Belgian startup makes a game of creating secure software code

Innovation in Bruges

The company now has four operations: London, Sydney and Boston, with its research and development centre in Flemish Bruges. “Part of the capital injection flows to the research and development centre, and we actively cooperate with academies and universities in Belgium,” said Madou. “Our training platform and real-time guidance are developed there.”

The company has also been able to obtain subsidies from the national innovation centre in Belgium (VLAIO), supported by the government.

Gamification and coach

The platform offers gamification, in which tournaments are used to increase the security awareness amongst developers.

Through training modules, developers can build their skills, as well as receive a certification that establishes they have followed the training through and passed the exams.

“The next step is a tool on our SaaS-platform that coaches the developer when writing secure code,” said Madou.

“The moment a mistake is made or a developer makes an unsafe choice, this tool points it out and tries to help the developer with the right choices to build secure software.”

Focus on banks, tech companies and telcos

For the time being, Secure Code Warrior focuses on the banking sector. In addition, technology companies and telcos are important focus markets. “Banks are actually software companies with a banking license nowadays, which is why they benefit from our platform,” he said.

ING has been a customer in the Netherlands for over two years and other Dutch banks also use Secure Code Warrior.

“We notice that [innovative banks] like ING are open to gamification and agile working, but as far as the adoption of this type of new business is concerned, they are slower than tech companies, for example,” said Madou. “That is why we are now focusing more on the banks in Europe.”

Developers become superheroes

When a developer has passed his first exam on the platform, he is a “level 1 secure code warrior”.

“Security is not by default a popular aspect in software development,” he said. “Many developers regard it as something that runs in the background and they are not very comfortable with it.

“We want to create a kind of superhero image. When you take part in training, tournaments and hackathons, you become a warrior: someone who defends cyber space.”

Danhieux said: “This also fits with the gamification aspect of the platform. There is always a bit of a negative atmosphere around security and we want to approach it from the positive side.

“We do not want to turn developers into hackers, but we want to make them defenders by teaching them how to write secure code. This way, they can become a “warrior” that knows what can go wrong on the internet and how he can protect his applications against it.”

Seamless integration with IDEs

The Secure Code Warrior platform works seamlessly with commonly used integrated development environments (IDEs) and the training supports 17 programming languages, including very old ones such as Cobol, but also new, mobile languages such as Kotlin.

Most IDEs already have debuggers and automatic replenishment. Nevertheless, the Secure Code Warrior platform works differently.

“Most IDEs do indeed have a number of guidelines, but they often focus more on quality and performance,” he said. “We focus very specifically on security. The developer is guided in writing secure code.”

In the future, the coaching tool may be extended to different programming languages, but “since many financial institutions work with .Net and Java, that is now our primary focus”.

Supporting legacy

This focus also has to do with the legacy software that can still be found in the market. But innovation and continuous development are high on the agenda of the Belgian entrepreneurs, which is why they also look at mobile languages such as Swift and Kotlin.

“When they become standardised, we want to be ready immediately,” said Danhieux. “That is why we are currently doing a lot of research in-house into new developments, such as the internet of things and how our platform can contribute to this. We want to be ready for the future at all times.”

Sufficient attention is currently being paid to security in the boardroom of banks, tech companies and telcos, said Madou.

“Recent data breaches have made it clear how important secure software is,” he said. “Board members are shocked when they realise the leaks are caused by errors in software that was written twenty years ago.

“That is why we see many boards now focusing on developing safe software: security by design. The pressure on these three sectors to deliver safe applications will only increase.”

Moreover, the relevance has increased with the new European regulations, the GDPR.

Word of mouth

The entrepreneurs do not yet need to actively advertise their company and platform. Madou said: “We now have 60,000 developers on our platform and we notice these are almost all ambassadors. They appreciate the gamification, the learning aspect and the certifications.”

He said that as developers change jobs they often take enthusiasm for the platform to their new employer. “Companies are always looking for how they can guide a large team of developers in writing safe code with few people and resources, but they also want a tool that is actually used by developers. And what better tool than one that is suggested by a developer himself? Yes, word-of-mouth advertising is a strong growth factor for our company.”

Still, there is work to be done. “There are 22 million developers in the world, of which there are now 60,000 on our platform. So we are absolutely not there yet,” said Madou.