Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/21/2018
08:01 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

Google, Microsoft, NASA and Nasdaq use Semmle's software engineering analytics to secure the software that runs the world

SAN FRANCISCO, August 21, 2018 — Semmle, a software engineering analytics platform, is launching globally today alongside the announcement of its $21 million Series B, led by Accel Partners, and with participation from Work-Bench. Developers and IT leaders at Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq trust Semmle to help them create more secure and reliable code without slowing down. The investment, which brings Semmle’s total funding to $31 million, will be used to accelerate its go-to-market efforts serving large technology and financial services companies around the world. As part of the investment, Accel’s Ping Li and Vas Natarajan will join the board of directors.

Building and securing modern software applications and operating systems has become exponentially more expensive and complex to manage. Windows contains tens of millions of lines of code; the software in connected cars includes approximately 100 million lines; and Google’s portfolio of internet services includes about two billion lines. Today, it’s difficult for CIOs and engineers to trust that their code is secure and reliable, and even harder to have a view into who is working on what or where problems exist in the development pipeline. Critical vulnerabilities and 0-days that can expose their customers’ data and do irreparable damage to their brand -- like the Semmle-discovered Apache Struts vulnerability, similar to the one that led to the Equifax breach -- are often imperceptible.

Semmle solves the intractable problem of making code semantically searchable by taking a unique approach that combined two distinct and seemingly incompatible disciplines — object-oriented programming and database logic.  

“The greatest scientific and technological breakthroughs throughout history resulted from combining different disciplines, such as the use of computer science and biology to sequence the human genome,” said Dr. Oege de Moor, CEO of Semmle. “We built Semmle on this same principle, bringing together our 100+ patents in database technology and programming to enable deep semantic code search. With Semmle, CIOs, developers and security researchers can finally answer previously unanswerable questions about their code to find coding mistakes and 0-days that would otherwise be invisible.”

Software Engineering Analytics that Developers Love and CIOs Trust

Semmle’s LGTM analytics platform combines deep semantic code search and data science insights from its community of 500,000 developers to help them better understand their code, engineering processes and people. LGTM stands for, “Looks Good to Me,” a term commonly used by developers to sign off on each other’s work. LGTM is powered by QL, a query engine that lets developers and security researchers turn their source code into searchable relational data in order to spot critical errors and variants virtually impossible to find any other way. The platform also uses AI techniques to present actionable recommendations for improvement to developers and managers, building on the data from the user community.

“My team needs to take advantage of the best tools available to keep Google Ads running and avoid exposing this critical system to risk,” said Google VP of Engineering and Semmle customer Asim Husain. “With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down. Semmle is the only solution that can do this and plays an important role in our engineering and security strategy.”

CIOs and development managers also use LGTM’s analytics to see how their engineering teams and individual developers are performing, and can benchmark the vulnerabilities in their code bases against other projects.

Backed by 10 years of development, 100+ Patents and 30+ PhDs

Semmle was co-founded by De Moor, a distinguished computer scientist and 20+ year Oxford professor, and his former PhD students, Pavel Avgustinov and Julian Tibble. Together, they've built a team of more than 60 cross-functional experts: computer scientists, biochemists, astrophysicists, clinical scientists and mathematicians, more than half of whom hold PhDs. The Semmle team spent 10 years researching and creating the solution that is now the QL engine behind Semmle’s LGTM platform; they now hold 82 technology patents, with an additional 25 patents pending.

“The stakes have never been higher for securing the world’s software,” said Accel’s Ping Li. “By making code searchable in a database, Semmle is redefining what’s possible in terms of fidelity of the analysis. It’s why Semmle is already trusted by the most innovative and valuable organizations in the world like Google and Microsoft.”

To learn more about Semmle, please visit https://www.semmle.com.

About Semmle

Semmle secures the software that runs the world with analytics developers love and CIOs trust. Software engineering and security teams at Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq depend on the Semmle analytics platform to create more reliable and trustworthy code without slowing down. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Copenhagen, New York City, Oxford, Seattle and Valencia, Spain. For more information, visit https://www.semmle.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
markgrogan
50%
50%
markgrogan,
User Rank: Apprentice
11/28/2018 | 5:16:43 AM
When several industry
When several industry giants all come forward to make use of a platform that they deem as appropriate, we all know for sure that there is no doubting it. This is just what they need to emerge together as one united service provider for the greater good of consumerism. They can most definitely label the software as the one outlet to rule the world because that is basically what it actually does.
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0234
PUBLISHED: 2019-07-15
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of ...
CVE-2018-7838
PUBLISHED: 2019-07-15
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP C...
CVE-2019-6822
PUBLISHED: 2019-07-15
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6823
PUBLISHED: 2019-07-15
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6824
PUBLISHED: 2019-07-15
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.