Sign up to save your podcasts
Or
Share 784: Semmle - The New Method of Code Analysis
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
784: Semmle - The New Method of Code Analysis
Today, developers and security teams are at odds. Developers are under the gun to publish code quickly, which could result in sloppy coding errors and could also mean security teams don’t have enough time to review code for vulnerabilities.
Software underpins the world’s most commonly used technology. Windows contains tens of millions of lines of code. The software powering BMW cars includes some 100 million lines. Google’s empire of internet services -- from Google Search and Chrome to Gmail and Maps -- includes about2 billion. But it only takes a single coding error or bug to expose every user.
This is where Semmle comes in. Semmle allows developers to find vulnerabilities across a company’s entire codebase -- no matter the programming language -- in minutes instead of days. Before Semmle, this wasn’t technically possible. Semmle also allows developers to find variants of a known vulnerability across an entire codebase using deep semantic search. This was also not technologically possible before Semmle.
Their technology is like a Google for vulnerabilities. That's the reason that massive companies like Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq, trust Semmle's technology to keep their code secure.
Oege De Moor is the CEO and founder of Semmle. I invited him onto today's daily tech podcast to talk about how they believe that security is a shared responsibility, a problem that we all need to solve together, with developers, security researchers and the community at large.
I learn how Semmle enables this collaboration by providing technology that helps automate variant analysis: the process of finding all instances of a coding mistake that caused a security incident. They treat the source code itself as a database, and deep semantic analyses can be expressed as simple queries.
This helps bridge the divide between developers and security teams, because now security teams can share their knowledge with every developer, in the form of automated queries, that can applied near time zero in every pull request. Developers love the results because they’re accurate and relevant. The same sharing happens at a larger scale in the community: security teams contribute back their queries to an open source repository curated by Semmle, so best practices are shared.
View all episodes
By Neil C. Hughes
5
200200 ratings
Today, developers and security teams are at odds. Developers are under the gun to publish code quickly, which could result in sloppy coding errors and could also mean security teams don’t have enough time to review code for vulnerabilities.
Software underpins the world’s most commonly used technology. Windows contains tens of millions of lines of code. The software powering BMW cars includes some 100 million lines. Google’s empire of internet services -- from Google Search and Chrome to Gmail and Maps -- includes about2 billion. But it only takes a single coding error or bug to expose every user.
This is where Semmle comes in. Semmle allows developers to find vulnerabilities across a company’s entire codebase -- no matter the programming language -- in minutes instead of days. Before Semmle, this wasn’t technically possible. Semmle also allows developers to find variants of a known vulnerability across an entire codebase using deep semantic search. This was also not technologically possible before Semmle.
Their technology is like a Google for vulnerabilities. That's the reason that massive companies like Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq, trust Semmle's technology to keep their code secure.
Oege De Moor is the CEO and founder of Semmle. I invited him onto today's daily tech podcast to talk about how they believe that security is a shared responsibility, a problem that we all need to solve together, with developers, security researchers and the community at large.
I learn how Semmle enables this collaboration by providing technology that helps automate variant analysis: the process of finding all instances of a coding mistake that caused a security incident. They treat the source code itself as a database, and deep semantic analyses can be expressed as simple queries.
This helps bridge the divide between developers and security teams, because now security teams can share their knowledge with every developer, in the form of automated queries, that can applied near time zero in every pull request. Developers love the results because they’re accurate and relevant. The same sharing happens at a larger scale in the community: security teams contribute back their queries to an open source repository curated by Semmle, so best practices are shared.
More shows like Tech Talks Daily
View all
This Week in Startups
1,286 Listeners
The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch
536 Listeners
WSJ Tech News Briefing
1,657 Listeners
The a16z Show
1,092 Listeners
Software Engineering Daily
625 Listeners
CyberWire Daily
1,027 Listeners
Super Data Science: ML & AI Podcast with Jon Krohn
302 Listeners
NVIDIA AI Podcast
345 Listeners
Y Combinator Startup Podcast
227 Listeners
Practical AI
200 Listeners
Big Technology Podcast
506 Listeners
Cybersecurity Headlines
138 Listeners
Business Breakdowns
353 Listeners
Bloomberg Tech
64 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
638 Listeners
Consulting the Future
1 Listeners
Startup Builders & Backers
0 Listeners
IT Infrastructure as a Conversation
0 Listeners
AI at Work
0 Listeners
The Business of Cybersecurity
0 Listeners
Business Technology Perspectives
0 Listeners
Conversations from the Show Floor
0 Listeners