Code Dx

Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent company, [http://www.avi.com Applied Visions, Inc.], in 2015.{{Cite web| title = Code Dx Appoints Cybersecurity Expert, Anita D'Amico, as CEO| website=Code Dx, Inc.| accessdate = 2017-04-26| date = 2015-04-08| url = https://codedx.com/code-dx-appoints-cybersecurity-expert-anita-damico-as-ceo/}}{{Cite web| title = Entity Information for CODE DX, INC.| website=NYS Department of State, Division of Corporations| accessdate = 2017-04-26| url = https://appext20.dos.ny.gov/corp_public/CORPSEARCH.ENTITY_INFORMATION?p_token=2610F7BE7B57295287C3F0998264CBCC3CCFAC627E9A2C0C77931EA6E9376FF98F1111D403B6C61B655C44FD9E09CE1C&p_nameid=D4E6BEDDF91A61C3&p_corpid=593AF0451F5F3649&p_captcha=10186&p_captcha_check=450A8802DA845BFC&p_entity_name=%63%6F%64%65%20%64%78&p_name_type=%41&p_search_type=%42%45%47%49%4E%53&p_srch_results_page=0}}

Applied Visions, Inc. has a division, [http://securedecisions.com/ Secure Decisions], that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program{{Cite web| title = Software Assurance Analysis and Visual Analytics |website= SBIR.gov| accessdate = 2017-04-26| url = https://www.sbir.gov/sbirsearch/detail/94804}}{{Cite web| title = Software Assurance Analysis and Visual Analytics |website=SBIR.gov| accessdate = 2017-04-26| url = https://www.sbir.gov/sbirsearch/detail/363960}}{{Cite web| title = Software Assurance Analysis and Visual Analytics- CRPP |website=SBIR.gov| accessdate = 2017-04-26| url = https://www.sbir.gov/sbirsearch/detail/690540}} to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in an effort to secure the country's software supply chain. With this and funding from other sources, Secure Decisions developed the technology that eventually became the product “Code Dx” (where “Dx” is the medical notation for “diagnosis”).{{Citation needed|date=May 2020}}

Code Dx began as a platform for static code analysis. With the addition of support for dynamic testing tools, Code Dx is now a hybrid analysis vulnerability scanner.{{Citation needed|date=May 2020}}

Consistent with the commercialization goals of the SBIR program, Secure Decisions produced a version of Code Dx suitable for sale to the software development and security testing marketplace. The initial success of that commercialization effort led to the creation and spinoff of Code Dx, Inc. in early 2015.

The company shares its name with its flagship product, Code Dx Enterprise. Enterprise is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.{{Cite web| title = Supported SAST and DAST Tools for Code Dx| website=Code Dx, Inc.| accessdate = 2017-04-26| url = https://codedx.com/supported-tools/}} For static analysis, the product installs and configures several bundled open source static analysis tools and also connects automatically to a variety of commercial tools. The software selects the most appropriate analysis tool or tools for the language(s) in which the tested application is written, and maps the results of those tools (which vary according to the tool) to the Common Weakness Enumeration (CWE). For dynamic testing, Enterprise gathers the results of dynamic tool tests and integrates them into its vulnerability reports. In situations during which several tools are run simultaneously, results are consolidated and redundancies are removed. Identified vulnerabilities are mapped to various industry standards (like [https://www.owasp.org/index.php/Category%3AOWASP_Top_Ten_Project OWASP Top 10] and Web Application Security Consortium). Additionally, it identifies sections of code that are not compliant with applicable regulatory standards, such as HIPAA software regulations. The product supplies a visual interface that makes it simpler to identify vulnerability trends within the source code of the tested application.

'Stat!' provides a subset of the capabilities of Code Dx Enterprise, intended for smaller development teams looking to get started in application security testing. It supports only static analysis by open source tools. It also contains the same collection of bundled tools as Enterprise and runs them automatically after installation. It does not support commercial as well as dynamic testing tools. It does report according to the basic industry standard compliance requirements (such as OWASP Top 10), but does not support higher-level compliance standards such as HIPAA.

Code Pulse is an open source testing monitoring tool{{Cite web| title = OWASP Code Pulse Project| website=The Open Web Application Security Project| accessdate = 2017-04-26| url = https://www.owasp.org/index.php/OWASP_Code_Pulse_Project}} that was developed by Secure Decisions, again as part of a DHS research program,{{Cite web| title = U.S. Department of Homeland Security, Science and Technology Directorate, Cyber Security Division, Software Quality Assurance Project| accessdate = 2017-04-26| url = https://www.dhs.gov/science-and-technology/csd-sqa}} and is now supported by Code Dx. Code Pulse helps testers determine how thoroughly they have tested their code. As users run dynamic tests against their code, Code Pulse tracks, in real-time, what code has been executed and displays the results. It identifies areas of overlap, as well as areas that require a second look, and displays a visual picture of covered areas. It also measures the effectiveness of penetration and dynamic application security testing. Code Pulse works with any testing tool.{{Citation needed|date=August 2020}}

• Code Dx, Inc. was included among Cyber Defense Magazine's 2016 Top 20 Cyber-security Leaders for the Vulnerability Management category.{{Cite web| title = Cyber Security Leaders 2016| website= Cyber Defense Magazine| date= 25 May 2016| accessdate = 2017-04-26| url = http://www.cyberdefensemagazine.com/cyber-security-leaders-2016/}}
• Code Dx, Inc. was the Silver Winner in the Information Security Products Guide Best Startup of the Year category for 2016.{{Cite web| title = Global Excellence Awards| website = Info Security Products Guide| accessdate = 2017-04-26| url = http://www.infosecurityproductsguide.com/world/2016/| archive-url = https://web.archive.org/web/20180429140717/http://www.infosecurityproductsguide.com/world/2016/| archive-date = 2018-04-29| url-status = dead}}

• Code Dx version 2.2 was named the Gold Winner (Best Product of the Year) in the Golden Bridge Awards for the Vulnerability Assessment and Remediation category in 2016.{{Cite web| title = Business Awards| website = Golden Bridge Awards| accessdate = 2017-04-26| url = http://www.goldenbridgeawards.com/world/| archive-url = https://web.archive.org/web/20160814191346/http://www.goldenbridgeawards.com/world/| archive-date = 2016-08-14| url-status = dead}}
• Code Dx Enterprise Edition won the “Cutting Edge Application Security Solution for 2016” award from Cyber Defense Magazine's Annual InfoSec Awards.{{Cite web| title = CDM INFOSEC Award Winners 2016| website=Cyber Defense Magazine| date=26 February 2016| accessdate = 2017-04-26| url = http://www.cyberdefensemagazine.com/2016-cdm-infosec-award-winners/}}
• In a report to the White House, the U.S. National Institute of Standards and Technology recognizes Code Dx as a "tool that matches, consolidates and presents the output of analysis tools."{{Cite report| publisher = National Institute of Standards and Technology| last1 = Black| first1 = Paul E| last2 = Badger| first2 = Lee| last3 = Guttman| first3 = Barbara| last4 = Fong| first4 = Elizabeth| title = Dramatically reducing software vulnerabilities: Report to the White House Office of Science and Technology Policy| page = 19 |location = Gaithersburg, MD| accessdate = 2017-04-26| date = 2016-11-01|doi = 10.6028/NIST.IR.8151 |url = http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf| doi-access = free}}
• Code Dx has received coverage in Forbes magazine, as well as the Long Island press.{{cite web |url=https://www.forbes.com/sites/adrianbridgwater/2015/02/02/code-dx-fewer-data-breaches-by-visualizing-code-integrity/#5f86ab933164 |title=Code Dx: Fewer Data Breaches By Visualizing Code Integrity |last=Bridgwater |first=Adrian |date=2015-02-02 |website=Forbes |accessdate=2017-04-25}}{{Cite web| last = Morgan| first = Steve| title = Long Island Cybersecurity Firm Pops Up On Northrop Grumman's Radar Screen| work = Forbes| accessdate = 2017-04-26| url = https://www.forbes.com/sites/stevemorgan/2016/02/09/small-cyber-firm-worth-billions-to-northrop-grumman/}}{{cite web|url=http://www.innovateli.com/stopping-cyberattacks-start/ |title=Stopping Cyberattacks Before They Start |work=Innovate Long Island |date=2016-06-07 |accessdate=2017-04-25}}{{Cite web| title = Code Dx Receives Long Island Software Award| website=Code Dx, Inc.| accessdate = 2017-04-26| date = 2013-04-16| url = https://codedx.com/lisoftwareaward/}}

{{reflist|30em}}

Category:Software companies based in New York (state)

Category:Defunct software companies of the United States