With an open source tool for proofreading code, the startup r2c is attempting to make securing software a more simple process. r2c’s tool, Semgrep, parses lines of code to check for thousands of potential bugs and vulnerabilities, similar to how Grammarly discovers grammatical errors or possibilities for improvement in essays and emails.
Semgrep is built around a database of over 1,500 pre-written criteria that security professionals can use in their code scans. If they don’t find one they like, they may create their own using r2c’s user-friendly interface and store it in the database for others to use.
r2c has created a network of security specialists who can share ideas and brainstorm solutions to the current dangers, in addition to making the process of implementing coding standards easier. That support ecosystem has proven critical in an industry that is fast evolving, with security professionals waking up on any given morning to learn about new vulnerabilities exposed by hackers at some of the world’s largest internet businesses.
The unpleasant reality of the software security industry is that attacking a system is far easier than safeguarding it. Hackers just need to identify one flaw to succeed, whereas software developers must secure their code from all types of attacks.
Because of the imbalance, when a single programmer creates a popular software unintentionally, it quickly becomes a vulnerable fish in a sea of dangers. Software security teams exist at larger firms, but they’ve earned a reputation among developers for holding down deployments as they methodically review lines of code to protect against assaults.
