We spoke with Olivier Gaudin, CEO, SonarSource to discuss source code security and how organizations can benefit from having clean code.
Why are organizations focusing more on their source code?
Organizations understand how important their software is to running the business, but until recently many didn’t quite understand how critical their software’s source code is. Source code is the most important asset in the software. It contains all the business logic and dictates how the software will behave and how it will perform.
The way software is built has also evolved. In the past, the software development life cycle was manual from building to deployment, and everything in between. With the rise of DevOps, most of these tasks are automated, which means organizations can now focus on the only thing that matters: the source code.
What do organizations need to consider when maintaining and developing their source code?
Organizations must take a clean code approach and optimize all the attributes of their source code, including quality, maintainability, reliability, security, accessibility, sustainability, and so on. Looking at only one attribute in isolation would have a very limited impact. For instance, it does not matter how secure your software is, if it is not maintainable, you will not be able to make it evolve which means it is disposable. Which is likely not what the business expects.
We believe organizations should take care of their source code and take a clean code approach to maximize the value of their software.
How do organizations benefit from clean code? By focusing on clean code, organizations are able to minimize maintenance time and costs while reducing developer attrition. According to a survey from Stripe and Harris, today 42% of developer time is spent remediating bad code, and most developers believe that too much of their time is spent debugging their software instead of innovating. Clean code also increases software longevity while reducing operational, reputational and security risks. Ninety percent of security incidents are caused by poor coding practices.
For all those reasons, clean code creates tremendous business value.
How can organizations develop quality code that’s also secure?
Ultimately, developers control code quality and code security, so organizations need to adopt developer-first tools and strategies.
Organizations should use tooling that flags issues throughout the development workflow and that helps developers find and fix programming errors, bugs, and the subtle but ultimately costly maintainability errors that will make maintenance harder than it should be. The right tooling should also go beyond boosting code quality to also improve code security. This means running static analysis regularly to detect security vulnerabilities, memory leaks, code compliance problems, and more, throughout the workflow.
Organizations should also follow a “clean as you code” approach. This approach helps developers identify and correct errors and vulnerabilities as soon as possible: as they write code in real-time, or during PR analysis or immediately after merge. As a result, developers are able to produce high-quality, secure, and therefore clean code without having to spend extra time remediating issues later.
What’s driving SonarSource growth?
Our growth is driven by two things.
Our products were built to accommodate the market’s eventual realization that software - source code - is the foundation of business and must be stewarded as such.
Developers are in the perfect seat to administer effective code quality and code security practices that not only fix today’s code, but also eliminate technical debt as organizations gain maturity in their use of the practices.
From day one, our sole mission has been to empower every single developer - and thus every organization - to build software right. And in the last 12 months alone, we’ve added over 5,000 customers, reaching a total of 15,000 commercial customers overall.