A significant capital-raising has positioned Australian secure-coding success story Secure Code Warrior to continue its growth trajectory as it seeks to further strengthen its global brand.
Founded by Belgian entrepreneurs Pieter Danhieux and Matias Madou, Secure Code Warrior delivers a suite of software-development tools that integrate security best-practices from the beginning, offer gamified training to help developers move both nimbly and securely, and can automatically spot and correct code-security errors while code is being written.
The company’s goal is to help customers build secure code from the start rather than having to review and retrofit security during or after development – reflecting a different approach to the majority of a security industry that, Danhieux said, “is wastefully focused on finding and fixing vulnerabilities rather than preventing them.”
Secure Code Warrior’s approach has resonated with a customer base that now includes Australia’s six largest banks, 16 of the global top 100 banks, and a range of telecommunications, technology, retail, and airline customers.
Having secured an additional $US3.5m ($A4.9m) in venture-capital funding – with Sydney-based AirTree Ventures and US-based Paladin Capital Group chipping in – the company plans to both further expand its presence in the massive US market, and reinforce its innovation through engineering sites in Belgium and Australia.
The use of gamification for security training has long been used informally within the security community, but Danhieux said that its use as the basis for a new platform came when the founders “realised we need to make security inspiring for software developers.”
“I realised that gamification and a hands-on approach were two really powerful factors to achieve that,” he explained. “Gamification is used extensively in skill development and behaviour change: Microsoft used it for sales training, schools use it to teach maths, fitness apps use it to motivate people.”
Development teams have enthusiastically embraced agile software development, but many have struggled to do so securely – particularly as growing reuse of code and open-source components promulgates security bugs throughout code.
This has left companies exposed as even minor security issues compromise the necessary security of the code they are producing. And while efforts to formalise security practices have driven the rise of DevSecOps methodologies, software-automation firm Puppet’s recent State of DevOps 2018 report found that progress is proving much harder than executives believe.
Fully 64 percent of C-suite respondents in the survey said that security teams are involved in the design and deployment of their company’s technology – compared with just 39 percent of actual developers.
This disconnect reflects the chronic problems with building and maintaining a culture of secure development – and that’s a gap into which Secure Code Warrior is continuing to fit itself with strong success.
“Our product roadmap will continue to innovate our platform to empower developers to be the first line of cyber-defense in their organisations by making security highly visible to them,” Danhieux said, “and providing developers with the skills and tools to write secure code from the beginning.”