In the actual development process, only the developer uploads the program code to activate XcalScan’s automatic detection process instead of real-time scanning.
In the software development process, discovering and modifying code defects often consumes a lot of time and effort from the development team. Traditional code review and peer review are performed manually, which may be time consuming and labor intensive. The situation of underreporting and misreporting. As a result, static code analysis tools have emerged to help developers quickly and efficiently locate code defects and correct them in a timely manner during development.
Static code analysis refers to the analysis of source code, bytecode, and binary code without running the code to find coding errors, verify compliance criteria, and whether there are vulnerabilities. At present, there are some open source static code analysis tools, and some companies have developed static code analysis tools, such as Fortify (Fortify SCA), Security Innovation (Checkmarx Suite), Armorize (CodeSecure), and domestic company Shanghai Zezhong Software (CodeAnalyzer), CodeSonar and others.
The recently approached company “Improvement” has also developed a static code analysis tool “XcalScan” for deep source code defect detection. The company was founded in Hong Kong in 2018 and has offices in Shenzhen, Beijing and Shanghai.
XcalScan works by integrating into the development process to scan for vulnerabilities, analyze potential code quality issues and security issues in source code, and help code review performed by QA and security audit teams. At the same time, it can also visually demonstrate the progress of software projects for team leaders and corporate executives.
Knowledge COO Zhao Kelin introduced that XcalScan supports C, C++ and Java three common voice detections, its accurate defect detection can work across processes and files. In the actual development process, only the developer uploads the program code to activate XcalScan’s automatic detection process instead of real-time scanning. After scanning, XcalScan will highlight the vulnerability, severity level, and tracking path, and automatically assign remediation tasks to team members, and will also output simplified < Span>Compliance defect set generation report for remediation and stakeholder supervision.
Thanks to the interpretation team experts in the compiler, Intermediate Representation (IR) andWith the research of compiler optimization technology, XcalScan can use IR analysis and next-generation compiler technology to locate deep defects, improve the detection accuracy of XcalScan, and reduce the false positive rate. “This is the core advantage of XcalScan.” Zhao Kelin said, The computer code can be divided into different levels, the closer to the compiler backend, the more code the bytecode stage provides, and the product of the interpretation can be as close as possible to the back end of the compiler. Focusing on the intermediate representation language (IR), it is possible to obtain more information to determine what problems the code has made during the compilation process, to locate the defects more accurately, and thus have a lower false positive rate than the similar ones.”
Another advantage of XcalScan is its understanding and familiarity with global software security. The interpretation shows that Chinese companies are developing rapidly in emerging fields such as smartphones, AI, Internet of Things, and autonomous driving. These developments are inseparable from the support of high-quality, high-security code. “When these Chinese companies want Going overseas, the code’s quality and safety standards are subject to many challenges (such as those from CERT, MISRA, and GDPR). They need to improve code quality, stability, and security. This is our opportunity.” said Zhao Kelin. Forrester’s survey results show that the global market for application security has continued to expand and is expected to reach $2.5 billion in 2019, reflecting the company’s code quality and security. The importance of attention is rising.
At present, XcalScan is in the stage of user trial. After the test is over, it will be put into commercial phase. It will mainly adopt B2B direct sales mode and agent mode to sell products.
Team, Liang Yuning, co-founder and CEO of the interpretation, has led software development work for Fortune 500 companies (including Samsung, Nokia, Huawei) and startup technology companies. He has more than 20 years of software development and management experience. The global technology and software security industry has deep industry insights. CTOChen Xinzhong has more than 30 years of experience in compiler optimization technology. He was the director of Intel-Tsinghua University Joint Lab and served as the head of Intel Labs, focusing on embedded systems. Research, with more than 20 patents in the field of programming analysis. Co-founder and Chief Architect Liu Xinming has decades of experience in developing and delivering high performance computing system (HPC) compilers and performance analysis tools. He served as director of the HP Java Compiler Technology Lab, led by HPA. Compiler development work for the Teng processor. COO Zhao Kelin served as a former NokiaHead of Ball Sales, Lenovo and MotorolaLearning Global Sales Director and Huawei Executive Vice President, etc., can speak Fluent Mandarin to China and Global business has to understand.
It is reported that the interpretation is seeking A+ round financing.