Announcing our Investment in Semmle
Treating code as data to bring a Moneyball approach to software engineering
Given the adage that software is eating the world, it is odd that there’s been a dearth of tools out there to quantify software development efforts.
Enter Oege de Moor, founder/CEO of Semmle, who decided to tackle this lofty challenge head on. Oege articulates his vision for Semmle clearly in a blog post this morning:
How do you answer deep questions about data flow in the code? How does the quality rank against similar projects? How did the codebase get to be in that state? Who did what, where and why? I didn’t know the answers, but it became an underlying thread in my research — the key would be to treat the source code itself as data.
We’re thrilled to announce that we’re investing in Semmle’s $21M financing today with our friends Ping Li and Vas Natarajan from Accel.
Some History
Oege and I first met in 2012 while I was still in the Office of the CIO in IT at Morgan Stanley, and a UK-based colleague connected us to discuss the software engineering analytics technology that he developed while a professor of Computer Science at the University of Oxford. Early commercial proof through customers like NASA to power the Mars rover certainly caught my attention!
We reconnected in 2014 when he was one of a select few startups selected to present at the annual Bank of America Technology Summit. As an enterprise startup founder, he shared his desire to be closer to their customers in NYC, many of which were leading Wall St banks. This traction was no small feat for such an early stage startup to pull off.
We have a saying at Work-Bench that all enterprise roads lead to New York. In late 2014, Oege expanded his company from Oxford and opened their NYC office to be closer to the Fortune 500. And so began our partnership.
The Product
Semmle’s patented technology analyzes a codebase and converts it into a searchable database full of insights about your projects, teams and developers. It uses all available data — like source code, issue tickets, development costs, team location — and allows you to accurately and efficiently query the created data model for insights into how teams function and how code is being run. Results are presented in user interfaces designed for the different needs of developers, managers, and executives, and can also be exported to business intelligence tools like Tableau. The insights Semmle delivers help teams staff projects more intelligently, retain and develop talent better, control software costs, and deliver new functionality sooner.
Identifying security vulnerabilities has emerged over the last few years as an extremely compelling use case for Semmle’s technology. Their QL product treats code as data, and this allows security teams and individual developers to quickly and accurately explore their code through simple, powerful queries that find all variants of zero-days, as well as other severe security problems and coding mistakes. Microsoft published a case study based on their vulnerability hunting with QL that’s worth a read to understand the power of this product. Last year Semmle also made the news for helping identify the Apache Struts vulnerability that put Fortune 1000 servers at risk.
Customer Validation FTW
As part of our courtship with Oege, we included him and the Semmle NYC team in our Executive Briefings with Fortune 1000 buyers with great success. Their hit rate of meetings that led to POCs, and POCs that converted into contract licenses (at high annual contract values) clearly demonstrated that they were onto something special. From one of the world’s oldest banking institutions to a modern digital financial services firm to a global commerce technology provider, regardless the industry, Semmle was closing deals from our introductions left and right.
This is the perfect case study of the “Work-Bench way” — adding value for entrepreneurs during diligence, and in the process helping us validate that a company truly solves a problem felt by the Fortune 1000 at large.
Beyond introductions through our network, Semmle has public endorsements from customers ranging from leading financial institutions like Credit Suisse and Nasdaq (and plenty more they can’t share publicly) to some of the best tech companies out there like Google and Microsoft. This was accomplished through an incredible product that solves a meaningful problem and a relentless focus on customer value, traits we value in our investments.
We’re thrilled for this milestone but even more excited for the years ahead working with Oege and the Semmle team as they continue to scale on all fronts.
If you’re interested in learning more, be sure to check out:
- A case study with Microsoft focused on vulnerability hunting
- A case study with Nasdaq on improving ROI and reducing time to market
- Press coverage in TechCrunch, Dark Reading, and eWeek
