Security – Software Engineering Daily

[https://i1.wp.com/softwareengineeringdaily.com/wp-content/uploads/2021/02/IsaacEvans.jpeg?resize=175%2C175&ssl=1] Static analysis is a type of debugging that identifies defects without running the code. Static analysis tools can be especially useful for enforcing security policies by analyzing code for security vulnerabilities early in the development process, allowing teams to rapidly address potential issues and conform to best practices. R2C has developed a fast, open-source static analysis tool called Semgrep. Semgrep provides syntax-aware code scanning and a database of thousands of community-defined rules to compare your code against. Semgrep also makes it easy for security engineers and developers to define custom rules to enforce their organization’s policies. R2C’s platform has been adopted by industry leaders such as Dropbox and Snowflake, and recently received the “Disruptive Innovator” distinction at Forbes’ 2020 Cybersecurity Awards. Isaac Evans is the Founder and CEO of R2C. Before founding R2C he was an Entrepreneur in Residence at Redpoint Ventures and a computer scientist at the US Department of Defense. Isaac joins the show today to talk about how R2C is helping teams improve their cloud security, why static analysis is a natural fit for CI/CD workflows, and what to expect from R2C and the Semgrep project in the future. Sponsorship inquiries:sponsor@softwareengineeringdaily.com [sponsor@softwareengineeringdaily.com] The post Semgrep: Modern Static Analysis with Isaac Evans [https://softwareengineeringdaily.com/2021/02/26/semgrep-modern-static-analysis-with-isaac-evans/] appeared first on Software Engineering Daily [https://softwareengineeringdaily.com].

[https://i1.wp.com/softwareengineeringdaily.com/wp-content/uploads/2021/01/YasyfMohamedali.jpeg?resize=175%2C175&ssl=1] Security is more important than ever, especially in regulated fields such as healthcare and financial services. Developers working in highly regulated industries often spend considerable time building tooling to help improve compliance and pass security audits. While the core of many security workflows is similar, each industry and each organization may have its own idiosyncratic needs or particular regulatory requirements to meet. Sym is a platform for building security workflows that seeks to build on those core similarities while empowering developers with the tools they need to meet their application’s unique security and compliance needs. Sym believes in putting engineers in control of security, in the same way that DevOps put engineers in control of infrastructure. Yasyf Mohamedali is the CEO and co-founder of SymOps. Before SymOps, he was the CTO of Karuna Health. He joins the show today to talk about security and innovation in regulated industries and how Sym can help developers close the intent-to-implementation gap in application security. Sponsorship inquiries:sponsor@softwareengineeringdaily.com [sponsor@softwareengineeringdaily.com] The post Sym: Security Workflows with Yasyf Mohamedali [https://softwareengineeringdaily.com/2021/01/28/sym-security-workflows-with-yasyf-mohamedali/] appeared first on Software Engineering Daily [https://softwareengineeringdaily.com].

[https://i1.wp.com/softwareengineeringdaily.com/wp-content/uploads/2021/01/HDMoore.jpg?resize=175%2C175&ssl=1] Network discovery allows enterprises to identify what devices are on their network. These devices can include smartphones, servers, desktop computers, and tablets. Being able to index the devices on a network is crucial to figuring out the security profile of that network. HD Moore is a founder of Rumble Networks, a company focused on network discovery and asset inventory. He joins the show to talk about how network discovery works and his experience building Rumble. Sponsorship inquiries:sponsor@softwareengineeringdaily.com [sponsor@softwareengineeringdaily.com] The post Network Discovery with HD Moore [https://softwareengineeringdaily.com/2021/01/14/network-discovery-with-hd-moore/] appeared first on Software Engineering Daily [https://softwareengineeringdaily.com].

[https://i1.wp.com/softwareengineeringdaily.com/wp-content/uploads/2020/12/GaneshPai.jpeg?resize=175%2C175&ssl=1] Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs. Sponsorship inquiries:sponsor@softwareengineeringdaily.com [sponsor@softwareengineeringdaily.com] The post Osquery with Ganesh Pai [https://softwareengineeringdaily.com/2020/12/04/osquery-with-ganesh-pai/] appeared first on Software Engineering Daily [https://softwareengineeringdaily.com].

Anduril is a technology defense company with a focus on drones, computer vision, and other problems related to national security. It is a full-stack company that builds its own hardware and software, which leads to a great many interesting questions about cloud services, engineering workflows, and management. Gokul Subramanian is an engineer at Anduril, and