Each SAST tool only discovers about 14% of the vulnerabilities in your code

An essential element of the application development process is scanning the software to find potential vulnerabilities. Static Application Security Testing tools are notorious for returning lots of results (often thousands, even for relatively small applications), which can overwhelm a developer. But no matter how they feel about the results, software developers must understand that by running only one application security testing tool—even the best on the market—they are missing most of the weaknesses in their code.

My memories of Becky Bace

Rebecca Gurley Bace, a member of the Advisory Board of Code Dx, Inc., died last week. While we lament her loss as an Advisor to Code Dx, Inc., that lament is dwarfed by my personal sense of loss of Becky Bace’s friendship and mentorship. Becky was truly one-of-a-kind. I met Becky about ten years ago…

Software Vulnerabilities and HIPAA Non-Compliance

The motivation behind building HIPAA compliance into Code Dx v 2.3: Federal regulations regarding patient medical records are stringent, and non-compliance can carry a hefty price tag—not to mention the long-term effects of lost customer faith…

Code Dx Named 2016 AppSec Solution By Cyber Defense Magazine!

Guess what! Code Dx was awarded as THE Cutting Edge Application Security Solution for 2016 from Cyber Defense Magazine (CDM) at RSA, the world’s largest IT security trade show held the week of February 29 in San Francisco. Cyber Defense Magazine (CDM) is the newest,...