Volume 13
June 2017 Edition
Code Dx Enterprise Competes in ‘ ASTORS ’ Homeland Security Awards
Code Dx ® is a software assurance analytics tool that consolidates and normalizes software vulnerabilities detected by multiple code analysis tools . Its visual analytics help to triage and prioritize software vulnerabilities for efficient remediation .
The Department of Homeland Security ( DHS ) reports that up to 90 % of cyber incidents are traceable to software flaws that were exploited by attackers .
Yet , cyber security has focused primarily on network security and less on securing the software that resides on networks and poses risks .
DHS believes that the nation ’ s software supply chain is jeopardized when the applications used in our critical infrastructure have not been adequately tested for security vulnerabilities and those vulnerabilities remediated .
There are numerous application security testing ( AST ) tools that help software developers and security analysts find vulnerabilities during all stages of the software development lifecycle .
Static AST ( SAST ) are used to find vulnerabilities in source code , while dynamic AST ( DAST ) perform automated penetration testing on code while it is running .
Despite the prevalence of these tools , many developers and security analysts simply don ’ t use these AST tools as prescribed because of cost and operational obstacles .
These obstacles include :
• Difficulty in building security testing directly into the software development or DevOps process
• High cost of using multiple tools
• Weeks of manpower needed to combine and correlate the findings from multiple testing
59