NORTHPORT, NY, June 17, 2013 – Secure Decisions’ new software assurance technology Code Dx™ will be used by the National Institute of Standards and Technology (NIST) to support the evaluation of static source code analysis tool performance during the fifth Static Analysis Tool Exposition (SATE V) and Workshop.
The Static Analysis Tool Exposition (SATE) is part of an effort led by NIST and hosted by the Morgridge Institute Software Assurance Marketplace (SWAMP) to advance research in, and improvement of, static analysis tools that find security-relevant defects in source code. The exposition will allow participating tool developers to execute their software assurance tools against a set of software programs with known security defects. NIST-led researchers using Code Dx will be able to analyze the tool results, and report and discuss their findings and experiences at a workshop to be held in March 2014. Code Dx will play a large part in helping researchers to identify static analysis tool strengths as well as areas for improvement in assessing the security of selected codebases.
Dr. Anita D’Amico, Director of Secure Decisions said “We are excited to be working with organizations like NIST and Morgridge, who are keenly aware, as Secure Decisions is, of the need to improve the security of our government, military, commercial and academic networks against cyber-attack. The maturation and use of software assurance technologies is essential in helping to build more secure software applications used in today’s operational environments. We look forward to participating in the SwA tool evaluation through the use of our Code Dx tool.”
Code Dx was initially developed as part of a Department of Homeland Security (DHS) Science & Technology Directorate-funded research effort to develop tools for improving the security of software products developed for government and industry. It was based on the needs of DHS software assurance professionals, such as software developers, security analysts, and security auditors, who evaluate and test software applications for compliance to government specified standards and known safety and security risks.
Code Dx is a triage and visualization tool developed to help users identify and manage weaknesses and vulnerabilities in software codebases. It is designed to correlate the output of several open-source and commercial software analysis tools into a unified view of detected software weaknesses, and provide the ability to assess and manage the security status of software. Its rich feature set provides a guided and streamlined workflow for triaging and managing analysis results, as well as helping to quickly remediate software flaws. Code Dx will be used by NIST researchers to evaluate the output of multiple static analysis tools that will be used to review several Java, C/C++ and PHP code bases for code vulnerabilities.
To learn more about Code Dx™, visit: http://www.securedecisions.com/products/CodeDx and https://buildsecurityin.us-cert.gov/swa/swa-tools-overview.
To learn more about NIST SATE V, visit: https://samate.nist.gov/SATE.html.
To learn more about the Morgridge Institute Software Assurance Marketplace.
About Applied Visions and Secure Decisions:
Applied Visions, Inc. (AVI) provides software products, custom solutions, and advanced technology research for commercial and government customers. The company’s vision and expertise in visual software solutions for complex defense, national security, and business problems have served AVI’s customers in the Department of Defense, Department of Homeland Security, Federal Bureau of Investigation, and prominent technology and Fortune 500 firms. Founded in 1987, AVI is based in Northport, NY, and has secure facilities and clearances to support classified government programs.
Secure Decisions was launched by AVI in 2000 to focus on cyber security research and products for the government. Today, Secure Decisions is a leader in security visualization, with an established track record of R&D contracts, technology transition and product development. Secure Decisions’ technologies are used to enhance the situational awareness of software developers and security professionals in government and commercial organizations. SecureScope™, VIAssist™, MeerCAT® and Code Dx™ are among Secure Decisions’ extensive portfolio of cyber defense solutions.