include tools for logic synthesis and physical desig ...

, an electronic design automation company.

Acquisitions

In November 2014, Cigital acquired

IViz Security iViZ Security is an information security company which is into on-demand application penetration testing for proactive security audit risk management and compliance for standards such as SOX, PCI, HIPAA and ISO 27001:2005. The company was fo ...

, an information security company in the field of on-demand application

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. ...

. In November 2016, it was announced that

, Inc. would be acquiring Cigital and Codiscope.{{cite web, title=Synopsys (SNPS) to Acquire Cigital and Codiscope, url=http://www.streetinsider.com/Corporate+News/Synopsys+(SNPS)+to+Acquire+Cigital+and+Codiscope/12216651.html, website=StreetInsider.com, accessdate=11 November 2016, ref=si

References

External links

Synopsys Software Integrity Website
Software companies based in Virginia Companies based in Dulles, Virginia Defunct software companies of the United States 2016 mergers and acquisitions