SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Data Theorem debuts Code Secure for software chain safety

Fri, 11th Oct 2024

Data Theorem has launched a new product, Code Secure, which is designed to enhance the security of the software supply chain by integrating various security capabilities.

Data Theorem, a company known for its focus on application security, announced the introduction of Code Secure, a product that integrates Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Supply Chain Security features, including Software Bill of Materials (SBOM) management. This comprehensive product aims to provide thorough security insights across application and API code repositories.

The Code Secure solution offers security teams dynamically verified insights into potential vulnerabilities, dependencies on open-source components, and the overall composition of the software. This is achieved by automating the analysis of security concerns across the codebase, significantly reducing the manual workload involved in data management. The tool assists teams in prioritising critical vulnerabilities, aiding in faster remediation processes and strengthening security measures earlier in the development lifecycle.

Doug Dooley, Chief Operating Officer at Data Theorem, stated, "Data Theorem is committed to leading the market in application and API security innovation. With Code Secure, we've built on the foundation of our Supply Chain Secure product to offer an integrated approach that helps security and DevOps teams confidently secure their software. By consolidating SAST, SCA, and SBOM management with real-time verification and attack path visualisation, Code Secure delivers unparalleled protection for organisations. This new, integrated code security offering delivers significant cost savings and simplicity for customers seeking to eliminate complexity and alert fatigue often associated with their legacy SAST and SCA scanning tools."

The comprehensive Full Stack Security analysis provided by Code Secure features visibility across all layers of an application's architecture. This extends from the code, APIs, and open-source libraries to cloud environments and third-party components. Code Secure allows security teams to discern how vulnerabilities interconnect and impact the overall security posture, facilitating root cause identification and improving risk assessments.

A recent report from Gartner highlights the challenges faced by application security tools, stating, "Application security tools invariably produce reams of data about potential vulnerabilities. Traditional, frequently manual, approaches to assessing and prioritising these findings have failed to scale to accommodate either the amount of data (which has grown exponentially as new types of tests, generating ever more findings, are implemented) or the speed associated with modern development processes. This situation inevitably results in a number of adverse outcomes. Development, platform engineering, cloud operations, security teams and others frequently struggle to prioritise specific security issues that should be addressed more holistically to provide optimal reduction in risk."

Code Secure comes with several key differentiators. These include tool consolidation by integrating SAST, SCA, Supply Chain, and SBOM management into a single solution, reducing the need for multiple tools. It offers dynamic verification using Dynamic Application Security Testing (DAST) to verify code findings for APIs and applications, enhancing the accuracy of vulnerability detection. Additionally, attack path visualisation integrates code-level violations, enabling security teams to understand potential exploit pathways better.

The launch of Code Secure aligns with Data Theorem's introduction of Attack Path Visualisation, marking their ongoing commitment to delivering comprehensive security solutions for modern, cloud-native applications.

Code Secure is currently available, offered through a subscription model with pricing starting at USD$50 per seat per month.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X