The Decade of the Defenders: Secure Code Warrior Turns Ten

In my younger years, I used to play a lot of DOOM, and certainly, in the beginning, I had to toggle through the various difficulty levels to complete my first couple of run-throughs of the game. They ranged from “I’m Too Young To Die” (Easy) to “Nightmare” (Very Hard). There are days I wish I could simply reset and change the difficulty level of running a tech company, especially in the early stages when so many elements are delicate, precarious, and prone to failure.

The statistics are well-known and sobering: Startups collapse at a rate of around 90%, which has been the situation for many years, but digging deeper, the general breakdown is that 21% of startups fail in the first year, 30% within two years, 50% by the five-year mark, and 70% within their first decade. 

I am proud my co-founders Matias Madou, Fatemah Beydoun, Colin Wong, Nathan Desmet and Jaap Karan Singh made it to “Level 10”, bolstered by the support of our investors, Goldman Sachs, Cisco Investment, Paladin Capital, Forgepoint, Airtree and Tidal, together with my independent board members Jim Pflaging and Nanhi Singh.

The founding team has stayed together, steering the ship through every lesson, triumph, and setback for an entire decade. We’re scaling up and ready to face our next chapter, SCW 2.0, as the leaders in developer risk management.

2024: The year we brought industry-first data insight tools to market.

Demonstrating the return on investment of upskilling people is extremely hard, but in 2024, SCW achieved what the whole industry was asking for: “Can you prove our software is more secure by upskilling our developers?”. We’ve collected vulnerability and issue-remediation data from some of our largest customers running well-established programs, and we can proudly prove - with validation from our customers - that the median reduction in vulnerabilities was 53% for code created by secure developers versus code created by others. We have also proven that secure developers can fix security issues 2-3x faster, saving time and reducing risk exposure.

First out of the gate was SCW Trust Score, the only benchmarking capability that quantifies the impact of enterprise secure coding programs. For the first time, security leaders can gain granular, data-backed insights into the secure coding skills of the development team, as well as compare them to industry standards. This is the impeccable visibility many have been waiting for to make critical adjustments to their programs, as well as provide individual developers with learning pathways to strengthen their security skills for life. We even published a research paper with Former US National Cyber Director, Chris Inglis, and Kemba Walden, President, Paladin Global Institute, and formerly acting US National Cyber Director.

Later, we released SCW Trust Agent, a companion offering that delivers visibility across an organization’s entire code repository, analyzing every commit against developer secure coding skills. SCW Trust Agent builds upon SCW Trust Score, working together to demonstrate how effectively the company’s security program is applied in every commit.

These tools are instrumental in assisting enterprise security leaders in achieving goals like CISA’s Secure-by-Design guidelines, with verification of developer security skills, secure commits, and, ultimately, eradication of categories of vulnerabilities necessary elements of proven secure design principles. 

Howdy, partner! Our partner network continues to grow, as does our customer base.

One of the more heartwarming aspects of being in the cybersecurity industry is understanding that, essentially, we’re all just one big, geeky, passionate community, and for the most part, all too willing to join forces in pursuit of not only mutual success, but a safer digital world for all.

We are privileged to call a variety of fellow security and technology companies our business partners, with our Partner Program instrumental in helping us drive growth. Towards the end of 2024, we announced our second OEM partnership with global leaders in Information Management, OpenText. This development, coupled with our flagship OEM partners, Black Duck, affords us an incredible opportunity to provide full-scale, holistic solutions that cater to the contemporary needs of the enterprise and their security programs.

Additionally, we now boast over 650 enterprise customers. From humble beginnings ten years ago, in which I remember shouting our team of 4 a cheap lunch in celebration of our first big client, we have certainly carved out a healthy footprint of clients who are not afraid to approach preventative security with developers as the agents of change.

AI, the ultimate disruptor, and the future of developer-driven security.

Artificial intelligence, LLMs, and AI coding tools have been buzzwords on every IT professional’s lips for over two years now, and we find ourselves - as a society - at a defining moment in our technological history. The great swathe of AI tools in almost every category promises enormous productivity gains, and in software development, a recent GitHub survey revealed most engineers have started adopting AI-powered coding assistants. 

These tools are now part of the software development landscape, despite just 38% of organizations approving their use. Their use is inevitable, and rather than creating a “shadow AI” situation, security leaders should focus on bringing developers on the journey of safe, responsible coding. Security-aware developers can wield these tools with the critical thinking and security expertise required to truly benefit from the increased productivity, without adding to the ongoing risk perpetuated by developers with low security skills. 

2025 is the year you will continue to see advancements in AI coding. Still, we just might have a thing or two up our sleeve to help enterprises effectively apply developer risk management in this area, and many others. You’ll have to stay tuned and see where our journey takes us.