Security Experts:

Code Analysis Firm Semmle Launches With $21 Million in Funding

Semmle, a company whose software engineering analytics platform is already used by several major companies, on Tuesday announced its global launch, along with a $21 million Series B funding round.

This funding round, led by Accel Partners with participation from Work-Bench, brings the total raised by the company to date to $31 million. The newly acquired funds will be used to accelerate Semmle’s go-to-market efforts serving large tech and financial services companies worldwide.

Semmle offers two products designed to help organizations find coding errors that can introduce critical vulnerabilities. One of the products, QL, is a software analytics engine that treats code as data so that it can be quickly and accurately analyzed by developers and security response teams.Semmle launches globally

“The same kinds of logical coding mistakes are made over and over again, sometimes repeatedly within a single project, and sometimes across the whole software ecosystem. These mistakes are the source of many of today’s critical software vulnerabilities,” Semmle explained on its website. “Using QL, you can codify such mistakes as queries, find logical variants of the same mistake elsewhere in the code, and prevent similar mistakes from being introduced in the future by automatically catching them before code gets merged.”

QL powers Semmle’s second product, LGTM, whose name stems from “Looks Good to Me,” which programmers use to express approval when reviewing software.

LGTM is a software engineering analytics platform that combines deep semantic code search and data science insights from a community of hundreds of thousands of developers. The platform, which Semmle claims is easy to integrate into the developer workflow, provides feedback, coding recommendations, and benchmarking insights.

Semmle’s platform has already been used in the past years by Microsoft, Google, Capital One, Credit Suisse, Nasdaq and NASA, which has helped the company perfect its product, said Oege de Moor, CEO and co-founder of Semmle.

The commercial product is now being made available to the rest of the world.

“On August 21, for the first time, any company can have access to our enterprise product and benefit from the work of leading technology companies like Google and Microsoft. Every customer benefits from the work that these security researchers report back to our vulnerability analysis repository — we are pioneering security as a public good,” de Moor told SecurityWeek.

“The LGTM community is our security research team, and this is one of the most powerful aspects of our platform. The leading companies using our tools have now made insights available to the rest of our customers, who might not have the resources or scale to invest in product security teams to hunt for vulnerabilities,” he added.

Semmle is the company that last year reported CVE-2017-9805, an Apache Struts vulnerability that ended up being exploited in the wild.

Related: Financial Services Has Most Code Vulnerabilities of All Industries

Related: Virsec Raises $24 Million in Series B Funding

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.