1 Introduction
As the famous quote attributed to the American computer scientist Gerald Weinberg goes, “If builders built houses the way programmers built programs, the first woodpecker to come along would destroy civilization.” Unfortunately, this observation is even truer nowadays than it was a few decades ago. The modern digital society is constantly moving and changing at increasing speeds, putting even more pressure on businesses to bring their applications to the market as fast as possible, which eventually led to the emergence of new software development methodologies like DevOps. At the same time, growing usage of the Internet and continued deperimeterization of corporate networks means that the overall exposure of software to various threats and attacks has also increased dramatically, making software security a critical factor for every modern business.
Unsurprisingly, the cybersecurity market offers a huge selection of various security solutions to choose from, but to think of it, the only truly proactive approach towards software security is to try to develop applications without vulnerabilities. In an ideal world where developers make no mistakes, applications (as well as backend services, APIs, device firmware, etc.) would be impervious to most of the threats that currently target them. In a real world, however, developers require special tools to discover and mitigate problems in their software across the entire development life cycle, beginning with the static analysis of the source code – an extremely tedious and error-prone process if done manually.
Checkmarx is a privately held application security vendor headquartered in Ramat Gan, Israel. The company was founded in 2006 with a vision of developing automated solutions for code review and identification of both technical and logical vulnerabilities. Pioneering several new concepts in the static code analysis field, Checkmarx has grown into one of the leading players in the application security testing market. Serving over 1,800 customers around the world, the company can boast of helping the world’s largest software vendors, many Fortune 500 enterprises, and government organizations make their software more reliable and secure. With multiple offices in North and South America, EMEA and Asia, Checkmarx has a strong worldwide presence further supported by a global partner network.
Although the company has started in the “traditional” static source code analysis, and their static application security testing solution still forms the foundation of their portfolio, the need to address the emerging software security challenges has led to a significant expansion of the Checkmarx application security offering. With the adoption of agile development methods and the increasing popularity of DevOps, code review and security testing must become an integral part of the continuous delivery process, seamlessly integrating into existing development environments.
Expanding the focus of application testing to incorporate 3rd party open source libraries, runtime vulnerability detection, as well as integration and automation for DevOps workflows, Checkmarx has introduced the notion of “Software Exposure” as a discipline for covering the whole attack surface across different types of software and every phase of its development life cycle. With the Checkmarx Software Exposure Platform that combines software security tools with managed services and training, the company offers an integrated platform for detecting, prioritizing and mitigating multiple software-related risks, not just making your applications more reliable, but improving your organization’s overall security posture.
