Checkmarx acquires open source supply chain security startup Dustico – TechCrunch

[ad_1]

Checkmarx, an Israeli supplier of static utility safety testing (AST), has acquired open-source provide chain safety startup Dustico for an undisclosed sum. 

Based in 2020, Dustico gives a dynamic source-code evaluation platform that employs machine studying to detect malicious assaults and backdoors in software program provide chains. 

The acquisition will see Checkmarx mix its AST capabilities with Dustico’s behavioral evaluation know-how to offer clients a consolidated view into the chance and popularity of open-source packages, and in consequence, a extra complete method to stopping provide chain assaults. 

The deal comes amid a pointy rise in provide chain assaults, through which menace actors slip malicious code right into a trusted piece of software program or {hardware}. Final December, it was revealed that Russian hackers had breached software program agency SolarWinds to plant malicious code in its IT administration instrument Orion. This allowed the hackers — later recognized as Russia’s Overseas Intelligence Service (SVR) — to entry as many as 18,000 networks that used the Orion software program.

Dustico’s know-how, which has similarities to that supplied by Sonatype, analyses open supply packages utilizing a three-pronged method. First, it components in belief, offering visibility into the credibility of package deal suppliers and particular person contributors within the open-source group, after which it examines the well being of packages to find out their degree of upkeep. Lastly, Dustico’s superior behavioral evaluation engine inspects the package deal and appears for malicious assaults hiding inside together with backdoors, ransomware, multi-stage assaults, and trojans. 

This perception, coupled with vulnerability outcomes from Checkmarx’s AST options, goals to offer organizations and builders higher insights for managing the dangers related to open-source and the provision chains depending on them, based on the 2 firms.

“We’re thrilled to welcome Dustico and its workforce to Checkmarx because the Israeli tech ecosystem continues to push the boundaries of cybersecurity innovation and expertise,” mentioned Emmanuel Benzaquen, CEO of Checkmarx. “Mixing Dustico’s differentiated method to open-source evaluation with Checkmarx’s safety testing capabilities will carry disruptive worth to our clients as they handle the challenges with securing software program provide chains.”

The acquisition of Dustico comes after Checkmarx was purchased by personal fairness agency Hellman & Friedman at a valuation of $1.15 billion in March 2020. Previous to this, in 2015, the corporate was bought to Perception Companions with an $84 million funding. 

[ad_2]

Supply hyperlink