The code security solution faster, affordable fontand safe from the market.
Brazilian company NalbaTech, a company of the Nfq group, bought bugScout, the Spanish source code analysis platform for mobile applications and other software. The solution can analyze and identify in a few minutes if there are vulnerabilities in the source codes of 34 different programming languages. Sabesp and El Corte Inglés are among the customers of bugScout.
The value of the purchase was not disclosed, but NalbaTech informs that it will invest 1.5 million euros in three years to strengthen the operation of bugScout, whose development team will continue in Spain. A curious fact about the business: NalbaTech was, until then, a sales channel for bugScout. It is therefore a rare case of the business world in which the sales channel buys the manufacturer.
BugScout performs two types of source code analysis: static and dynamic. In static, it is checked whether the programming has met all the different international security standards and protocols. The dynamic, in turn, is to “stress” the software in an attempt to reveal some vulnerability that has not been pointed out by static analysis. On average, 94% of vulnerabilities are pointed out in static analysis.
“The vulnerabilities are global: when a new one is identified, we update the platform, it is a living world that evolves every day,” said Francisco Bernabeu, director of NalbaTech. “Data exposure is the main vulnerability that has the biggest impact on mobile applications and applications in general,” he says.
Each vulnerability found is classified according to its severity: high, medium, low or merely informative. If it is high or medium, it should be fixed immediately before launching the application. The bugScout report estimates how many work hours are required for each fix.
The analyzes are done through a virtual application with controlled access by the client, for the protection of its source code. The process is fast and takes place within minutes. Bernabeu cites a recent example of a 1.8 million line source code that was analyzed in 20 minutes.
Billing is done per application, as a managed service. Keep in mind that applications and other software from large companies often go through frequent updates, which requires more testing of parts of the source code.