Denim Group has been acquired by Coalfire. Learn More>>

Denim Group Awarded HotSpot Technology Patent to Identify Vulnerabilities in Shared Internally-Developed Code

SAN ANTONIO–(BUSINESS WIRE)–Denim Group, the leading independent application security firm, today announced that the United States Patent and Trademark Office (USPTO) has awarded the company a patent for its HotSpot technology, used to identify vulnerabilities in code that is internally-developed and shared between development teams. This patent, combined with the company’s two Hybrid Analysis Mapping patents, demonstrates Denim Group’s commitment to innovation in the application and software assurance space.

“We have seen an extensive problem throughout the industry where internal code vulnerabilities are spread throughout an organization due to pervasive and often untracked code sharing between teams”

Tweet this

Enterprises tend to share a high volume of code between development teams and this code often contains vulnerabilities, resulting in situations where the enterprise’s applications are polluted. Denim Group’s HotSpot technology makes it possible to identify how this vulnerable code is being shared throughout an organization and where it is happening so risk can be quantified. The technology also facilitates the identification of opportunities for remediation leverage. By fixing a vulnerability and effectively communicating this fix downstream to other application teams, more serious vulnerabilities can be fixed with less effort providing critical leverage for teams struggling with significant remediation responsibilities.

“We have seen an extensive problem throughout the industry where internal code vulnerabilities are spread throughout an organization due to pervasive and often untracked code sharing between teams,” says Dan Cornell, CTO of Denim Group. “That is what inspired the research that resulted in this patent. Our team’s mission was to solve the problem of identifying internal code reuse that was resulting in subsequent issues. Our HotSpot technology creates a way for enterprises to correlate across static analysis so that development teams can fix one bug, push this fix down the line, and seamlessly remediate multiple vulnerabilities within the code.”

Other solutions on the market, such as Sonatype, BlackDuck, and Synk, identify situations where publicly available, open source components have known vulnerabilities and have been included in software packages. Denim Group’s new technology identifies vulnerable code being reused when in development within enterprise organizations. HotSpot provides valuable information about what vulnerabilities will be the most impactful to fix, which is critical in reducing an organization’s risk exposure from application-level vulnerabilities.

As part of Denim Group’s experience helping organizations roll out enterprise-wide static analysis programs, they repeatedly ran into situations where running a static scan on an application would result in finding serious vulnerabilities. Once research into the vulnerabilities was conducted, it would become clear that the team did not write or control the vulnerable part of the codebase, rather, that code had been developed by another group within the enterprise that had shared the internally-developed vulnerable code with this team and likely other teams. HotSpot solves the problem of identifying internal code reuse that results in vulnerabilities being spread throughout an organization. HotSpot correlates across static analysis results in an enterprise pushing code remediation down the development line, resulting in the resolution of vulnerabilities at scale.

For more information on Denim Group and our HotSpot technology, please visit our website

About Denim Group

Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risk. Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.