Checkmarx
 | |
| Company type | Private |
|---|---|
| Industry | Software Security, Application security |
| Founded | 2006 |
| Founder | Maty Siman (CTO), Emmanuel Benzaquen (Former CEO) |
| Headquarters | Atlanta, Georgia, US |
Key people | Sandeep Johri (CEO) |
| Website | checkmarx.com |
Checkmarx is an enterprise application security company specializing in static application security testing (SAST) headquartered in Atlanta, Georgia in the United States.[1] It has over 900 employees.[1]
Background
[edit]Before founding Checkmarx, Maty Siman worked in the Mamram unit of the Israeli Defense Forces (IDF) and later in the Matzov unit. Then he worked a two years term until February 2006 as an advisor at the Israeli Prime Minister's Office.[2]
History
[edit]Checkmarx was founded in 2006 by Maty Siman and Emmanuel Benzaquen.[3][1]
In 2017, Checkmarx acquired Codebashing to add AppSec training.[4] The following year, it acquired Custodela, DevSecOps consulting firm.[5][6]
Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.
In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain.[7][8]
In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.'[9]
Research
[edit]Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks:
- In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance.[10]
- In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data.[11]
- In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data.[12]
- In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws.[13]
- In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps.[14]
Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique,[15] alongside broader supply-chain findings in public repositories.[16] Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools.[17]
Funding
[edit]Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange.[18][19][20] In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million.[20][1][3]
In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG,[21] acquired Checkmarx for $1.15 billion.[1][3][22] After the acquisition, Insight Partners retained a minority interest in the company.[1][23]
See also
[edit]References
[edit]- ^ a b c d e f "Hellman & Friedman Acquires Checkmarx for $1.15B". Dark Reading. 16 March 2020. Retrieved 2024-05-06.
- ^ Bar-Yosef, Noa (November 20, 2012). "Security Startups: In Focus With CheckMarx Founder Maty Siman". SecurityWeek.
- ^ a b c "Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B". TechCrunch. 16 March 2020. Retrieved 2020-09-01.
- ^ "App security co Checkmarx buys UK co Codebashing". Globes. 2017-07-24. Retrieved 2025-11-21.
- ^ Wenkert, Amarelle (2018-11-08). "Cybersecurity Company Checkmarx Buys Ontario-based Custodela". CTECH - www.calcalistech.com. Retrieved 2020-09-09.
- ^ "Checkmarx Acquires Custodela". Dark Reading. 8 November 2018. Retrieved 2020-09-09.
- ^ "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. 5 August 2021."Checkmarx's Dustico acquisition bolsters the open source software supply chain". VentureBeat. 2021-08-09. Archived from the original on 2023-10-03. Retrieved 2025-11-21.
- ^ Page, Carly (2021-08-05). "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. Retrieved 2025-11-21.
- ^ "Checkmarx CEO Benzaquen stepping down after 17 years in latest shakeup at cyber unicorn". ctech. 2023-02-28. Retrieved 2025-11-21.
- ^ "Camera app vulnerability could allow surveillance of Android users". SecurityWeek. 19 November 2019. Retrieved 5 October 2025.
- ^ "Ring Android bug could let rogue apps spy on camera feeds". Ars Technica. 29 August 2022. Retrieved 5 October 2025.
- ^ "Checkmarx surfaces malicious effort to compromise software supply chains". DevOps.com. 15 January 2025. Retrieved 6 October 2025.
- ^ "Developers knowingly push vulnerable code, despite growing breach risk". Cybersecurity Dive. 3 September 2025. Retrieved 5 October 2025.
- ^ "AI code generation creates blind spots in DevSecOps security". ITProToday. 20 July 2025. Retrieved 5 October 2025.
- ^ "Lies-in-the-loop attack shows risks in AI coding agents". Dark Reading. 12 September 2025. Retrieved 6 October 2025.
- ^ "Checkmarx surfaces malicious effort to compromise software supply chains". DevOps.com. 3 September 2025. Retrieved 6 October 2025.
- ^ "Developers knowingly push vulnerable code, despite growing breach risk". Cybersecurity Dive. 3 September 2025. Retrieved 6 October 2025.
- ^ Scheer, Matt (2020-07-27). "Security Checks When Submitting Apps to the Salesforce ISV Team". crmscience. Retrieved 2020-11-13.
- ^ "Checkmarx Raises Funding From Salesforce.com, Ofer Hi-Tech". TechCrunch. Retrieved 2020-09-04.
- ^ a b "Insight Venture Partners to buy Israeli co Checkmarx - Globes". en.globes.co.il (in Hebrew). 2015-06-17. Retrieved 2020-09-09.
- ^ "In $1.15 Billion Deal, Hellman & Friedman Acquires DevOps Firm Checkmarx | Israel Defense". www.israeldefense.co.il. 17 April 2020. Retrieved 2020-10-21.
- ^ "3 Israeli cybersecurity firms win Black Unicorn Awards". ISRAEL21c. 2019-08-22. Retrieved 2020-10-21.
- ^ Novinson, Michael (2020-06-24). "The Biggest 10 Cybersecurity Acquisitions Of 2020 (So Far)". CRN. Retrieved 2020-09-04.