Cigital

Cigital
Private
Industry software security
Founded 1992, as Reliable Software Technologies, renamed in 2000 [1]
Headquarters Dulles, VA, U. S.
Number of locations
 Atlanta, Bangalore, Bloomington, Boston, Chicago, Dallas, Minneapolis, New York, Santa Clara, Seattle, London
Area served
 Worldwide
Key people
 Gary McGraw
Services Architecture Analysis, Ethical Hacking, Penetration Testing, Static Analysis, Training, Policy Development
Website cigital.com

Cigital is a software security firm, based in Dulles, VA.[2] Products include Static and Dynamic Security Testing as a Service (STaaS), Computer Based (CBT) and Instructor Lead (ILT) Training, Architecture Risk Analysis, Software Security program design and implementation, and SecureAssist, a product that acts as an application security spellchecker for developers.[3][4][5][6][7]

History

Cigital was established in 1992 with grants from DARPA [8][9] In 1999 the firm created ITS4, which according to the company website, was the first code scanning tool in the world.[10] The technology in this product was eventually licensed to Kleiner Perkins and used as the basis for the creation of Fortify Software in 1999.[11]

BSIMM (Build Security In Maturity Model) is a software security measurement framework that helps organizations compare their software security to other organizations.[12] BSIMM was started as a joint project by Cigital and Fortify Software.[13][14]

In 2002, Cigital announced finding a vulnerability in Visual C++ .Net compiler[15][16][17] (related to a GS compiler flag being inefficient).[18] Cigital has been criticized by some security experts for announcement being too early and without giving Microsoft chance to fix the vulnerability,[18] however, Cigital has defended its position because of the nature of the vulnerability found.[18]

Products

Cigital SecureAssist identifies security bugs[19] within the IDE and provides custom guidance to developers in reducing defects in future development. BuildSecure eLibrary is an online portal containing a suite of software security training classes.[20] Enterprise Security Portal tracks identified security bugs and checks for omissions to ensure a thorough analysis of the software. They also do research, for example, in a 2009 study, they found that poker games such as Texas Hold 'em involve considerable skill.[21]

Acquisitions

In November 2014, Cigital acquired IViz Security an information security company which is into on-demand application penetration testing.

References

  1. Cigital Inc. profile
  2. Schafer, Sarah (January 25, 2001). "Cigital Helps Wired World Stay That Way; Dulles Firm Works to Minimize Its Clients' Risks of Software Failure". The Washington Post. Retrieved October 12, 2014 via HighBeam Research. (subscription required (help)).
  3. http://www.cigital.com
  4. Johnston, Nicholas (August 26, 2002). "Cigital Sees Secure Opportunities; Already Profitable, the 10-Year- Old Software Maker Is Poised to Grow". The Washington Post. Retrieved October 12, 2014 via HighBeam Research. (subscription required (help)).
  5. Overly, Steven (October 7, 2013). "The Download: Dulles-Based Cigital Secures $50M from Private Equity Firm LR Partners (Posted 2013-10-07 15:56:28) ; Software Security Firm Brings in Private Equity Shop to Expand in Existing Markets, Reach New Ones". The Washington Post. Retrieved October 12, 2014 via HighBeam Research. (subscription required (help)).
  6. King, Mason (October 7, 2013). "Town, gown and techies team up in Bloomington". Indianapolis Business Journal. Retrieved April 9, 2012 via HighBeam Research. (subscription required (help)).
  7. Smeltz, Adam (October 7, 2013). "Hackers Who Attack U.S. in Line for Lucrative Payoffs". Pittsburgh Tribune Review. Retrieved October 27, 2012 via HighBeam Research. (subscription required (help)).
  8. Calnan, Christopher. "Praetorian pours profits into new products". Retrieved 28 June 2013.
  9. "Reliable Software Technologies Corp.". SBIRSource. Retrieved 29 July 2013.
  10. "ITS4: Software Security Tool". Retrieved 21 April 2015.
  11. Rao, Leena. "HP Acquires Software Security Company Fortify". Tech Crunch.
  12. McGraw, Gary; rian Chess; Sammy Migues (March 16, 2009). "Software [In]security: The Building Security In Maturity Model (BSIMM)". InformIT. Retrieved 28 June 2013.
  13. The Rocky Road To More Secure Code, Wall Street and Technology
  14. New Effort Hopes to Improve Software Security, Wall Street Journal
  15. Microsoft's New 'Compiler' Program Has Security Flaw, Consultancy Says. WSJ
  16. Flaw spotted in new Microsoft tool. CNet
  17. "Net Security Company Reports Flaw". Associated Press. February 15, 2002. Retrieved October 12, 2014 via HighBeam Research. (subscription required (help)).
  18. 1 2 3 Was Cigital security warning too hasty? CNet
  19. "Cigital Releases Software Security Training For Developers". Dark Reading. August 12, 2010. Retrieved 28 June 2013.
  20. "Cigital Partners with FS-ISAC to Provide Training to Members".
  21. "At war with luck". The Economist. July 10, 2010. Retrieved October 27, 2012 via HighBeam Research. (subscription required (help)).

External links

This article is issued from Wikipedia - version of the Sunday, February 28, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.