Sign up to save your podcasts
Or
Share 784: Semmle - The New Method of Code Analysis
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
784: Semmle - The New Method of Code Analysis
Today, developers and security teams are at odds. Developers are under the gun to publish code quickly, which could result in sloppy coding errors and could also mean security teams don’t have enough time to review code for vulnerabilities.
Software underpins the world’s most commonly used technology. Windows contains tens of millions of lines of code. The software powering BMW cars includes some 100 million lines. Google’s empire of internet services -- from Google Search and Chrome to Gmail and Maps -- includes about2 billion. But it only takes a single coding error or bug to expose every user.
This is where Semmle comes in. Semmle allows developers to find vulnerabilities across a company’s entire codebase -- no matter the programming language -- in minutes instead of days. Before Semmle, this wasn’t technically possible. Semmle also allows developers to find variants of a known vulnerability across an entire codebase using deep semantic search. This was also not technologically possible before Semmle.
Their technology is like a Google for vulnerabilities. That's the reason that massive companies like Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq, trust Semmle's technology to keep their code secure.
Oege De Moor is the CEO and founder of Semmle. I invited him onto today's daily tech podcast to talk about how they believe that security is a shared responsibility, a problem that we all need to solve together, with developers, security researchers and the community at large.
I learn how Semmle enables this collaboration by providing technology that helps automate variant analysis: the process of finding all instances of a coding mistake that caused a security incident. They treat the source code itself as a database, and deep semantic analyses can be expressed as simple queries.
This helps bridge the divide between developers and security teams, because now security teams can share their knowledge with every developer, in the form of automated queries, that can applied near time zero in every pull request. Developers love the results because they’re accurate and relevant. The same sharing happens at a larger scale in the community: security teams contribute back their queries to an open source repository curated by Semmle, so best practices are shared.
View all episodes
By Neil C. Hughes
5
197197 ratings
Today, developers and security teams are at odds. Developers are under the gun to publish code quickly, which could result in sloppy coding errors and could also mean security teams don’t have enough time to review code for vulnerabilities.
Software underpins the world’s most commonly used technology. Windows contains tens of millions of lines of code. The software powering BMW cars includes some 100 million lines. Google’s empire of internet services -- from Google Search and Chrome to Gmail and Maps -- includes about2 billion. But it only takes a single coding error or bug to expose every user.
This is where Semmle comes in. Semmle allows developers to find vulnerabilities across a company’s entire codebase -- no matter the programming language -- in minutes instead of days. Before Semmle, this wasn’t technically possible. Semmle also allows developers to find variants of a known vulnerability across an entire codebase using deep semantic search. This was also not technologically possible before Semmle.
Their technology is like a Google for vulnerabilities. That's the reason that massive companies like Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq, trust Semmle's technology to keep their code secure.
Oege De Moor is the CEO and founder of Semmle. I invited him onto today's daily tech podcast to talk about how they believe that security is a shared responsibility, a problem that we all need to solve together, with developers, security researchers and the community at large.
I learn how Semmle enables this collaboration by providing technology that helps automate variant analysis: the process of finding all instances of a coding mistake that caused a security incident. They treat the source code itself as a database, and deep semantic analyses can be expressed as simple queries.
This helps bridge the divide between developers and security teams, because now security teams can share their knowledge with every developer, in the form of automated queries, that can applied near time zero in every pull request. Developers love the results because they’re accurate and relevant. The same sharing happens at a larger scale in the community: security teams contribute back their queries to an open source repository curated by Semmle, so best practices are shared.
More shows like Tech Talks Daily
View all
HBR IdeaCast
177 Listeners
a16z Podcast
1,040 Listeners
The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch
519 Listeners
Software Engineering Daily
621 Listeners
The Official SaaStr Podcast: SaaS | Founders | Investors
175 Listeners
The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)
441 Listeners
Fintech Insider Podcast by 11:FS
186 Listeners
Gartner ThinkCast
112 Listeners
Super Data Science: ML & AI Podcast with Jon Krohn
298 Listeners
NVIDIA AI Podcast
331 Listeners
DataFramed
267 Listeners
Practical AI
192 Listeners
Big Technology Podcast
454 Listeners
Business Breakdowns
353 Listeners
The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis
491 Listeners