Editor’s brief: Most enterprises rely on multiple tools for various infocomm functions, and application security is no different. Having the power to consolidate the data from various tools with easy-to-understand insights, would be a powerful enabler for any CISO or sysadmin managing complex applications and development. Leading application security vendor Synopsys, announced that it has acquired Code Dx, bringing enhanced software vulnerability correlation, prioritization, and consolidated risk reporting to its arsenal.
Synopsys Acquires Code Dx to Extend Application Security Portfolio
Code Dx adds software vulnerability correlation, prioritisation, and consolidated risk reporting
SINGAPORE, @mcgallen #microwireinfo, June 10, 2021 – Synopsys, Inc. (NASDAQ: SNPS) today announced that it has acquired Code Dx, a provider of an award-winning application security risk management solution that automates and accelerates the discovery, prioritisation, and remediation of software vulnerabilities. The addition of Code Dx enables Synopsys to offer customers consolidated risk reporting and prioritisation across correlated software vulnerability data produced by Synopsys solutions and more than 75 third-party and open source application security and development products. Headquartered in Northport, New York, the acquisition also adds a team of R&D engineers experienced in vulnerability correlation and integrating security testing activity across the entire software development pipeline.
The terms of the deal, which are not material to Synopsys’ financials, are not being disclosed.
Prior to the acquisition, Code Dx was a valued member of the Synopsys Technology Alliance Partner (TAP) program. As part of that partnership, Synopsys has worked closely with Code Dx to support their integrations within the Synopsys product portfolio. As a result, customers can use Code Dx’s offering in conjunction with Synopsys products immediately.
Synopsys provides the broadest portfolio of application security solutions in the industry, including static, dynamic, and interactive application security testing and software composition analysis. The recently introduced Synopsys Intelligent Orchestration solution uses innovative technology to automatically determine and initiate the most appropriate security tests using Synopsys and third-party products based on pre-defined risk policies and changes made to an application. Code Dx complements and extends these solutions by aggregating and correlating security testing results from Synopsys products, third-party products, and open-source products across the pipeline to provide consolidated risk reporting and facilitate prioritised remediation efforts.
“The complexity and speed of modern software development requires the use of multiple security testing technologies and rapid testing cycles,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “While robust security testing is vital to securing modern software, it often produces large amounts of vulnerability data that is difficult to manage at speed and at scale. Code Dx enables our customers to optimise and harness the breadth of our application security portfolio, along with third-party tools, by aggregating, correlating, and prioritising security testing results based on risk.”
The addition of Code Dx makes Synopsys the first vendor to provide the full spectrum of application security tools and services, including:
- A complete suite of industry-leading security testing tools
- An intelligent orchestration engine that automatically determines and initiates the appropriate tests for each step in the DevOps workflow
- An aggregation, correlation, and prioritisation solution for the vulnerabilities identified during testing
- Consolidated application security risk reporting across any commercial and open-source application security solutions
- Consulting and managed services to align people, process, and technology and address application security risks holistically
The extensibility of Synopsys Intelligent Orchestration and Code Dx enables organisations to build more efficient and effective testing programs while leveraging their current investments in application security testing tools.
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimising risks while maximising speed and productivity. Synopsys, a recognised leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behaviour. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organisations optimise security and quality in DevSecOps and throughout the software development life cycle. Learn more at https://www.synopsys.com/software-integrity.
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As an S&P 500 company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and offers the industry’s broadest portfolio of application security testing tools and services. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing more secure, high-quality code, Synopsys has the solutions needed to deliver innovative products. Learn more at https://www.synopsys.com.
This press release contains forward-looking statements, including, but not limited to, statements relating to the expected benefits of the transaction. Forward-looking statements are subject to both known and unknown risks and uncertainties that may cause actual results to differ materially from those expressed or implied in the forward-looking statements. These risks and uncertainties include, among others, Synopsys’ ability to operate or integrate Code Dx’s assets and employees with its own successfully, which may include a potential loss of customers, key employees, partners or vendors, and uncertain customer demand for Code Dx’s products and solutions. Other risks and uncertainties that may apply are set forth in the Risk Factors section of Synopsys’ most recently filed Quarterly Report on Form 10-Q. Synopsys assumes no obligation to update any forward-looking statement contained in this press release.