20i Domains

‘Why isn’t there a tool that scans the open-source code?’

Discussion in 'Nominet General Information' started by Acorn Newsbot, Jan 20, 2020.

  1. Acorn Newsbot

    Acorn Newsbot Junior Member

    Joined:
    Jan 2006
    Posts:
    21,992
    Likes Received:
    36
    [​IMG]

    You don’t need to be a developer to recognise that software is prevalent wherever you look. Worryingly, much of it is “fuelled by vulnerable open-source code” that can, warns Jake Mimoni, of cyber security start-up 418sec, have serious consequences further down the line. “Vulnerabilities can be devastating – look at the Equifax data breach. That was a single piece of bad code that cost them US$1.4bn.”

    It is also tricky to spot, as Adam Nygate discovered during his work as a developer. On a project for the Cabinet Office, he found that the open source code being used was problematic but struggled to keep up with pace at which it was being downloaded. “It was so difficult. I kept thinking, why isn’t there a tool that scans all the code as you pull it in so that developers can just get on with their coding?”

    And now there is. Co-founders and long-time friends, Adam, Jake and Jamie Slome are currently on the CyLon cyber security start-up accelerator programme, of which Nominet is a sponsor, exploring the potential of their product, trustd.dev. This tool works to prevent problematic open-source code from entering an organisation, allowing both developers and risk owners to trust in the code they are using for their software.

    All in their mid-20s, the founders are bursting with enthusiasm for a business idea that draws on their individual strengths and the experience gathered since they left school. CEO Adam was a security specialist, CMO Jake has an accounting degree and worked in strategic marketing, while CTO Jamie used to be employed as a software engineer and undertook research for the European Commission – latterly on driverless cars. Their combined intelligence and technical skill are as fierce as their passion, supported by a clear symbiosis that enables them to work productively and happily together

    “It just doesn’t feel like a job at all,” says Jake “It’s such a lot of fun. And it helps that we know each other so well and we align in so many ways. Ultimately, we all have a high respect for logic, and if we can prove something is the most logical step, we take it without disagreement.”

    They were all, they admit, computer geeks at school – the boys who played video games rather than going to parties. It was the era when teachers were two steps behind the digital natives they taught, and Adam recalls creating a web messenger that subverted the school ban. “Within two days half the school was using it,” he says, “but eventually the teachers shut me down.” Jake, meanwhile, was testing his entrepreneurial prowess early, selling sweets at cheaper prices than the canteen. “That didn’t go down too well either,” he says.

    Yet despite their ease with computing and coding, they are no longer, they admit, the “stereotypical antisocial tech geeks”; all are gregarious and articulate, finding their previous experience in public speaking useful for their conversations with potential partners and clients, the latter now including John Lewis, BAE Systems Applied Intelligence and Global Savings Group. CyLon has given the trio a wealth of opportunities for building relationships and refining their product before they take it further, not to mention providing a confidence boost for them and the business idea.

    “I think we also needed the validation of getting accepted onto CyLon,” says Adam. “It was reassurance that we are on to something great. It’s been incredible, and every conversation has added so much value.” Adam is the level-headed one, and very risk adverse. “I do act on impulse, but it is always backed up by logic. It took us a long time to go full time on this as we had to be sure – two years.”

    The commitment has involved sacrifices, not least for Jake who had to pull out of his family business to focus on 418sec. “It has hurt, because it’s difficult to pull away from family ties and expectations, but it’s worth it for me because this really feels more like me,” he says.

    Adam adds: “For all of us, this business and product just feels right. That has made us confident that our efforts and any sacrifices we have made are going to be worth it. Embarking on this journey with a great proposition, accompanied by my two best friends, is just a dream really. I’m excited to see what’s ahead.”

    Read more about Nominet’s involvement with CyLon.

    The post ‘Why isn’t there a tool that scans the open-source code?’ appeared first on Nominet.

    Continue reading...
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Whois-Search

    Whois-Search Retired Member

    Joined:
    Dec 2004
    Posts:
    1,916
    Likes Received:
    112
    How about scanning the DAC for the same IP address Nominet ?
     
    • Funny Funny x 1
  4. stitchbob

    stitchbob Active Member

    Joined:
    Feb 2019
    Posts:
    293
    Likes Received:
    32
    Since the only authentication on the DAC is based on connecting IP, I assume tags cant share IPs anyway.
     
  5. Whois-Search

    Whois-Search Retired Member

    Joined:
    Dec 2004
    Posts:
    1,916
    Likes Received:
    112