Q1. What exactly is clean code? What are some key aspects of clean code that contribute to better security?
Clean Code refers to all code that is fit for development and production. Clean Code is clear, consistent, structured, testable and tested, reliable and scalable, with minimal bugs and defects. It is code that is secure, robust, portable, and compliant to standards.
Security is an important attribute of Clean Code. The Sonar solution helps developers detect, understand, and remediate security vulnerabilities as they code. Secure or insecure code starts in development. Poorly written, unmaintained code is prone to larger security attack vectors.
With Sonar’s Clean Code solution:
- Results are provided instantly as code is being developed in the IDE and during the build and commit where the developer is reviewing Pull Requests in the DevOps platform of choice. This allows issues to be addressed before the code is merged.
- Issues raised are clearly explained in the context of the code being developed. This means the developer gets a clear understanding and guidance on the issue, why it is harmful, and how they can fix it immediately.
- Issues being addressed upfront eliminates the need for any elaborate or extra triaging from the security team.
- The analysis is fast and accurate with fewer false positives. Only issues that we know must be fixed immediately are raised as critical and high. These issues are release gating. Others that we aren't sure about because they require human review are raised in a different category as security hotspots. And the primary focus here is the current code (new or added) that is being developed.
Clean Code enables organizations to reduce risk as it leads to decreasing security breaches and application downtime. The Clean Code approach minimizes the number of issues that make it to the final stage of inspection, helping to prevent expensive post-production rework or prolonged feedback procedures. Adopting effective and straightforward Clean as You Code best practices can help manage the state of code including reducing risk related to vulnerabilities in code and extending the lifetime of business applications as a result.
Q2. SonarSource last year raised $412 million in a funding round that valued the company at nearly $5 billion. What's driving the investor interest in this market?
The cost of bad code is enormous, impacting all industries, all sizes of organizations, across all geographies. In 2022 alone, poor-quality software resulted in a $2.4 Trillion cost in just the US. This is why Clean Code is so critical — it creates tremendous business value at all levels of an organization by making software code a long-term asset.
SonarSource’s solution equips organizations to achieve a state of Clean Code. We help developers and the engineering teams do a better job delivering code and help them invest the time they spend actually writing new code, as opposed to debugging old code. Our solution enables these departments to raise their game and deliver better quality and more secure code, as well as give them back more time to innovate and solve organizational challenges.
Investors recognize this differentiation and how the Clean Code approach enables enterprises to streamline their business operations, with a high return on investment, both on developers' productivity and software risk management.
Whether its healthcare, finance, or retail, companies that prioritize their software technology have the competitive advantage and stand out as leaders in their industry. As technical debt continues to grow and the need for developers increases while the talent gap expands, the need for a Clean Code solution is clear. With SonarSource, developers can create secure, reliable and error-free code so they can focus on building new and innovative solutions for their customers and not become saddled with poor quality code.
Q3. What do you want customers at Black Hat Asia 2023 to know about SonarSource’s plans/strategy over the next few years.
Currently, over 7 million developers and 400,000 organizations are winning with Sonar’s Clean Code solution. Our goal is to serve every developer and development team globally, helping them deliver cleaner software that is better for the organizations and for the world.
Our fairly new regional headquarters in Singapore will allow us to build our business within the burgeoning APAC market. We already serve over 1,000 organizations commercially in APAC, including multi-billion-dollar companies such as Samsung, DBS, and Finastra, to government organizations including Australian Department of AWE and Inland Revenue Singapore, as well as smaller innovation powerhouses.
We are also looking at continuing to expand education and implementation of the Clean as You Code methodology. This approach enables developers and organizations to optimize the quality of their codebase by solely focusing on code that's added or changed. A simple yet powerful methodology, it progressively improves the overall quality of the entire codebase with minimal cost and effort.
When teams dedicate less time to addressing old issues or reworking newly created issues, they can accelerate new features, avoid unnecessary rework costs, and foster talent growth and retention. Enabling developers to use Clean Code practices as they code helps achieve these results. Developers can own the quality of their new code while simultaneously improving the existing code they touch in the process. As time passes, old issues get corrected without adding any new ones, all while work on new projects continues with forward momentum. This results in teams delivering what matters most to the business.