SECURITY
SECURITY
SECURITY
Checkmarx acquires open-source supply chain security startup Dustico
Application security testing firm Checkmarx Ltd. has acquired open-source supply chain security startup Dustico Ltd. for an undisclosed price.
Founded in 2020, Dustico offers a platform for code packages behavioral analysis and detection of open-source software supply chain attacks. The technology is built to go beyond traditional source vulnerability analysis and look at the behavior and reputation of open source packages.
The company’s platform uses a three-pronged approach to open-source code vulnerability analysis. The solution factors in trust to provide visibility into the credibility of package providers and individual contributors in the open-source community. Secondly, the platform assesses the health of packages to determine their update cadence and level of maintenance. Finally, Dustico applies an advanced behavioral analysis engine to inspect the package to look for attacks hiding within, such as backdoors, ransomware, multi-stage attacks and Trojans.
Key features of Dustico’s platform included advanced machine learning and threat intelligence to automatically detect abnormal behaviors in code packages; ahead-of-time analytics that fetches packages for analysis as soon as they are published online; and a developer-first approach.
The technology will be integrated with vulnerability results from Checkmarx’s AST solutions to give organizations and developers a unified and effective approach for managing the risks associated with open source and the supply chains dependent on them.
“Today’s adversaries have zoned-in on software supply chains – many of which rely heavily on open source,” Maty Siman, chief technology officer of Checkmarx, said in a statement. “As the threat of tampering in third-party packages increases, development teams must operate with the proactive assumption that all code may have been maliciously manipulated.”
Dustico had not raised any venture capital funding before its acquisition. According to Startup Nation Central, the company is described as being bootstrapped since it was founded.
Checkmarx has raised $92 million in venture capital in the past. A listing on Crunchbase reports that investors in the company include Insight Partners, XT Investments, Salesforce Ventures, K1 Investment Management and Ofer Hi-Tech.
Photo: Dustico
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
