Skip to main content

Redpoint and Sequoia are backing a startup to copy edit your shit code

Code is the lifeblood of the modern world, yet the tooling for some programming environments can be remarkably spartan. While developers have long had access to graphical programming environments (IDEs) and performance profilers and debuggers, advanced products to analyze and improve lines of code have been harder to find.

These days, the most typical tool in the kit is a linter, which scans through code pointing out flaws that might cause issues. For instance, there might be too many spaces on a line, or a particular line might have a well-known ambiguity that could cause bugs that are hard to diagnose and would best be avoided.

What if we could expand the power of linters to do a lot more though? What if programmers had an assistant that could analyze their code and actively point out new security issues, erroneous code, style problems, and bad logic?

Static code analysis is a whole interesting branch of computer science, and some of those ideas have trickled into the real-world with tools like semgrep, which was developed at Facebook to add more robust code-checking tools to its developer workflow. Semgrep is an open-source project, and it’s being commercialized through r2c, a startup that wants to bring the power of this tool to the developer masses.

The whole project has found enough traction among developers that Satish Dharmaraj at Redpoint and Jim Goetz at Sequoia teamed up to pour $13 million into the company for its Series A round, and also backed the company in an earlier, unannounced seed round.

The company was founded by three MIT grads — CEO Isaac Evans and Drew Dennison were roommates in college, and they joined up with head of product Luke O’Malley. Across their various experiences, they have worked at Palantir, the intelligence community, and Fortune 500 companies, and when Evans and Dennison were EIRs at Redpoint, they explored ideas based on what they had seen in their wide-ranging coding experiences.

r2c’s team, which I assume only writes bug-free code. Photo by r2c.

“Facebook, Apple, and Amazon are so far ahead when it comes to what they do at the code level to bake security [into their products compared to] other companies, it’s really not even funny,” Evans explained. The big tech companies have massively scaled their coding infrastructure to ensure uniform coding standards, but few others have access to the talent or technology to be on an equal playing field. Through r2c and semgrep, the founders want to close the gap.

With r2c’s technology, developers can scan their codebases on-demand or enforce a regular code check through their continuous integration platform. The company provides its own template rulesets (“rule packs”) to check for issues like security holes, complicated errors, and other potential bugs, and developers and companies can add their own custom rulesets to enforce their own standards. Currently, r2c supports eight programming languages including Javascript and Python and a variety of frameworks, and it is actively working on more compatibility.

One unique focus for r2c has been getting developers onboard with the model. The core technology remains open-sourced. Evans said that “if you actually want something that’s going to get broad developer adoption, it has to be predominantly open source so that developers can actually mess with it and hack on it and see whether or not it’s valuable without having to worry about some kind of super restrictive license.”

Beyond its model, the key has been getting developers to actually use the tool. No one likes bugs, and no developer wants to find more bugs that they have to fix. With semgrep and r2c though, developers can get much more immediate and comprehensive feedback — helping them fix tricky errors before they move on and forget the context of what they were engineering.

“I think one of the coolest things for us is that none of the existing tools in the space have ever been adopted by developers, but for us, it’s about 50/50 developer teams who are getting excited about it versus security teams getting excited about it,” Evans said. Developers hate finding more bugs, but they also hate writing them in the first place. Evans notes that the company’s key metric is the number of bugs found that are actually fixed by developers, indicating that they are offering “good, actionable results” through the product. One area that r2c has explored is actively patching obvious bugs, saving developers time.

Breaches, errors and downtime are a bedrock of software, but it doesn’t have to be that way. With more than a dozen employees and a hefty pool of capital, r2c hopes to improve the reliability of all the experiences we enjoy — and save developers time in the process.



from Startups – TechCrunch https://ift.tt/3eejXyP

Comments

Popular posts from this blog

Thousands of cryptocurrency projects are already dead

Two sites that are actively cataloging failed crypto projects, Coinopsy and DeadCoins , have found that over a 1,000 projects have failed so far in 2018. The projects range from true abandonware to outright scams and include BRIG , a scam by two “brothers,” Jack and Jay Brig, and Titanium , a project that ended in an SEC investigation. Obviously any new set of institutions must create their own sets of rules and that is exactly what is happening in the blockchain world. But when faced with the potential for massive token fundraising, bigger problems arise. While everyone expects startups to fail, the sheer amount of cash flooding these projects is a big problem. When a startup has too much fuel too quickly the resulting conflagration ends up consuming both the company and the founders and there is little help for the investors. These conflagrations happen everywhere are a global phenomenon. Scam and dead ICOs raised $1 billion in 2017 with 297 questionable startups in the mix. The

Dance launches its e-bike subscription service in Berlin

German startup Dance is launching its subscription service in its hometown Berlin. For a flat monthly fee of €79 (around $93 at today’s exchange rate), users will get a custom-designed electric bike as well as access to an on-demand repair and maintenance service. Founded by the former founders of SoundCloud and Jimdo , the company managed to raise some significant funding before launching its service. BlueYard led the startup’s seed round while HV Capital (formerly known as HV Holtzbrinck Ventures) led Dance’s €15 million Series A round, which represented $17.7 million at the time. E-bike subscription service Dance closes $17.7M Series A, led by HV Holtzbrinck Ventures The reason why Dance needed so much capital is that the company has designed its own e-bike internally. Called the Dance One, it features an aluminum frame and weighs around 22kg (48.5lb). It has a single speed and it relies on its electric motor to help you go from 0 to 25kmph. And the best part is that you