"r2c: An Open Source Tool for Software Security"
MIT alumni founded a startup named r2c with the purpose of simplifying the process of securing code by offering a database of software checks. It is easier to attack a system than it is to protect it in the software security industry as hackers only need to find one vulnerability to successfully execute an attack, while software developers must protect their code from all possible attacks. Therefore, when an individual programmer makes a popular app, it quickly becomes a target for various security threats. Although larger companies have software security teams, they are known to slow down deployments as they review lines of code to safeguard against attacks. The startup r2c is now looking to make the process of securing software more seamless through an open source code-proofreading tool. The tool called Semgrep parses lines of code to detect potential bugs and vulnerabilities similar to how Grammarly finds grammatical errors or possible improvements in online writing. Semgrep includes a database of over 1,500 prewritten rules that security professionals can use in their code scans. If a security professional does not see the rule they want, they can use r2c's interface to write their own rules and then add it to the database for others to use. Besides simplifying the process of implementing code standards, r2c has also fostered a community in which security professionals share ideas and brainstorm solutions to threats. This article continues to discuss r2c's open source Semgrep tool and other services offered by the startup to help improve software security.
SciTechDaily reports "r2c: An Open Source Tool for Software Security"