April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Gartner Defines New Application Security Testing Orchestration Market and Mentions Code Dx

Gartner’s 2017 Hype Cycle for Application Security also Mentions Code Dx in Application Vulnerability Correlation Category

 

Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization and management of software vulnerabilities, was recognized by Gartner in its Hype Cycle for Application Security, 2017 report published July 28, 2017. Code Dx was identified by Gartner analysts as a sample vendor in its new category for Application Security Testing Orchestration (ASTO), and also in the Application Vulnerability Correlation (AVC) category.

According to Gartner, “Application security testing orchestration (ASTO) integrates security tooling across a software development life cycle (SDLC), typically as part of DevSecOps initiatives.” As stated in the report, “Application vulnerability correlation (AVC) tools are workflow and process management tools that streamline software development application vulnerability testing and remediation. They incorporate findings from various security-testing data sources (static and dynamic application security testing, software composition analysis, penetration testing, and code reviews) into a centralized tool. AVC tools correlate vulnerability findings to centralize data, perform analysis, prioritize remediation and coordinate application security activities.”

“Gartner is a respected thought leader in information technology, known for forecasting and assessing the potential impact of new security markets. We feel their mention of Code Dx, Inc. in two on-the-rise markets validates the direction we are taking Code Dx,” said Anita D’Amico, Ph.D., CEO of Code Dx. “As the Application Security Testing (AST) market continues to evolve and mature, comprehensive solutions that automate correlation and vulnerability management are becoming a necessity. These solutions not only speed the testing process and enable teams to focus on developing software, they also provide the peace of mind that comes from knowing the code being developed is secure. We believe Gartner clearly understands the current AST challenges and the need for tools that go beyond just testing code.”

In the report, Gartner discusses the business impact of ASTO solutions stating that they “aid security, development and operations teams in coordinating the many security tests that should be performed on code. As such, these solutions can be a significant enabler in implementing DevSecOps initiatives, and they promise substantial benefits to the organization in terms of more consistent testing and smoother operations. To the extent individual solutions provide them, additional capabilities – such as the ability to correlate, analyze, and assess defects and vulnerabilities – help improve the speed and effectiveness of vulnerability remediation efforts.”

For the Application Vulnerability Correlation (AVC) tools, the Hype Cycle report states that “the most important business impact is that application security testing programs can realize tangible operational efficiencies in their efforts to manage remediation workflows, and they can prioritize scarce resources for the most critical efforts. As noted, the sources of vulnerability data are growing, and managing and interpreting the data is increasingly challenging. By providing a single view into the wider range of vulnerabilities within an application portfolio, AVC tools can serve as a viewpoint into the relative risk posed by individual applications. By increasing the visibility of the vulnerabilities contained within applications, senior management also gains perspective and an understanding of this critical source of risk — which is likely to enhance overall risk management efforts and potentially lead to increased funding of and prioritization for application security efforts.”

Code Dx Enterprise is an automated application vulnerability correlation and management tool that enables multiple testing tools to work together to provide one set of correlated results, then helps users prioritize and manage those vulnerabilities — integrating with application lifecycle management tools so security and development teams work together for faster remediation.

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...