Tech Talks Daily

784: Semmle - The New Method of Code Analysis


Listen Later

Today, developers and security teams are at odds. Developers are under the gun to publish code quickly, which could result in sloppy coding errors and could also mean security teams don’t have enough time to review code for vulnerabilities.

Software underpins the world’s most commonly used technology. Windows contains tens of millions of lines of code. The software powering BMW cars includes some 100 million lines. Google’s empire of internet services -- from Google Search and Chrome to Gmail and Maps -- includes about2 billion. But it only takes a single coding error or bug to expose every user.

This is where Semmle comes in. Semmle allows developers to find vulnerabilities across a company’s entire codebase -- no matter the programming language -- in minutes instead of days. Before Semmle, this wasn’t technically possible. Semmle also allows developers to find variants of a known vulnerability across an entire codebase using deep semantic search. This was also not technologically possible before Semmle.

Their technology is like a Google for vulnerabilities. That's the reason that massive companies like Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq, trust Semmle's technology to keep their code secure.

Oege De Moor is the CEO and founder of Semmle. I invited him onto today's daily tech podcast to talk about how they believe that security is a shared responsibility, a problem that we all need to solve together, with developers, security researchers and the community at large.

I learn how Semmle enables this collaboration by providing technology that helps automate variant analysis: the process of finding all instances of a coding mistake that caused a security incident. They treat the source code itself as a database, and deep semantic analyses can be expressed as simple queries.

This helps bridge the divide between developers and security teams, because now security teams can share their knowledge with every developer, in the form of automated queries, that can applied near time zero in every pull request. Developers love the results because they’re accurate and relevant. The same sharing happens at a larger scale in the community: security teams contribute back their queries to an open source repository curated by Semmle, so best practices are shared.

...more
View all episodesView all episodes
Download on the App Store

Tech Talks DailyBy Neil C. Hughes

  • 5
  • 5
  • 5
  • 5
  • 5

5

197 ratings


More shows like Tech Talks Daily

View all
HBR IdeaCast by Harvard Business Review

HBR IdeaCast

177 Listeners

a16z Podcast by Andreessen Horowitz

a16z Podcast

1,040 Listeners

The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch by Harry Stebbings

The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch

519 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

621 Listeners

The Official SaaStr Podcast: SaaS | Founders | Investors by SaaStr

The Official SaaStr Podcast: SaaS | Founders | Investors

175 Listeners

The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

441 Listeners

Fintech Insider Podcast by 11:FS by 11:FS

Fintech Insider Podcast by 11:FS

186 Listeners

Gartner ThinkCast by Gartner

Gartner ThinkCast

112 Listeners

Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

Super Data Science: ML & AI Podcast with Jon Krohn

298 Listeners

NVIDIA AI Podcast by NVIDIA

NVIDIA AI Podcast

331 Listeners

DataFramed by DataCamp

DataFramed

267 Listeners

Practical AI by Practical AI LLC

Practical AI

192 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

454 Listeners

Business Breakdowns by Colossus | Investing & Business Podcasts

Business Breakdowns

353 Listeners

The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis by Nathaniel Whittemore

The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis

491 Listeners