Synopsys acquires Code Dx to extend application security portfolio. Code Dx adds software vulnerability correlation, prioritization, and consolidated risk reporting.
Today, Synopsys announced the acquisition of Code Dx, the provider of an award-winning application security risk management solution that automates and accelerates the discovery, prioritization, and remediation of software vulnerabilities. This acquisition not only adds critical functionality to advance Synopsys’s vision for application security, it provides our customers and prospects with a true view of the organizational risk associated with the security of their software.
Synopsys now provides the ability to intelligently orchestrate security tests from our own tools, third-party tools, and open source tools. We have the ability to correlate and prioritize the findings from more than 75 testing solutions and manual testing activities. Code Dx provides a consolidated view of all these activities as well as insights into organizational risk.
We believe these capabilities are a game changer—not just for Synopsys, but for the application security (AppSec) industry, and most importantly for our customers.
Code Dx falls into the category that Gartner calls application security orchestration and correlation (ASOC).
After examining the ASOC tools in the market, Synopsys concluded Code Dx has:
At a macro level, we believe Code Dx’s design uniquely enables organizations to holistically manage their software risk.
It should be noted that Code Dx is a Synopsys technology alliance partner with existing integrations into the Synopsys portfolio. This means that our customers can realize immediate benefits from Code Dx. Furthermore, combining Code Dx with our recently announced Intelligent Orchestration solution creates the most comprehensive orchestration and correlation offering in the market. Like Code Dx, Intelligent Orchestration works with third-party and open source tools. The result is an exceptional set of solutions that efficiently and pragmatically integrate application security testing (AST) into DevOps workflows, enabling organizations to leverage their investment in AST tools of all types.
Code Dx provides several robust capabilities, including:
Speed to market is the name of the game for our customers. Anything that slows them down or adds friction to the development process is a threat to their business. We recognize that, and we’re committed to helping our customers manage their software risk efficiently, holistically, and productively. The addition of Code Dx to our portfolio helps us achieve this.
There are three givens in today’s environment:
Meeting all three of these demands requires running the right test, at the right time, at the right level, and then effectively correlating and prioritizing the results for remediation. Synopsys can now provide all of these for our customers, thus turning AST from a productivity inhibitor to an enabler. We can help increase developer productivity and allow DevOps to realize the efficiencies needed to drive business while minimizing organizational risk.
In doing so, we are creating the third generation of application security—or 3rd Gen AppSec. Gone are the days of siloed, monolithic solutions that brought development workflows to a halt. Gone too are the days of “good enough” testing that often created extraneous findings for developers to fix, ironically adding more friction and impeding their productivity. Instead, the next generation of AppSec takes a “just enough” approach to testing—one that aligns with the needs for key events in the DevOps workflow.
You can see why we at Synopsys are extremely excited to add Code Dx to our portfolio. The combination of our comprehensive set of AST solutions, including Intelligent Orchestration, and the addition of Code Dx equip us to better serve the requirements of organizations as they address the ongoing evolution of AppSec and application security testing.
Jim Ivers is the senior director of marketing within Synopsys' Software Integrity Group where he leads all aspects of SIG's global marketing strategies, branding initiatives, and programs, as well as product management and product marketing. Jim is a 30-year technology veteran who has spent the last ten years in IT security. Prior to Synopsys, Jim was the CMO at companies such as Cigital, Covata, Triumfant, Vovici, and Cybertrust, a $200M security solutions provider that was sold to Verizon Business. Jim also served as VP of Marketing for webMethods and VP of Product Management for Information Builders.