Blog

Software Vulnerability Management: Why it’s not as easy as “find it and fix it.”

Your company has defined and implemented an application security management program. You have spent time and money purchasing and installing various Automated Software Testing (AST) tools and techniques to run your application through it’s paces. These AST tools generate lists of vulnerabilities. Why is it that you can’t just give these lists to your team and have them fix the items on the list?

read more

My memories of Becky Bace

Rebecca Gurley Bace, a member of the Advisory Board of Code Dx, Inc., died last week. While we lament her loss as an Advisor to Code Dx, Inc., that lament is dwarfed by my personal sense of loss of Becky Bace’s friendship and mentorship. Becky was truly one-of-a-kind. I met Becky about ten years ago…

read more

What’s Coming in Code Dx 2.4

Code Dx, version 2.4. This release includes several minor tweaks, but the two most significant additions are support for Contrast Security’s Assess IAST solution, and new filters for temporal analysis of findings across scans.

read more

Secure code: 111 Billion Lines (and counting)

As I have started talking with Code Dx customers and others interested in application security, it’s become clear that there is a shift in the thought process of those rolling out the platform. Rather than a few individuals simply trying out a few tools on their own, application security itself has become viewed as a process to be closely monitored. The larger context of this shift is that companies must find a better way to detect, manage, and remediate application security issues…

read more

Code Dx Version 2.3 Adds AlienVault Integration

Effective cybersecurity requires a combination of preventive action and rapid response. Anticipating potential areas of intrusion or abuse is, of course, crucial, but not all threats can be predicted; reacting to events as they occur is often necessary. To make these...

read more

Code Dx Version 2.3 Tracks DISA STIG Compliance

Data vulnerabilities can be major threats to national security. Government agencies and contractors who work with the federal government and the military must maintain strict security policies and standards with respect to data, the information systems that process...

read more