Symbiotic Security helps developers find bugs as they code

Date:

Share post:


Symbiotic Security, which is announcing a $3 million seed round today, watches over developers as they code and points out potential security issues in real time. Other companies do this, but Symbiotic also emphasizes the next step: teaching developers to avoid these bugs in the first place.

Ideally, this means developers will fix security bugs before they ever get into a code repository, which in turn should also speed up the overall development process. And since the developers get to learn on the job and in the environment they are already working in, they are far more likely to correctly implement the required changes. That’s more effective than making them sit through an annual security training in SuccessFactors.

The company, which launched earlier this year, released its MVP about a month ago, with a focus on infrastructure-as-code languages like Terraform. As Symbiotic co-founder and CEO Jerome Robert told me, the company did this to get an MVP out of the door and prove out its vision. Over time, the team plans to expand to the rest of the application stack and support languages like Python and JavaScript.

Image Credits:Symbiotic Security

Robert noted that even the most developer-friendly security tools are still, at their core, tools for the security teams. “They are enabling the security teams to be better cops. They’re not tools that make the developers the good guys,” he said. “They are tools that allow security teams to send hundreds of messages all week long, saying, ‘You’ve made a mistake. You need to fix it.’”

Meanwhile, the developer constantly has to choose between fixing security issues and developing new features.

The idea behind Symbiotic Security is to nudge developers in the right direction, similar to the code completion tools they are already familiar with. Symbiotic, ideally, can help developers fix bugs in the inner loop, while they are still coding, and long before the continuous integration and delivery platforms start scanning the code for issues. Once that happens, the process slows down immediately, with Jira tickets and additional code review processes taking over.

symbiotic 2
Image Credits:Symbiotic Security

This is also where Symbiotic goes a step further. “It would not be sufficient to just allow them to fix [the issues] and to detect it,” Robert explained. “We also need to train them on security — and developers love to train; it’s an absolute, 100% certain thing. However, security trainings are painful.”

For the developers, Robert argues that doing the training on the spot is something they can relate to. It’s focused on their immediate needs and not something that is abstract — and at just a few minutes, it’s short.

Right now, those training lessons and videos are prerecorded, but over time, they could become more AI-driven, which would allow Symbiotic to make them even more relevant to the specific issues the developer is working on.

There’s also another interesting twist here. To best train a model to automatically fix security issues, you need a corpus of code with security bugs and the fixed versions of those code snippets. Because Symbiotic is seeing the issue and then telling the developer how to fix it, it could ideally create a high-quality dataset for building a remediation model. For now, that’s a long-term project, though.

Symbiotic is backed by the likes of Lerer Hippeau, Axeleo Capital, and Factorial Capital. “Jerome and co-founder Edouard Viot have a deep understanding of the problems underlying traditional code security and demonstrated remarkable foresight with their approach to addressing the growing demand for shift-left security solutions,” said Graham Brown, managing partner, Lerer Hippeau. “Symbiotic has the potential to transform the industry, empowering developers and security teams alike.”



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

‘Surreal Elderhood’ using OpenAI’s text-to-video model, Sora

Katsukokoiso.AI is a project from professional photographer Eugenio Marongiu, an alpha tester on OpenAI’s text-to-video model Sora....

HuggingFace CEO has concerns about Chinese open source AI models

China’s open source AI models have been making the news lately for their strong performance on various...

The abject weirdness of AI ads

“I’m trying to find holiday gifts for my sisters. I open a bunch of tabs, I want...

ServiceTitan’s IPO keeps getting weirder

On Tuesday, cloud business software provider ServiceTitan offered a price range for its initial public stock of...

SpaceX mulls tender offer at $350B valuation

SpaceX’s valuation continues to rise at an eye-popping pace, with the company reportedly in talks to sell...

Biden administration races to approve clean energy loans before Trump takes over — here’s who is benefiting

The Department of Energy (DOE) appears to be on a loan-approval spree in the lead-up to President-Elect...

Brian Singerman to take a step back from Founders Fund 

Today longtime Founders Fund partner Brian Singerman announced on X he would be taking a step back....

Why does the name ‘David Mayer’ crash ChatGPT? OpenAI says privacy tool went rogue

Users of the conversational AI platform ChatGPT discovered an interesting phenomenon over the weekend: the popular chatbot...