Cigital

Established in 1992 as Reliable Software Technologies with initial funding from DARPA, the company rebranded as Cigital in September 2000. A key figure in its history is Gary McGraw, who served as the Chief Technology Officer and became a globally recognized authority on software security. His background includes a dual PhD in Cognitive Science and Computer Science from Indiana University, and his work heavily influenced the company's direction.

Cigital specialized in software security and operated primarily as a consulting firm, providing services to large organizations across various sectors, including finance, retail, and gaming. The company's business model was centered on offering a comprehensive suite of professional and managed services aimed at identifying, remediating, and preventing security vulnerabilities throughout the software development lifecycle. This was delivered through a combination of expert consultants, proprietary technologies, and training programs.

The firm's service portfolio was extensive, featuring application security testing (including static, dynamic, and mobile testing), penetration testing, architecture risk analysis, and threat modeling. Cigital also developed notable products and frameworks. In 1999, it created ITS4, considered the world's first static analysis tool. Another significant contribution was the co-development of the Building Security In Maturity Model (BSIMM), a framework that helps organizations measure and compare their software security initiatives. Additionally, it offered products like SecureAssist, a tool that functions like a spellchecker to help developers find and fix security issues in real-time.

Over the years, Cigital achieved several milestones, including securing a $50 million investment in a Series B funding round in October 2013 and acquiring IViz Security in November 2014 to enhance its on-demand penetration testing capabilities. The company's growth culminated in its acquisition by Synopsys, Inc. in November 2016, along with its 2015 spin-off, Codiscope. This acquisition integrated Cigital's skilled workforce and service offerings into Synopsys's Software Integrity Platform, aiming to provide a more complete security signoff solution for the market.

Keywords: software security, application security testing, security consulting, penetration testing, secure SDLC, threat modeling, architecture risk analysis, static analysis, dynamic application security testing, managed security services, BSIMM, Gary McGraw, Synopsys, Codiscope, application security firm, software vulnerability, secure code review, security training, mobile application security, vendor security assessment