Code Dx Correlates Results of Multiple Application Security Testing Tools Run in the SWAMP to Present a Unified ViewDownload full text
WASHINGTON, D.C. and NORTHPORT, N.Y. – October 13, 2016 – (AppSec USA 2016 booth G8) – Code Dx, Inc., a provider of an award-winning suite of fast and affordable tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced that its Software Vulnerability Correlation and Management Solution will be integrated with the Software Assurance Marketplace’s (SWAMP) new SWAMP-in-a-Box (SiB) solution.
SiB is a free, self-contained version of the SWAMP’s continuous assurance technologies that will allow the software assurance community to deploy local (private) instances of the SWAMP. SiB can be installed on local servers or individual computers, addressing the need of organizations that must or prefer to keep their software assurance activities local. The Code Dx Software Vulnerability Correlation and Management Solution is an integral part of the SiB solution as it consolidates software vulnerabilities detected from multiple Application Security Testing (AST) tools. Code Dx automatically correlates all the weaknesses into a single consolidated set of results for quick and easy triage, prioritization and remediation.
“Code Dx has been part of the SWAMP’s cloud-based continuous assurance solution since it was launched in 2014. SWAMP-in-a-Box is an on-premise version that enables developers concerned with uploading their code to the cloud to leverage the SWAMP solution within their own IT infrastructure,” said Anita D’Amico, CEO for Code Dx. “Developers, security analysts and software testers can use the free SWAMP version of Code Dx in this new SiB offering, or connect their Enterprise version of Code Dx to SiB to use its advanced features.”
The SiB version is available for download at https://github.com/mirswamp/deployment and is distributed under an Apache open-source license.
Code Dx currently supports the 15 open-source tools included in this version of SiB and will support the commercial AST tools that will be part of future SiB releases.
The SWAMP is a joint effort of four research institutions – The Morgridge Institute for Research, Indiana University, The University of Illinois at Urbana-Champaign, and the University of Wisconsin-Madison – to advance the capabilities and to increase the adoption of software assurance technologies through an open continuous assurance facility. The SWAMP is funded by the Department of Homeland Security Science & Technology Directorate.
Code Dx is a low cost and easy step towards establishing a software assurance program within an organization, or enhancing an existing software assurance program. Stat! Version, which focuses on static code analysis, and Code Dx Enterprise, which automates correlation and management of vulnerabilities from multiple static and dynamic tools, are available worldwide.
Code Dx Free 30-Day Trial:
To download a trial of the Stat!, please visit: https://staging.codedx.com/download-free-trial or email firstname.lastname@example.org. To arrange for an evaluation copy of the Code Dx Enterprise, please email email@example.com.
About Code Dx
Code Dx, Inc. is a leading provider of easy and affordable software vulnerability correlation and management systems that enable software developers, testers and security analysts to find and manage vulnerabilities in software. The award-winning Code Dx solution integrates the results of multiple static and dynamic Application Security Testing (AST) tools and manual reviews into a consolidated set of results for quick and easy triage, prioritization and remediation. The core technology was partially funded by Department of Homeland Security Science & Technology (DHS S&T) to help secure the nation’s software supply chain. For more information, please visit www.codedx.com or contact Code Dx at (631) 759-3993 or via email at Info@CodeDx.com.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective parties.
A&E Communications, Inc.