A software assurance analytics tool that visualizes and correlates vulnerabilities detected by disparate code

analysis tools. With Code Dx you can rapidly triage and focus on the software vulnerabilities that are most

important to your organization.

More than 90% of computer security incidents can be traced back to weaknesses in software that were inadvertently put there when the code was developed. Attackers can find and exploit such weaknesses in your applications. Before you release another application, you need to assess whether its code weakness-es can jeopardize your business. Static application security testing (SAST) tools find those exploitable weaknesses, so they can’t become vulnerabilities, and Code Dx makes those tools more effective.

“[Code Dx] has a unique and helpful view of the analysis of the tool output. I like the information provided at the top that allows me to select which tool to use, codebase location, CWE findings, severity, overlap-ping location count, and status of all of the weaknesses. The Weakness Flow diagram shows a helpful view of where the weak-nesses came from, which tool was able to detect them, and the severity of the weakness.”

“...provides a nice way to document progress on a report. Each weakness has an activity stream, where comments and status changes can be saved.”

Code Dx Standard EditionCommercial SAST tools are costly; open source tools, while “free”, can be complex and hard to use, and even harder to integrate into a single security picture. If you don’t have the budget for commercial tools or the time to invest in open source, then Code Dx Standard Edition is for you: a pre-configured collection of open source SAST tools that run fully integrated within Code Dx, presenting a single unified picture of your software’s weaknesses.

Incomplete coverage On average, a single SAST tool finds fewer than 15% of weaknesses in an application; you need several tools to find more high-severity vulnerabilities, just like the attackers do.

Broader coverage of weaknesses , correlating results of multiple SAST tools into a single set. See more vulnerabilities, and quickly find the most important ones.

Difficult to compare Each tool produces results with a unique format and severity scale; it’s hard to compare results from multiple tools.

Consolidated and normalized result set removes overlaps, and puts them on a common severity scale. Visualize, analyze and filter the combined set from a single UI.

Too many vulnerabilities Today’s tools report tens of thousands of weaknesses, with many false positives; analysts and developers are overwhelmed with the task of prioritization.

Prioritization and focus speeds triage of voluminous results, assignment of highest priority ones for remediation, and helps identify and disseminate false positives so they don’t re-appear.

Barriers to collaboration Analysts send reports of static analyses to developers without the code context, details, and prioritization that those developers need for effective remediation.

Shared interface with custom details needed by different types of users; Devel -opers view code in context of its hierarchy and dependencies; Security Analysts view categories, trends, and priorities.

Code Dx SolutionChallenge

Quickly and effectivelytriage large weakness lists

Visualize thousands of weaknesses in a single view

Interactive,powerful filtering

Difficult to communicate SAST tool results are technical and complex; their meaning and relevance are difficult to abstract for use by your CISO or CIO to make decisions.

Relevant reports include advanced re- porting features and visualizations. Our 2014 release will map the static tool results to regulatory compliance and industry standards.

Workflows tailored to each type of user

6 Bayview AvenueNorthport, NY 11768

info@codedx.com(631) 759-3993

Secure Decisions performs cyber security research and develops software products for government and commercial customers

CODEDX.COMCODEDX.COM