Code Dx

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.

Overview
Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company, Applied Visions, Inc., in 2015.

History
Applied Visions, Inc. has a division, Secure Decisions, that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program  to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”).

Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis vulnerability scanner.

Consistent with the commercialization goals of the SBIR program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.

Code Dx Enterprise
The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (like OWASP Top 10 and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as HIPAA software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.

Stat!
'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and runs them automatically after installation. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.

Code Pulse
Code Pulse is an open source testing monitoring tool that was developed by Secure Decisions, again as part of a DHS research program, and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.

Code Dx, Inc.

 * Code Dx, Inc. was included among Cyber Defense Magazine's 2016 Top 20 Cyber-security Leaders for the Vulnerability Management category.
 * Code Dx, Inc. was the Silver Winner in the Information Security Products Guide Best Startup of the Year category for 2016.

Code Dx (Software)

 * Code Dx version 2.2 was named the Gold Winner (Best Product of the Year) in the Golden Bridge Awards for the Vulnerability Assessment and Remediation category in 2016.
 * Code Dx Enterprise Edition won the “Cutting Edge Application Security Solution for 2016” award from Cyber Defense Magazine's Annual InfoSec Awards.
 * In a report to the White House, the U.S. National Institute of Standards and Technology recognizes Code Dx as a "tool that matches, consolidates and presents the output of analysis tools."
 * Code Dx has received coverage in Forbes magazine, as well as the Long Island press.