Synopsys to acquire Codenomicon

A team of security engineers at Codenomicon independently discovered the infamous Heartbleed bug while improving a feature in their security testing tools and reported it to the National Cyber Security Centre in Finland (NCSC-FI). A Codenomicon engineer is credited with naming the bug.

Codenomicon's solutions will help Synopsys deliver a more comprehensive security offering for the software development lifecycle by adding its Defensics tool for file and protocol fuzz testing, and its AppCheck tool for software composition analysis and vulnerability assessment.

The Codenomicon Defensics tool used to discover the Heartbleed bug automatically tests the target system for unknown vulnerabilities, helping developers find and fix them before a product goes to market. It is a systematic solution to make systems more robust, harden them against cyber-attacks and mitigate the risk of 0-day vulnerabilities.

The Defensics tool also helps expose failed cryptographic checks, privacy leaks or authentication bypass weaknesses. It is heavily used by buyers of internet-enabled products to validate and verify that procured products meet their stringent security and robustness requirements.

The Codenomicon AppCheck tool adds SCA capabilities to the Coverity platform, helping customers reduce risks in third-party and open source components. When using the AppCheck tool, customers are able to obtain a software bill of materials (BOM) for their application portfolios, and identify components with known vulnerabilities.

"Businesses are increasingly concerned about the security of their applications and protecting customer data. Adding the IoT to the mix increases the complexity of security even further. During the past 15 months, the world was hit by major security breaches such as Heartbleed, Shellshock, etc.," said Chi-Foon Chan, President and Co-CEO, Synopsys. "By combining the Coverity platform with the Codenomicon product suite, Synopsys will expand its reach to provide a more robust software security solution with a full set of tools to help ensure the integrity, privacy and safety of an organisation's most critical software applications."

"Since our inception, Codenomicon has focused on making the world a safer place by giving organisations the visibility and real-time intelligence necessary to effectively protect their software assets against security vulnerabilities," said Rauli Kaksonen, Co-Founder, Codenomicon. "By adding our pioneering solutions to Synopsys' Coverity platform, we can extend these benefits to a broader audience and help reduce risk across a range of industries and applications."