Toronto, Ontario, Canada - February 20, 2025 . At CodeEye, we don’t just build software—we build secure software by design. Our new Product Engineering Service stands out by embedding security into every phase of the development lifecycle, setting us apart from traditional software development companies that often treat security as an afterthought, leaving you the customer up at night worried about third party risk.   Powered by our IRIS Next-Gen ASPM platform, and a security focused development team, we integrate real-time vulnerability detection and remediation directly into the development process, ensuring that every product is not only innovative but also resilient, scalable, and fully compliant with leading security standards like NIST 2.0 and the CIS Controls for Product Security. Our Unique Value Proposition: Security Embedded at Every Stage – From ideation to deployment, security is always in focus Application Security by Design – Build resilient, future-proof products from the ground up NIST 2.0 & CIS Controls Compliance – Align with top-tier product security standards Real-Time Vulnerability Detection & Remediation – Powered by IRIS for proactive protection End-to-End Product Development – Comprehensive solutions tailored to your business needs Agile & Scalable Solutions – Innovate faster without sacrificing security or compliance Regulatory Readiness – Stay ahead of evolving standards like NIST 2.0, CIS, and GDPR Unlike traditional software development companies, CodeEye ensures that security isn’t a bolt-on—it’s built-in. This approach reduces technical debt, minimizes vulnerabilities, and streamlines compliance, giving your business a competitive edge in an increasingly regulated and threat-prone landscape. Let’s Build Smart. Let’s Build Secure. Visit www.codeeye.ai or contact@codeeye.ai today to discover how our Product Engineering Service can help you bring secure, compliant, and scalable products to market—faster and safer.

The rapid pace of application development today increases the potential for security gaps, making it essential to have a robust strategy in place. Since our founding in 2017, CodeEye has continually adapted and expanded our capabilities to meet the growing demands of our clients. Today, we’re excited to introduce a refreshed brand identity that aligns with our mission to provide top-tier security solutions that safeguard applications from development to deployment. So, why now?  From our early days specializing in offensive security and digital forensics to the development of our flagship IRIS platform , our journey has been one of growth, innovation, and unwavering commitment to our clients. Our new brand identity symbolizes our evolution and future direction, following the launch of our next-generation Application Security Posture Management (ASPM) platform earlier this year. The new brand emphasizes building security into every stage of development to a production product, helping businesses envision a better way to secure their applications. A Clearer Focus: Simplifying Application Security with a Modern Brand This brand update is designed to make security more accessible and manageable for our clients, from early development to ongoing maintenance. “Vision” remains a central theme to CodeEye’s identity, with the  IRIS platform  acting as a lens that helps businesses detect and remediate every potential threat, from code to production. Real business context from identifying possible threats and prioritizing remediation matters.  The goal of IRIS is to minimize Application Security's role in a commoditized processes by automating risk priority.  We enable organizations to gain complete visibility of business contextualized risk, and make faster, risk-based decisions.  Alongside the brand, we built a new website that reflects our mission of empowering organizations to   embed security into their software development lifecycle from day one. The goal was to make our brand presence as professional and trustworthy as our solutions. Impact on Our Customers This isn’t just a visual update—it’s about improving how we communicate and engage with our customers. By simplifying our messaging and modernizing our presence, we make it easier for businesses to understand how our solutions fit into their security strategy. Whether you're a growing startup or an established enterprise, our goal is to provide a cohesive and accessible experience across all touchpoints to help you protect your applications from planning requirements to maintenance. Our Offerings: Comprehensive Security Services Beyond IRIS We haven't forgotten where we came from and what got us to this point. CodeEye’s commitment to securing applications extends beyond the IRIS platform and handing over a licensing key. Our Professional Services  include offensive security, and security consulting enabling businesses to fortify their security posture from every angle. Whether it’s testing the resilience of your cloud infrastructure, securing your CI/CD pipelines, or conducting Red and Purple Team exercises, we provide actionable insights to enhance your defenses. Additionally, our Product Security Services  help integrate security into every stage of development, from secure design and code quality assessments to compliance and application security continuous monitoring. This comprehensive approach ensures your applications are secure, compliant, and resilient. Founder and CEO, Robert Howes, had a vision that no matter the maturity or size, a common theme in all organizations is that developers do not understand business risk and application security engineers do not understand code vulnerabilities. Combined with the fact that skilled application security engineers are very difficult to employ, CodeEye’s managed ASPM service was born in 2022.  Robert believes that the company's managed service offering will continue to grow and accelerate over 50% year over year until 2028.  Looking Ahead: Stay Connected with CodeEye We’re excited to share our refreshed brand with you! As we continue to evolve, we look forward to sharing more updates and insights that will help you launch and scale secure applications capable of withstanding today’s most complex threats.  See how CodeEye and IRIS can rapidly transform your business into a secure, resilient operation book a demo with a member of our team. About CodeEye CodeEye is a leading Canadian provider of cutting-edge Application Security solutions, designed to protect your digital assets from ever-evolving cyber threats. Our flagship offering, IRIS, is an all-in-one Managed Application Security Platform tailored specifically for high-growth SMBs with tight security resources and tireless development teams. Our team excels in application security, from code to production, blending advanced technology with personalized support to help you identify and mitigate risks, elevate code quality, enhance team collaboration and stay compliant with industry regulations. For more information, visit codeeye.ai .

Toronto, Ontario, Canada – March 26, 2024. Application and information security solutions company, CodeEye Solutions, today announced a significant milestone in their evolution, appointing Ronald Iraheta as VP of Product Security. In this role, Iraheta will leverage two decades of product development and application security experience to help fast-growing organizations streamline their application security efforts, minimize risk, and focus on delivering secure, resilient, and high-quality software solutions. Prior to joining CodeEye, Iraheta played a pivotal role in the success of the Priceline Partner Network, where he led the development of groundbreaking application security solutions that transformed the industry landscape. He played a leadership role at two of the most recognizable brands in the travel/hospitality industry worldwide, spearheading the Application Security programs. As VP of Product Security, Iraheta will oversee the technical direction of CodeEye’s Next-Gen Application Security Posture Management Solution (ASPM), IRIS.  He will lead technology strategy, product development, and technical operations. Iraheta’s visionary leadership and strategic mindset will be instrumental in shaping the technology roadmap for IRIS and positioning CodeEye at the forefront of the Application Security Posture Management (ASPM) market. “We are taking a different path from the current vendors in this space. I see a tremendous opportunity to fill those gaps with a complete solution from code development to production application security threat detection and remediation, not just for the enterprise, but for SMB clients as well,” said Iraheta. “I am ecstatic to have Ronald join our team. As companies struggle with managing point solutions, complex licensing, and application threat visibility, our team has architected a platform that provides real-time, AI-powered threat detection, correlation, and remediation throughout the application/product lifecycle,” said Rob Howes, CEO of CodeEye Solutions. “Our view on application security is going to change how organizations centralize, detect, prioritize, and remediate vulnerabilities seamlessly across all stacks,” said Howes. Vendor of Record Award CodeEye Solutions has recently earned the designation of Vendor of Record by the Ministry of Government and Consumer Services for IT Security Products and Services. The Vendor of Record (VOR) arrangement was established through an open, highly competitive evaluation of IT security products and related services, including, but not limited to, implementation, maintenance, and support services. A VOR is essential for all Ontario Public Service (OPS) ministries and agencies covered by the OPS Procurement Directive. CodeEye was successfully approved as a vendor in the following categories: Static Application Security Testing Dynamic Application Security Testing Working with an Ontario VOR solution, like IRIS by CodeEye, comes with many benefits, including compliance with procurement directives and time and cost savings throughout the procurement process. This acknowledgment underscores IRIS's exceptional standards in empowering organizations to streamline application security efforts, minimize risks, and focus on delivering secure, resilient, and high-quality software solutions. About CodeEye Solutions CodeEye Solutions is a leading Canadian provider of cutting-edge Application Security Audit / Offensive Testing and Application Posture Management Services, empowering organizations to safeguard their digital assets against evolving cyber threats. With a comprehensive suite of solutions, including IRIS, an all-in-one Managed Application Security Platform focused on maturing the needs of the SMB Market, we offer unparalleled protection for high-growth businesses with limited security resources and tireless development teams. Our expertise is application security, from the foundation to the product, coupled with expert guidance and support, to ensure that our clients can detect and mitigate security risks, improve code quality, foster collaboration between teams, and ensure compliance with regulatory requirements. For more information on CodeEye please visit www.codeeyesolutions.com.

TORONTO, Nov. 30, 2022 – CodeEye Solutions, the IR, offensive/defensive security-led services company, unveiled its IRIS Code Risk Management Platform today. The new platform helps organizations build safe and secure applications,  provides the tools for secure code compliance and highlights business risk. As organizations adopt digital transformation to create new, competitive solutions for customers, ensuring that development teams are able to integrate the right security controls in an automated fashion means more secure products, better code, and provides executive teams the ability to measure the risk within a product development. IRIS can be deployed as a devsecops code scanning operational tool  integrated into the development process or it can be deployed as a secdevops compliance / audit tool, with weekly / monthly scanning capabilities for security teams to ensure policies are enforced, risks are identified and auditors can report on compliance. What separates IRIS from the market is our focus on business context,  risk visibility,  operational readiness and compliance. With the launch of CodeEye Solutions’ IRIS platform, organizations can now take advantage of managed, on-demand, or annual subscription application scanning services. The platform covers Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Third-Party library scans, Forensic Code Scanning, Executive Risk Management Module and much more. IRIS also integrates with many existing CI/CD tools and source controls (such as Github) and has its own API. “Many of our customers are asking us how they justify spending or measuring risk in development and if their teams are improving in secure development. Beyond the technical features that set IRIS apart, this is what our product does. We help clients understand risks wherever their code is and if their developers are increasing or decreasing that risk,” said Rob Howes, CEO of CodeEye Solutions. “Clients that have the compliance requirement but lack the resources or knowledge can also take advantage of our managed SecDevOps expertise,” said Howes. CodeEye Solutions is the only vendor in the secure code space that provides a managed practice for clients to take full advantage of. CodeEye anticipates that market demand for a managed code compliance will increase as budgets tighten for the next fiscal year and as internal security teams maintain focus on traditional security operations. Contact CodeEye Solutions today to discuss your next application project or compliance requirements. About CodeEye Solutions: Additional Services: Application Threat Modeling Manual Source Code Review Pipeline Audits and Tool Selection Secure Code Developer Training Application Security Architecture Design or Review Security Audits / Gap Assessments Incident Response / Planning Application Migrations Security Audit Penetration Testing Media Contact: contact@codeeyesolutions.com CEO – Rob Howes rob@codeeyesolutions.com

IRIS API Service is now available to all customers. Iris API service provides better visibility and will integrate Iris platform into the software development life cycle. Using the API will provide results from each scan and these results can be consumed by the internal services. This service will facilitate the integration of third parties such as Jira, Slack, or in a build system to block/hold a deployment. IRIS API service documentation is also available. With the documentation, developers can find all the necessary information about how the API works, and what data will be available through it. Customers can perform functions including: Accessing vulnerability data Scanning Releases under projects/applications Receiving remediation advice View Account/Users/Teams information Please contact CodeEye Solutions or live demo.

On February 26, 2024, the National Institute of Standards and Technology (NIST) released an update to the Cyber Security Framework (CSF), introducing several changes, including implications for security by design and secure SDLC. Application security has become increasingly important in recent years due to the rise in cyber-attacks and data breaches. Governments in both Canada and the US have recognized the need for increased scrutiny over application integrity and have introduced regulations and guidelines to ensure the security of sensitive data. In the US, the National Institute of Standards and Technology (NIST) released an update to the Cyber Security Framework (CSF) in 2024, introducing several changes, including implications for security by design and secure SDLC. One of the most significant changes in NIST CSF 2.0 is the introduction of the Platform Security category under the “Protect” function. This category specifically references secure software development, stating that “Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle.” CodeEye launched IRIS, in 2019 with the ability to consolidate code security into one platform.  Since then, IRIS has evolved into a Next Gen ASPM Solution. What is IRIS ASPM? From code to production, IRIS detects, correlates, provides risk-based analysis, and prioritizes application security findings for easier interpretation and remediation – all within one platform. IRIS has a built-in Risk and Compliance Module that provides ongoing performance and risk monitoring of the product development program, addressing the requirements of PR.PS-06 of NIST CSF 2.0. This means that organizations can use IRIS to ensure that their secure software development practices are integrated and monitored throughout the software development life cycle. IRIS’s Risk and Compliance module supports the implementation and improvement of the NIST Cybersecurity Framework (CSF) 2.0 across the software development lifecycle. It provides a comprehensive view of the usage and findings of different scanning modules that correspond to the five core functions of the CSF: Identify, Protect, Detect, Respond, and Recover. It helps stakeholders monitor and compare the performance, risk, and health of the software projects and teams, and supports data-driven decision-making and risk mitigation efforts. The R&M Dashboard of IRIS aligns with the CSF 2.0 requirements across all 5 functions: Identify: The dashboard helps identify the assets, systems, and data that are involved in the software development process, and the potential risks and vulnerabilities that may affect them. By visualizing the number of issues found, analysis executed, and findings detected in different project stages (e.g., coding, QA, Production, Docker virtualization), the dashboard provides insights into the overall risk level at each stage. Protect: The dashboard helps protect the software assets, systems, and data by enabling the use of different scanning modules that can detect and prevent security breaches, such as static code analysis, dynamic code analysis, penetration testing, and vulnerability scanning. The dashboard allows a comparative analysis of the level of usage and effectiveness of each scanning module. This helps identify which modules are being utilized most effectively and which ones may need improvement. Detect: The dashboard helps detect the occurrence of cybersecurity events by tracking issues detected and analyses executed by each development team. This helps identify potential weak points in teams’ security practices and make informed decisions based on the results. The dashboard also facilitates the timely discovery and reporting of security incidents by providing alerts and notifications. Respond: The dashboard helps respond to cybersecurity incidents by providing actionable information and guidance on how to address and resolve the issues. The dashboard facilitates risk mitigation efforts by identifying areas where security vulnerabilities are most prevalent, allowing teams to prioritize and address critical issues. The dashboard also supports communication and coordination among stakeholders and teams during the incident response process. Recover: The dashboard helps recover from cybersecurity incidents by monitoring and comparing the results over time and assessing the impact and effectiveness of the remediation actions. The dashboard helps assess the overall health and security posture of the software development projects and identifies areas for improvement and lessons learned. With NIST CSF 2.0 bringing a renewed focus on secure software development, CodeEye’s Risk IRIS Next Gen ASPM provides a solution for organizations to efficiently meet the requirements of the new framework. For more information on CodeEye’s Risk and Compliance Module, contact us for a demo. About CodeEye Solutions CodeEye Solutions is a leading Canadian provider of cutting-edge Application Security Audit / Offensive Testing and Application Posture Management Services, empowering organizations to safeguard their digital assets against evolving cyber threats. With a comprehensive suite of solutions, including IRIS, an all-in-one Managed Application Security Platform focused on maturing the needs of the SMB Market, we offer unparalleled protection for high-growth businesses with limited security resources and tireless development teams. CodeEye Solutions is the Ontario Government Vendor of Record for IT Security Products and Services. Our expertise is application security, from the foundation to the product, coupled with expert guidance and support, to ensure that our clients can detect and mitigate security risks, improve code quality, foster collaboration between teams, and ensure compliance with regulatory requirements. For more information on CodeEye please visit www.codeeyesolutions.com.