CodeDx: Correlating code-level vulnerability across the app security tool portfolio

CodeDX Logo - Intellyx Brain CandyAn Intellyx Brain Candy Brief

The category of application security testing encompasses a constellation of both commercial and open source tools. Each one has strengths for finding certain types of exploits in specific components or flavors of application code, but most of them have large blind spots.

CodeDx seeks to solve this problem with an orchestration interface for managing and tracking vulnerabilities from a multitude of security and testing tools, and correlating them to root causes within the context of the developer’s IDE, CI process or InfoSec pro’s dashboard.

With DevOps-style software practices constantly accelerating, application security can no longer be saved for the final step. AppSec also needs to ‘shift-left’ to support earlier detection and resolution of exploits, before issues get baked into the next release.

Reducing the AppSec resolution time depends upon eliminating the massive number of duplicate and false-positive security flaws generated by the portfolio of security tools, and allowing developers to drill down to observable root causes whenever possible.

Copyright ©2019 Intellyx LLC. Intellyx advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. At the time of this writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at pr@intellyx.com.

 

SHARE THIS:

Principal Analyst & CMO, Intellyx. Twitter: @bluefug