Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/21/2018
08:01 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

Google, Microsoft, NASA and Nasdaq use Semmle's software engineering analytics to secure the software that runs the world

SAN FRANCISCO, August 21, 2018 — Semmle, a software engineering analytics platform, is launching globally today alongside the announcement of its $21 million Series B, led by Accel Partners, and with participation from Work-Bench. Developers and IT leaders at Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq trust Semmle to help them create more secure and reliable code without slowing down. The investment, which brings Semmle’s total funding to $31 million, will be used to accelerate its go-to-market efforts serving large technology and financial services companies around the world. As part of the investment, Accel’s Ping Li and Vas Natarajan will join the board of directors.

Building and securing modern software applications and operating systems has become exponentially more expensive and complex to manage. Windows contains tens of millions of lines of code; the software in connected cars includes approximately 100 million lines; and Google’s portfolio of internet services includes about two billion lines. Today, it’s difficult for CIOs and engineers to trust that their code is secure and reliable, and even harder to have a view into who is working on what or where problems exist in the development pipeline. Critical vulnerabilities and 0-days that can expose their customers’ data and do irreparable damage to their brand -- like the Semmle-discovered Apache Struts vulnerability, similar to the one that led to the Equifax breach -- are often imperceptible.

Semmle solves the intractable problem of making code semantically searchable by taking a unique approach that combined two distinct and seemingly incompatible disciplines — object-oriented programming and database logic.  

“The greatest scientific and technological breakthroughs throughout history resulted from combining different disciplines, such as the use of computer science and biology to sequence the human genome,” said Dr. Oege de Moor, CEO of Semmle. “We built Semmle on this same principle, bringing together our 100+ patents in database technology and programming to enable deep semantic code search. With Semmle, CIOs, developers and security researchers can finally answer previously unanswerable questions about their code to find coding mistakes and 0-days that would otherwise be invisible.”

Software Engineering Analytics that Developers Love and CIOs Trust

Semmle’s LGTM analytics platform combines deep semantic code search and data science insights from its community of 500,000 developers to help them better understand their code, engineering processes and people. LGTM stands for, “Looks Good to Me,” a term commonly used by developers to sign off on each other’s work. LGTM is powered by QL, a query engine that lets developers and security researchers turn their source code into searchable relational data in order to spot critical errors and variants virtually impossible to find any other way. The platform also uses AI techniques to present actionable recommendations for improvement to developers and managers, building on the data from the user community.

“My team needs to take advantage of the best tools available to keep Google Ads running and avoid exposing this critical system to risk,” said Google VP of Engineering and Semmle customer Asim Husain. “With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down. Semmle is the only solution that can do this and plays an important role in our engineering and security strategy.”

CIOs and development managers also use LGTM’s analytics to see how their engineering teams and individual developers are performing, and can benchmark the vulnerabilities in their code bases against other projects.

Backed by 10 years of development, 100+ Patents and 30+ PhDs

Semmle was co-founded by De Moor, a distinguished computer scientist and 20+ year Oxford professor, and his former PhD students, Pavel Avgustinov and Julian Tibble. Together, they've built a team of more than 60 cross-functional experts: computer scientists, biochemists, astrophysicists, clinical scientists and mathematicians, more than half of whom hold PhDs. The Semmle team spent 10 years researching and creating the solution that is now the QL engine behind Semmle’s LGTM platform; they now hold 82 technology patents, with an additional 25 patents pending.

“The stakes have never been higher for securing the world’s software,” said Accel’s Ping Li. “By making code searchable in a database, Semmle is redefining what’s possible in terms of fidelity of the analysis. It’s why Semmle is already trusted by the most innovative and valuable organizations in the world like Google and Microsoft.”

To learn more about Semmle, please visit https://www.semmle.com.

About Semmle

Semmle secures the software that runs the world with analytics developers love and CIOs trust. Software engineering and security teams at Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq depend on the Semmle analytics platform to create more reliable and trustworthy code without slowing down. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Copenhagen, New York City, Oxford, Seattle and Valencia, Spain. For more information, visit https://www.semmle.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
markgrogan
50%
50%
markgrogan,
User Rank: Apprentice
11/28/2018 | 5:16:43 AM
When several industry
When several industry giants all come forward to make use of a platform that they deem as appropriate, we all know for sure that there is no doubting it. This is just what they need to emerge together as one united service provider for the greater good of consumerism. They can most definitely label the software as the one outlet to rule the world because that is basically what it actually does.
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17513
PUBLISHED: 2019-10-18
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .