freshidea - stock.adobe.com
Belgian startup makes a game of creating secure software code
A global tech startup has placed its research and development centre in Belgium, taking advantage of regional financial support as well as cooperations with local educational organisations
A startup that has its tech development heart in Belgium is helping developers in the banking sector produce secure code through a platform that uses gamification technology.
Secure Code Warrior was founded three years ago by CEO Pieter Danhieux and chief technology officer Matias Madou. It is currently helping banks reduce security vulnerabilities in code.
Danhieux and Madou knew each other from university, but their roads separated when one moved to the US and the other to Australia.
When they met again three years ago at a trade fair, they decided to merge the IT companies they had developed separately.
“We have been building our platform for over a year,” said Madou. “We did so in close cooperation with a number of banks in Australia, which were our launching customers.
“In 2016, we brought our product to the market, and with the venture capital we have now picked up, we can realise international growth quickly.”
Innovation in Bruges
The company now has four operations: London, Sydney and Boston, with its research and development centre in Flemish Bruges. “Part of the capital injection flows to the research and development centre, and we actively cooperate with academies and universities in Belgium,” said Madou. “Our training platform and real-time guidance are developed there.”
The company has also been able to obtain subsidies from the national innovation centre in Belgium (VLAIO), supported by the government.
Gamification and coach
The platform offers gamification, in which tournaments are used to increase the security awareness amongst developers.
Through training modules, developers can build their skills, as well as receive a certification that establishes they have followed the training through and passed the exams.
Read more about securing code
- Increased adoption of open source code is introducing vulnerabilities into commercial software.
- Tools that integrate secure coding practices into the IDE promise to improve software security, even if the app in question isn't secure by design.
- While you can't entirely avoid the security risks of low-code and no-code platforms, you can mitigate them.
“The next step is a tool on our SaaS-platform that coaches the developer when writing secure code,” said Madou.
“The moment a mistake is made or a developer makes an unsafe choice, this tool points it out and tries to help the developer with the right choices to build secure software.”
Focus on banks, tech companies and telcos
For the time being, Secure Code Warrior focuses on the banking sector. In addition, technology companies and telcos are important focus markets. “Banks are actually software companies with a banking license nowadays, which is why they benefit from our platform,” he said.
ING has been a customer in the Netherlands for over two years and other Dutch banks also use Secure Code Warrior.
“We notice that [innovative banks] like ING are open to gamification and agile working, but as far as the adoption of this type of new business is concerned, they are slower than tech companies, for example,” said Madou. “That is why we are now focusing more on the banks in Europe.”
Developers become superheroes
When a developer has passed his first exam on the platform, he is a “level 1 secure code warrior”.
“Security is not by default a popular aspect in software development,” he said. “Many developers regard it as something that runs in the background and they are not very comfortable with it.
“We want to create a kind of superhero image. When you take part in training, tournaments and hackathons, you become a warrior: someone who defends cyber space.”
Danhieux said: “This also fits with the gamification aspect of the platform. There is always a bit of a negative atmosphere around security and we want to approach it from the positive side.
“We do not want to turn developers into hackers, but we want to make them defenders by teaching them how to write secure code. This way, they can become a “warrior” that knows what can go wrong on the internet and how he can protect his applications against it.”
Seamless integration with IDEs
The Secure Code Warrior platform works seamlessly with commonly used integrated development environments (IDEs) and the training supports 17 programming languages, including very old ones such as Cobol, but also new, mobile languages such as Kotlin.
Most IDEs already have debuggers and automatic replenishment. Nevertheless, the Secure Code Warrior platform works differently.
“Most IDEs do indeed have a number of guidelines, but they often focus more on quality and performance,” he said. “We focus very specifically on security. The developer is guided in writing secure code.”
In the future, the coaching tool may be extended to different programming languages, but “since many financial institutions work with .Net and Java, that is now our primary focus”.
This focus also has to do with the legacy software that can still be found in the market. But innovation and continuous development are high on the agenda of the Belgian entrepreneurs, which is why they also look at mobile languages such as Swift and Kotlin.
“When they become standardised, we want to be ready immediately,” said Danhieux. “That is why we are currently doing a lot of research in-house into new developments, such as the internet of things and how our platform can contribute to this. We want to be ready for the future at all times.”
Sufficient attention is currently being paid to security in the boardroom of banks, tech companies and telcos, said Madou.
“Recent data breaches have made it clear how important secure software is,” he said. “Board members are shocked when they realise the leaks are caused by errors in software that was written twenty years ago.
“That is why we see many boards now focusing on developing safe software: security by design. The pressure on these three sectors to deliver safe applications will only increase.”
Moreover, the relevance has increased with the new European regulations, the GDPR.
Word of mouth
The entrepreneurs do not yet need to actively advertise their company and platform. Madou said: “We now have 60,000 developers on our platform and we notice these are almost all ambassadors. They appreciate the gamification, the learning aspect and the certifications.”
He said that as developers change jobs they often take enthusiasm for the platform to their new employer. “Companies are always looking for how they can guide a large team of developers in writing safe code with few people and resources, but they also want a tool that is actually used by developers. And what better tool than one that is suggested by a developer himself? Yes, word-of-mouth advertising is a strong growth factor for our company.”
Still, there is work to be done. “There are 22 million developers in the world, of which there are now 60,000 on our platform. So we are absolutely not there yet,” said Madou.