Checkmarx

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States.

History
Checkmarx was founded in 2006 by Maty Siman, the company's CTO, and Emmanuel Benzaquen, former CEO (2006 – 2023), and has over 900 employees. Sandeep Johri has been serving as the CEO since February of 2023. The application security platform was designed for CISOs, AppSec managers, security advisors, and software developers.

On July 17, 2017, Checkmarx acquired Codebashing and started offering it as a service to help developers learn secure coding practices with gamified modules in their chosen programming language. In 2018, it also acquired Custodela, a company that provides software security program development as well as consulting services.

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain.

In 2021, the company launched Checkmarx One, a cloud-native Enterprise Application Security platform, which became its most known product. It offers enterprises a full suite of application security testing tools to enable DevSecOps, including static application security testing (SAST), dynamic application security testing (DAST), Software Composition Analysis (SCA), supply chain security (SCS), API security, container security, infrastructure as code security (KICS), as well as CheckMarx Codebashing.

Application Security Research
Checkmarx's research department is known for uncovering technical vulnerabilities in popular technologies, software, applications, and IoT devices.

In November 2019, the company's security research team uncovered a number of vulnerabilities affecting Google and Samsung smartphones. The vulnerabilities allowed an attacker to take remote control of smartphone apps, giving them the ability to take photos, record video and conversations, and identify the phone's location. The research team submitted a report to the Android security team at Google and continued to provide feedback as the vulnerabilities were addressed.

In January 2020, Checkmarx detailed multiple security vulnerabilities with the Trifo Ironpie robot vacuum. The company has also uncovered issues with Amazon Alexa, Meetup, and Tinder, among others.

In August 2022, Checkmarx researchers found vulnerabilities in the Ring Android app, which could have allowed malicious applications to be installed on the user's phone to expose personal data, geolocation, and camera recordings.

Funding
Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange. In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million.

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG, acquired Checkmarx for $1.15 billion. After the acquisition, Insight Partners retained a minority interest in the company.