Checkmarx Enhances Software Exposure Platform
March 06, 2019

Checkmarx unveiled major advancements to accelerate adoption of the most comprehensive, unified software security solution on the market.

As the application layer increasingly is the source of successful attacks, risks are amplified as organizations move to agile development and DevOps without implementing proper DevSecOps practices. The latest release of the Checkmarx Software Exposure Platform adds to the management and orchestration layer of the industry’s first unified software security solution released in August 2018 for organizations to:

- Simplify and streamline the managing policies: Using a unified policy engine for both proprietary code and open source software components, organizations can easily define goals and business outcomes jointly defined with business owners and DevOps to determine security risk thresholds for specific applications and projects based on predefined or custom security policies.

- Correlate vulnerabilities across the SDLC for higher result confidence: Leveraging the Checkmarx correlation engine, organizations can easily see if vulnerabilities are present across multiple stages of the SDLC to validate findings. For example, by correlating vulnerability findings between CxSAST and CxIAST, organizations gain the confidence that security risks identified in both source code and runtime applications represent real security risk to the organizations.

- Get Full Visibility into Software Exposure: A new Software Exposure Dashboard presents code vulnerabilities by project, giving business stakeholders full visibility into the organizations’ software security posture over time and presents key KPIs for actual code exposure including the number of outstanding vulnerabilities, their severity and average remediation velocity. Users are also able to zoom into specific projects to view status and metrics.

- Efficiently Remediate Code Vulnerabilities: Checkmarx’s new intelligent remediation engine feeds raw findings across Checkmarx CxSAST, CxOSA and CxIAST and fine tunes the results using machine learning algorithms, to filter out false positives and make correlations to increase confidence levels. User defined policies are applied to automatically generate prioritized findings. This gives organizations actionable results based on business impact and helps organizations focus on what matters most.

- Improved User Management and Access Control: Role-based access control across the Software Exposure Platform allows organizations to define roles with specific permissions and access to meet security and compliance mandates.

The Checkmarx Software Exposure Platform tightly integrates Checkmarx CxSAST, CxOSA, CxIAST and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle. Checkmarx also offers expert services for software security deployment to advance customers’ DevSecOps programs.

“Software security continues to increase in its significance and importance as a security practice in line with digital transformation and software growth,” said Assaf Dar, Chief Product Development Officer, Checkmarx. “We are committed to helping our customers run their software security programs at scale across their entire portfolio, across the entire SDLC. Checkmarx’s unified Software Exposure Platform addresses software security from end-to-end empowering organizations to move to a true DevSecOps model and deliver secure software faster.”

Share this

Industry News

November 13, 2019

Testim introduced the Testim Development Kit, a new way for developers to quickly create resilient tests directly in code.

November 13, 2019

Rollbar announced an error monitoring solution for Salesforce’s Apex platform.

November 13, 2019

StackRox announced version 3.0 of the StackRox Kubernetes Security Platform.

November 12, 2019

VMware announced rapid advancement of VMware Tanzu, a new portfolio of products and services designed to transform the way enterprises build, run and manage software on Kubernetes.

November 12, 2019

SmartBear released ReadyAPI 3.0. This latest release addresses the increasing requirement for organizations to consistently deliver high-quality APIs in order to meet accelerated business demands within compressed release cycles.

November 12, 2019

Aqua Security announced its expansion into cloud security posture management (CSPM) with its acquisition of CloudSploit.

November 07, 2019

To help developers increase the speed and quality of their SQL coding, enhance efficiency, and take advantage of the latest improvements in SQL Server, Redgate has released a major upgrade for its most popular tool, SQL Prompt.

November 07, 2019

CloudBees announced a partnership with Atos and VMware surrounding a solution to help customers adopt DevOps best practices at scale on Atos’ recently announced Atos Digital Hybrid Cloud (DHC) powered by VMware Tanzu and CloudBees cloud native continuous integration/continuous delivery (CI/CD) enterprise solution.

November 07, 2019

Fugue announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

November 06, 2019

Red Hat and the Quarkus community announced Quarkus 1.0.

November 06, 2019

Copado announced its Winter 20 release to provide Salesforce customers the fastest path to continuous innovation.

November 06, 2019

Applause announced its new solution for AI training and testing.

November 05, 2019

Broadcom announced an expanded collaboration with Infosys to help SAP customers mitigate risks and costs associated with the upgrade to SAP’s next-generation enterprise resource planning application, S/4HANA.

November 05, 2019

Opsani AI is now generally available for services providers running on Microsoft's Azure cloud computing platform.

November 05, 2019

Wind River announced the release of its latest version of Wind River Simics.