Secure code warrior

Main service(s)

Secure Code Warrior (SCW) is a product company. It provides a hands-on environment where developers learn to code securely in their environment.

Security context

For software building organisations, one of the cornerstones for creating a secure product is the ability to ship secure code. Today, we have a whole subfield in security (application security) dedicated to detecting and mitigating security issues before they go to production. Or even in production (bug bounties), by paying experts to report security issues.

As with everything, a drop of prevention is worth an ounce of cure. Upskilling our developers so they write less vulnerable code is better than fixing vulnerabilities afterwards. This is where Secure Code Warrior comes in.

Product

Secure Code Warrior has truly built a comprehensive platform, both in language/vulnerability coverage and functionality:

• Language and vulnerability coverage. The platform covers over 60 language/frameworks over multiple domains, such as web, mobile, API development and others. The framework specific approach is critical as it is important to avoid security issues using framework specific functionality. For all these languages and frameworks, SCW offers challenges related to the applicable vulnerability types (ie: security misconfigurations, access control issues,...).
• Functionality. Secure Code Warrior has a very mature platform, which can cater to the needs of its target customers. They have built functionality to support many different use cases, from allowing developers to learn individually to organising large tournaments where developers compete to solve the most challenges. Secure Code Warrior can bring their own courses or customers can design their own, tailor-made courses. The list goes on.
  SCW now has almost 10 years of experience talking to customers and prospects. They have learned what their customers need and have built the capability to do just that.

Often, the problem is to get the developers to actually follow the training. There are two features of the SCW platform that really set it apart in this aspect.

• Most of the training is hands-on. For example: developers can write code in an (in-browser) IDE and get real-time feedback and coaching while coding. Although videos are of course available to provide instruction and context, they are there mostly in support. This is not a platform which will make people mindlessly click through to complete a mandatory training.
• Gamification (such as a company-wide leaderboard) makes it more fun to solve challenges and see where you are versus your colleagues.

Secure Code Warrior is active worldwide and its customers are mostly enterprise organisations.

Differentiators

Hands-on

SCW offers a hands-on, non-boring way to teach developers to code securely. Its challenge-based approach appeals to the problem-solving nature of many developers.

Coupling the hands-on aspect with gamification, SCW can drive both better retention and better adoption. This should of course lead to more secure code and less (security) defects. Which is exactly the outcome companies are striving for.

Enterprise first

From the start, SCW was catering to the enterprise market. Today, SCW can support such a broad range of programming languages and frameworks, it is uniquely positioned to cater to the enterprise market.

Additionally, SCW built functionality to support many different use cases, from allowing developers to learn individually to organising large tournaments where developers compete to solve the most challenges. Secure Code Warrior can bring their own courses or customers can design their own, tailor-made courses.

Moreover, SCW has built functionality to report secure coding maturity in different ways. Two important examples are:

• demonstrating compliance to certain regulations, such as PCI DSS, ISO,...
• Benchmarking (team) progress and retention across various technologies. Mitigate gaps through specific, targeted courses.

Future plans

Next to keeping its challenges and language frameworks up-to-date, Secure Code Warrior is currently working on further integration in the software development lifecycle. It is also working on (improving) its integrations with various development and application security tools.

Company history

Secure Code Warrior was founded by Pieter Danhieux, Fatemah Beydoun, Colin Wong and Jaap Karan Singh in 2015.

In 2017, SCW merged with Sensei Security (which was founded in 2016 by Matias Madou and Nathan Desmet). Both companies had the same goal (helping software developers code securely), but came to it from different angles. Sensei primarily focused on finding issues, while SCW primarily focused on solving issues.

With the combined story (finding and solving issues), SCW raised a seed round in 2017.

In 2018, SCW raised its A round of €3.2 million from Airtree Ventures and Paladin Capital.

End of 2019, SCW raised its US$47.6 million series B round led by Goldman Sachs. ForgePoint Capital, Cisco Investments, Airtree Ventures and Paladin Capital also participated in the round.

In April 2020, SCW acquired Iceland-based startup Adversary. The technology now powers the “mission” style challenges in the platform.

In 2023, SCW raised a US$50 million series C round, led by Paladin Capital.