Owners
History
2021: Acquisition by Checkmarx
On August 5, 2021 Israeli , the developer of the funds testing applications Checkmarx announced the acquisition of Dustico, the manufacturer of the platform for detecting malicious components in. supply chains Open Source Software The terms of the transaction are not disclosed.
The Dustico platform is planned to be integrated with Checkmarx's own development, a tool for analyzing components of open source software. CxSCA This will provide customers with a "unified picture of the risks, reputation and behavior of open source software components" to prevent attacks through supply chains (also called a third-party attack, an attack on the value chain, or a back-door hack. An attack on the supply chain occurs when an attacker gets access to the company's network through third-party vendors or suppliers, or through the supply chain[1]
 | The prevalence of such attacks has been growing in recent years. A successful attack through SolarWinds systems in 2020 led to catastrophic consequences in scale. In 2021, the EU Cybersecurity Agency ENISA predicts a fourfold increase in such attacks compared to 2020, and naturally the information security industry has an increased interest in supply chain protection. said Alexey Vodiasov, technical director of SEC Consult Services.
|  |
As of 2021, there is increased activity in the IB market in terms of combating attacks on supply chains: in early August 2021, the company ReversingLabs attracted an investment of $56 million to create countermeasures against such attacks, Gitlab revealed the sources of the Package Hunter package, designed to inspect dependencies in the software for malicious components. Google, in turn, introduced the Supply Chain Levels for Software Actions (SLSA) framework, also designed to detect errors and malicious elements in third-party software components.
The use of open source components in software creation is often cited as one of the main reasons for the spread of attacks on supply chains. The dependency managers used in development can automatically download and install dozens and hundreds of touch-free components during the software lifecycle, and not all of these components are flawlessly written. Moreover, there are cases when an opensory component is compromised by intruders, and their malicious code is embedded in the final product.
The Dustico platform was created just in order to protect itself from such scenarios. Based on machine-based training, this system conducts behavioral analysis of third-party software components used in development, as well as checks the level of trust in the main supplier of the component and other participants in its development, and also allows you to assess how high-quality and effective this component is supported. In addition, the system allows you to identify backdoors and other signs of suspicious activity, in particular, what operations the program performs, which network ports open, what connections it tries to establish and what processes it creates.
2020: Foundation of the company
As a company, Dustico appeared in 2020.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |