Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization and management of software vulnerabilities, was recognized by Gartner in its Hype Cycle for Application Security, 2017 report published July 28, 2017. Code Dx was identified by Gartner analysts as a sample vendor in its new category for Application Security Testing Orchestration (ASTO), and also in the Application Vulnerability Correlation (AVC) category.
According to Gartner, “Application security testing orchestration (ASTO) integrates security tooling across a software development life cycle (SDLC), typically as part of DevSecOps initiatives.” As stated in the report, “Application vulnerability correlation (AVC) tools are workflow and process management tools that streamline software development application vulnerability testing and remediation. They incorporate findings from various security-testing data sources (static and dynamic application security testing, software composition analysis, penetration testing, and code reviews) into a centralized tool. AVC tools correlate vulnerability findings to centralize data, perform analysis, prioritize remediation and coordinate application security activities.”
“Gartner is a respected thought leader in information technology, known for forecasting and assessing the potential impact of new security markets. We feel their mention of Code Dx, Inc. in two on-the-rise markets validates the direction we are taking Code Dx,” said Anita D’Amico, Ph.D., CEO of Code Dx. “As the Application Security Testing (AST) market continues to evolve and mature, comprehensive solutions that automate correlation and vulnerability management are becoming a necessity. These solutions not only speed the testing process and enable teams to focus on developing software, they also provide the peace of mind that comes from knowing the code being developed is secure. We believe Gartner clearly understands the current AST challenges and the need for tools that go beyond just testing code.”
In the report, Gartner discusses the business impact of ASTO solutions stating that they “aid security, development and operations teams in coordinating the many security tests that should be performed on code. As such, these solutions can be a significant enabler in implementing DevSecOps initiatives, and they promise substantial benefits to the organization in terms of more consistent testing and smoother operations. To the extent individual solutions provide them, additional capabilities – such as the ability to correlate, analyze, and assess defects and vulnerabilities – help improve the speed and effectiveness of vulnerability remediation efforts.”
For the Application Vulnerability Correlation (AVC) tools, the Hype Cycle report states that “the most important business impact is that application security testing programs can realize tangible operational efficiencies in their efforts to manage remediation workflows, and they can prioritize scarce resources for the most critical efforts. As noted, the sources of vulnerability data are growing, and managing and interpreting the data is increasingly challenging. By providing a single view into the wider range of vulnerabilities within an application portfolio, AVC tools can serve as a viewpoint into the relative risk posed by individual applications. By increasing the visibility of the vulnerabilities contained within applications, senior management also gains perspective and an understanding of this critical source of risk — which is likely to enhance overall risk management efforts and potentially lead to increased funding of and prioritization for application security efforts.”
Code Dx Enterprise is an automated application vulnerability correlation and management tool that enables multiple testing tools to work together to provide one set of correlated results, then helps users prioritize and manage those vulnerabilities — integrating with application lifecycle management tools so security and development teams work together for faster remediation.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.