Analytics

8/21/2018
08:01 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

Google, Microsoft, NASA and Nasdaq use Semmle's software engineering analytics to secure the software that runs the world

SAN FRANCISCO, August 21, 2018 — Semmle, a software engineering analytics platform, is launching globally today alongside the announcement of its $21 million Series B, led by Accel Partners, and with participation from Work-Bench. Developers and IT leaders at Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq trust Semmle to help them create more secure and reliable code without slowing down. The investment, which brings Semmle’s total funding to $31 million, will be used to accelerate its go-to-market efforts serving large technology and financial services companies around the world. As part of the investment, Accel’s Ping Li and Vas Natarajan will join the board of directors.

Building and securing modern software applications and operating systems has become exponentially more expensive and complex to manage. Windows contains tens of millions of lines of code; the software in connected cars includes approximately 100 million lines; and Google’s portfolio of internet services includes about two billion lines. Today, it’s difficult for CIOs and engineers to trust that their code is secure and reliable, and even harder to have a view into who is working on what or where problems exist in the development pipeline. Critical vulnerabilities and 0-days that can expose their customers’ data and do irreparable damage to their brand -- like the Semmle-discovered Apache Struts vulnerability, similar to the one that led to the Equifax breach -- are often imperceptible.

Semmle solves the intractable problem of making code semantically searchable by taking a unique approach that combined two distinct and seemingly incompatible disciplines — object-oriented programming and database logic.  

“The greatest scientific and technological breakthroughs throughout history resulted from combining different disciplines, such as the use of computer science and biology to sequence the human genome,” said Dr. Oege de Moor, CEO of Semmle. “We built Semmle on this same principle, bringing together our 100+ patents in database technology and programming to enable deep semantic code search. With Semmle, CIOs, developers and security researchers can finally answer previously unanswerable questions about their code to find coding mistakes and 0-days that would otherwise be invisible.”

Software Engineering Analytics that Developers Love and CIOs Trust

Semmle’s LGTM analytics platform combines deep semantic code search and data science insights from its community of 500,000 developers to help them better understand their code, engineering processes and people. LGTM stands for, “Looks Good to Me,” a term commonly used by developers to sign off on each other’s work. LGTM is powered by QL, a query engine that lets developers and security researchers turn their source code into searchable relational data in order to spot critical errors and variants virtually impossible to find any other way. The platform also uses AI techniques to present actionable recommendations for improvement to developers and managers, building on the data from the user community.

“My team needs to take advantage of the best tools available to keep Google Ads running and avoid exposing this critical system to risk,” said Google VP of Engineering and Semmle customer Asim Husain. “With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down. Semmle is the only solution that can do this and plays an important role in our engineering and security strategy.”

CIOs and development managers also use LGTM’s analytics to see how their engineering teams and individual developers are performing, and can benchmark the vulnerabilities in their code bases against other projects.

Backed by 10 years of development, 100+ Patents and 30+ PhDs

Semmle was co-founded by De Moor, a distinguished computer scientist and 20+ year Oxford professor, and his former PhD students, Pavel Avgustinov and Julian Tibble. Together, they've built a team of more than 60 cross-functional experts: computer scientists, biochemists, astrophysicists, clinical scientists and mathematicians, more than half of whom hold PhDs. The Semmle team spent 10 years researching and creating the solution that is now the QL engine behind Semmle’s LGTM platform; they now hold 82 technology patents, with an additional 25 patents pending.

“The stakes have never been higher for securing the world’s software,” said Accel’s Ping Li. “By making code searchable in a database, Semmle is redefining what’s possible in terms of fidelity of the analysis. It’s why Semmle is already trusted by the most innovative and valuable organizations in the world like Google and Microsoft.”

To learn more about Semmle, please visit https://www.semmle.com.

About Semmle

Semmle secures the software that runs the world with analytics developers love and CIOs trust. Software engineering and security teams at Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq depend on the Semmle analytics platform to create more reliable and trustworthy code without slowing down. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Copenhagen, New York City, Oxford, Seattle and Valencia, Spain. For more information, visit https://www.semmle.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVE-2018-17322
PUBLISHED: 2018-09-22
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVE-2018-14889
PUBLISHED: 2018-09-21
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2018-14890
PUBLISHED: 2018-09-21
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CVE-2018-14891
PUBLISHED: 2018-09-21
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.