- Diamond Exhibitor
Arnica
www.arnica.ioSurface the right risk to the right owner at the right time with pipelineless, developer-native workflows that foster collaboration, increase development velocity, and reduce overall risk.
- Gold Exhibitors
Aikido Security
www.aikido.dev/Aikido is your no-nonsense security platform. One central system that shows you what matters and how to fix it, from code-to-cloud. Get security done 🤝 get back to building.
DefectDojo
www.defectdojo.com/info@defectdojo.comDefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from over 200 security tools, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture and compliance, automate operations to increase productivity and improve decision-making. For more information, visit defectdojo.com.
Endor Labs
www.endorlabs.com/Endor Labs is a consolidated AppSec platform for teams that are frustrated with the status quo of “alert noise” without any real solutions. Upstarts and Fortune 500 alike use Endor Labs to make smart risk decisions. We eliminate findings that waste time (but track for transparency!), and enable AppSec and developers to fix vulnerabilities quickly, intelligently, and inexpensively. Get SCA with 92% less noise, fix code 6.2x faster, and comply with standards like FedRAMP, PCI, SLSA, and NIST SSDF.
IriusRisk
www.iriusrisk.com/We make secure design the standard, scalable practice for all digital teams. IriusRisk makes secure design fast, reliable and accessible, even to non-security users, thanks to our automated and AI-augmented Threat Modeling Solution.
Palo Alto Networks
www.paloaltonetworks.com/
Phoenix Security
phoenix.security/ask@phoenix.securityPhoenix Security is an Actionable ASPM that empowers enterprises to connect security and engineering teams, delivering precise, risk-based actions from code to cloud. Our platform unifies threat intelligence, application security, and cloud security to prioritize fixes that matter most.
What makes our blood flow:
We love our clients and are trusted by industry leaders like ClearBank, LastPass, and IAS, Phoenix Security automates the discovery and attribution of assets, scales security teams’ impact by 4x, and accelerates vulnerability prioritization by 10x. With 4D risk quantification and contextual traceability, we help teams focus on fixing the right vulnerabilities first, reducing alert fatigue, and improving efficiency.
Secure Code Warrior
www.securecodewarrior.com/info@securecodewarrior.comSecure Code Warrior is a Developer Risk Management platform that transforms the way your software is created. We enable enterprises to implement new standards for secure code throughout the software development life cycle allowing the cyber security teams and CISOs to measure, mitigate and manage security risk.
SecureFlag
www.secureflag.com/support@secureflag.comSecureFlag empowers organizations in 30 plus countries to implement secure coding training. The platform offers thousands of hands-on labs in over 45 programming languages, hosted in virtualized environments. Developers gain skills to identify and remediate vulnerabilities, building secure software from the start. Through plugins, we integrate with the Software Development Life Cycle, embedding secure practices into workflows. Our customer success team designs bespoke training programs tailored to organizational needs. SecureFlag also offers ThreatCanvas, an automated threat modeling solution enabling developers to assess and mitigate design risks independently, reducing reliance on security teams.
Semgrep
semgrep.comSemgrep’s mission is to profoundly improve software security and reliability. Semgrep OSS is an open-source static analysis tool designed for developers to perform fast and customizable code analyses across large codebases.
Built on top of the Semgrep OSS engine, the Semgrep AppSec Platform provides industry-leading code, secrets, and dependency scans to enable organizations to ship secure code quickly, instead of slowing down development. The Semgrep AppSec Platform is adopted by companies like Snowflake, Figma, Lyft, and Dropbox.
Founded by Drew Dennison, Isaac Evans, and Luke O’Malley in 2017, Semgrep is funded by Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital.
XYGENI SECURITY
xygeni.io/Xygeni – The All-in-One Application Security Platform
Xygeni transforms how modern teams secure their software supply chain. Frustrated with fragmented tools, false positives, and reactive security? Xygeni consolidates application security into a single, intelligent platform that eliminates alert fatigue, pinpoints real threats, and enables seamless risk mitigation—without slowing development.
With dynamic prioritization and auto-remediation, security teams stop chasing noise and start fixing what matters. Detect malicious open-source components, secure builds, and manage SBOMs with full visibility. Whether you're a fast-moving startup or a global enterprise, Xygeni accelerates secure software delivery.
Less friction. More security. Real results. Get the brochure or book a demo to see Xygeni in action.
- Silver Exhibitors
ArmorCode
www.armorcode.com/sales@armorcode.comArmorCode is on a mission to supercharge your security team with a new model to reduce risk and burn down critical security tech debt. With its AI-powered ASPM Platform, ArmorCode integrates all of your security scanners across applications, infrastructure, containers, and clouds to unify and normalize findings, correlates them with business context and threat intel through intelligent risk scoring, and orchestrates security workflows to empower developers to remediate issues without disrupting their flow. ArmorCode delivers unified visibility, AI-enhanced prioritization, and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively.
Black Duck
www.blackduck.comBlack Duck, formerly the Synopsys Software Integrity Group, is the market leader in application security testing (AST). With the most comprehensive, powerful, and trusted portfolio of application security (AppSec) solutions in the industry, we help organizations worldwide build trust in their software. We take pride in offering the vision, flexibility, openness, coverage, and staying power our customers need to keep pace with the changing world of software development, software assurance, and risk management.
Corellium
www.corellium.com/
Mobb
www.mobb.ai/connect@mobb.aiMobb is the trusted, automatic vulnerability fixer that secures applications by remediating coding flaws using deterministic algorithms and advanced AI. This automated approach significantly reduces security backlogs and frees developers to focus on innovation and meeting business goals.
NDC Security
ndc-security.com/info@ndcconferences.comNDC Conferences is renowned for its highly technical events in the software development community, focusing on a wide range of topics including Security, .NET, Embedded, AI, and more. These conferences bring together industry experts, developers, and enthusiasts to share knowledge, network, and discuss the latest trends and technologies in software development.
The conferences are held in various locations around the world, such as Oslo, London, and Sydney, and feature a mix of keynote speeches, workshops, and breakout sessions. They are known for their high-quality content and engaging presentations, making them a valuable resource for anyone in the tech industry.
Sonatype
www.sonatype.com/company
Zenity
www.zenity.io/Zenity, the pioneer in securing AI Agents everywhere, is the first and only holistic platform purpose-built to govern and secure AI Agents from buildtime to runtime. With years of experience enabling Fortune 500 companies across industries like financial services, technology, and healthcare, Zenity combines business-logic-driven AI Security Posture Management (AISPM) with real-time AI Detection and Response (AIDR) to mitigate risks, ensure compliance, and maximize efficiency. The agent-less Zenity platform enables security, governance, AI, trust, and data science teams to implement observability, security posture management, detection and response, and prevention capabilities for AI Agents across the enterprise.
- Start-Up Exhibitors
Escape
escape.tech/alexandra@escape.techEscape helps teams secure modern applications —APIs, Single Page Apps, and Microservices. With Escape, you can document all your APIs in minutes—no traffic monitoring or complex integrations required. Leverage its proprietary DAST algorithm to detect business logic vulnerabilities and reduce developer remediation overhead with tailored code fixes.
Nokod Security
nokodsecurity.com/