Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award


  • IEEE honors inventors of the Code Property Graph for its ongoing relevance in today’s technology and security conversations.
  • The Code Property Graph serves as the base for Qwiet AI’s leading application security tool for detecting vulnerabilities in code.

 

SAN JOSE, Calif.Aug. 5, 2024 — Qwiet AI, the first in the AppSec industry to provide AI-powered detection of vulnerabilities in code, congratulates the inventors of the Code Property Graph (CPG) for winning the 2024 IEEE Test of Time Award. The paper, “Discovering Vulnerabilities with Code Property Graphs” authored by Fabian YamaguchiNico GoldeDaniel Arp, and Konrad Rieck, received the honor at the 45th IEEE Symposium on Security and Privacy. Awarded by the IEEE Computer Society’s Technical Community on Security and Privacy, the IEEE Test of Time Award recognizes papers for their ongoing relevance in today’s technology conversations.

Recognizing that the protection of critical systems fundamentally depends on the rigorous identification of vulnerabilities within software, Fabian Yamaguchi and his team tested the capabilities of CPGs through an analysis of the Linux kernel, a well-audited code base. Their research demonstrated the effectiveness of CPGs by identifying 18 previously unknown vulnerabilities within the source of the Linux kernel. Yamaguchi would go on to join Qwiet AI (then ShiftLeft) to develop an industry-leading commercial vulnerability detection tool built on CPG technology.

“Security breaches in today’s environment continue to be a direct result of insecure code,” said Fabian Yamaguchi, Chief Scientist Emeritus of Qwiet AI. “Code Property Graphs enable organizations to contextualize their vulnerabilities within their application’s code and truly understand how to stop attacks before they happen. We’re honored to be recognized for this research into CPGs and its longstanding impact on the application security space.”

“We could not be prouder of Fabian and his team for their receipt of the IEEE Test of Time Award,” said Chetan Conikee, Co-Founder and Chief Technology Officer of Qwiet AI. “The Code Property Graph revolutionized vulnerability detection with the ability to combine multiple analyses into a single graph. This approach can fundamentally transform the industry by enabling the identification of complex security issues that traditional tools often miss.”

Qwiet AI utilizes CPG technology to create proprietary maps showing the full flow of data and control within an app, providing a comprehensive view of what’s happening in the code. This unparalleled level of context goes beyond conventional scanning tools by allowing Qwiet AI’s pre-zero platform to analyze the reachability of vulnerabilities, driving unparalleled speed and accuracy in scanning. Applying AI/ML engines to Qwiet’s CPG allows AI AutoFix to generate valid code that corrects discovered vulnerabilities. Organizations can tailor the CPG to its unique requirements, ensuring its security strategy can evolve in tandem with software development, providing robust and context-aware security insights.

About Qwiet AI

Qwiet AI, formerly ShiftLeft, reduces the noise inherent in the AppSec and DevSecOps space and allows developers to focus on high-fidelity results that have the greatest impact in their environment. Driven by a powerful AI engine developed by NumberOne AI, Qwiet AI’s platform is the first in the industry to provide AI-driven detection and AutoFixes of zero-day and pre-zero-day vulnerabilities in code. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in San Jose, California. For information, visit: www.qwiet.ai.

About Qwiet AI

Qwiet AI empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, Qwiet AI scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, Qwiet AI then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use Qwiet AI ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in Santa Clara, California. For information, visit: https://qwiet.ai

Share