NORTHPORT, N.Y. – December 12, 2018 – Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities, today announced that the Joint Federated Assurance Center (JFAC) has selected Code Dx Enterprise as an application correlation and vulnerability management solution to help Department of Defense (DoD) agencies protect their software.
JFAC is a federation of DoD organizations that have a shared interest in promoting software and hardware assurance in defense programs, systems, and supporting activities. The JFAC member organizations and their technical service providers work with defense acquisition program offices and other interested parties to provide software and hardware assurance expertise and support, to include vulnerability assessment, detection, analysis, and remediation services, and information about emerging threats and capabilities, software and hardware assessment tools and services, and best practices.
A key part of the JFAC mission is to disseminate technologies to members that will help assure the security of software in DoD systems, including weapons systems. Towards achieving that end, they selected Code Dx Enterprise for member agencies to use to automatically correlate results of multiple application security testing (AST) tools, prioritize vulnerabilities, and manage the remediation process.
“Code Dx Enterprise grew out of research funded by the Department of Homeland Security Science & Technology (DHS S&T) Directorate, an organization dedicated to securing the nation’s software supply chain,” said Anita D’Amico, Ph.D., CEO of Code Dx. “As a result, it has been specifically designed to handle the unique requirements of DoD organizations and provide better vulnerability coverage, fewer false positives, and eliminate duplicate results.”
Code Dx Enterprise automates many of the manpower-intensive activities needed to run AST tools, consolidates the results, and prioritizes the reported vulnerabilities based on industry and regulatory standards. It also identifies security weaknesses in the codebase that jeopardize the software’s compliance with a dozen regulations or standards, including DISA STIG (Defense Information Systems Agency Security Technical Implementation Guides) versions 3.1 and 4.3 and NIST (National Institute of Standards and Technology) 800-53. Any lines of code that violate these regulations or standards are flagged, and the exact nature of the violation is shown, along with ways to make it compliant – eliminating the need for the user to read through the regulations and allowing them to spend more time on quality and security of the application.
About Code Dx
Code Dx, Inc. is a provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities. The Code Dx Enterprise solution integrates the results of multiple static, dynamic, and interactive Application Security Testing (AST) tools, third-party component analyzers, threat modeling tools, and manual reviews into a consolidated set of results for quick and easy triage, prioritization, and remediation. The core technology was partially funded by Department of Homeland Security Science & Technology (DHS S&T) to help secure the nation’s software supply chain. For more information, please visit www.codedx.com or contact Code Dx at (631) 759-3993 or at [email protected].
All trademarks, trade names, service marks, and logos referenced herein belong to their respective parties.
A&E Communications, Inc.