notepad0x90
3 days ago
That's an interestingly named product. Bloodhound is a well known/established security tool/platform. You're in for legal trouble I think. But legality and suits aside, you guys also use graph-db from the sound it, just like them. were you familiar with their product?
How does it compare to codeql (github), whitesource/mend? I'm used to just looking at the reports and validating things, is your main sell here that you auto-generate exploits and validate the vulnerability? Will your VS/IDE extension integrate in-line with the code, highlighting findings and helping you trace the execution flow?
michaelafam1
10 hours ago
We don't auto generate issues exploits but rather find the already existing exploits and break them further to test the full depth of the vuln. We use some aspects of graph DB but its not quite the same thing. This differs from Mend and CodeQL because they focus on deep semantic analysis or SCA, We use parallel detection systems for hybrid, holistic analysis by combining advanced static testing, execution modeling, and ML on test data to improve bug breadth, path feasibility, and alert prioritization aka. prove deep rooted issues other tools are not trained to find.
And yes it does integrate in line with the code and trace exec flow. Would you wanna try it out and see what it can help you find? It runs locally so nothing leaves your system