Gavin Bu, Head of Xcalibyte Business Solutions, focuses on delivering best-in-class customer solutions. After graduating from Beijing University of Aeronautics with a master’s degree in software engineering in 2007, he joined Business Objects as a BI consultant. He later joined SAP and IBM, spending ten years in business consulting and sales management. Gavin also has experience with early-stage companies, having served as the director of an NLP technology company, which achieved significant growth in 2018.
From smart-locks at homes to self-driving vehicles on the road, new technologies such as artificial intelligence, blockchain, and 5G continue to promote the rapid development of the Internet of Things. The advances in this area are entirely reliant on the underlying code and technical architecture. This comes with quality and security problems. So how can software developers quickly identify code defects and security risks? Today we invite Gavin to share with you how Xcalibyte directly addresses these concerns along with business pain points faced by many of our customers.
As the Head of business solutions, can you tell us more about what you do?
Gavin: The past 15 years of experience in business consulting, and sales of the technology industry have cultivated my ability to understand requirements from the perspective of customers to help them accurately analyze and solve their pain points.
I think that sales is not just about pushing products. I have to spend time understanding the details of how our product features match customer pain points so we can deliver truly valuable solutions. In this process, I will give full attention to each of our customers’ unique production processes and operations, so we deliver according to their needs without major disruption.
Even if Xcalscan, our flagship code analysis tool, cannot solve all customers’ existing problems, we can further plan with customers a product development route that meets their needs and helps themimprove software development efficiency.
Xcalibyte provides high-quality static code analysis software for customers from different industries. What do you think are the most common challenges they face, and how does Xcalibyte help to solve them?
Gavin: The software development process of each industry has its own characteristics, with often unique industry norms and standards. Based on general industry regulations, I think that most significant pain point is how companies can measure whether if their software meets industry standards and regulations. From the perspective of code analysis, it is whether the source code meets industry standards or whether the business logic implemented by the software, has been applied properly without loopholes.
Based on a large number of customer visits and research data, we found that many static code analysis tools on the market can only achieve an accuracy of about 30% when analyzing and identifying errors. The reason for the low accuracy is that, in addition to the differences in programmers’ code styles, the past technology cannot keep up with the express iterations and development in programming languages. Essentially, the entire software development framework has become more and more complex and continues to become so.
Xcalibyte’s static code analysis can be effectively integrated into the software development life cycle (SDLC). If developers can use Xcalscan in Shift-Left Testing at the beginning of the development life cycle, they can effectively improve the accuracy and efficiency of code testing while significantly reducing time, capital andresources. For code analysis tools, the core requirements are high scanning efficiency, fast speed, and high accuracy. Compared with competing products, these are precisely Xcalscan’s advantages. For example, the accuracy of code detection in the C language can reach 50-70%, which is more than twice the average value of the entire industry.
Can you give an example to illustrate how Xcalibyte helps customers solve software development quality and vulnerability issues?
Gavin: We have a customer in the blockchain finance sector, and they will be involved in the operation of bank account data. In the database access process, it is necessary to strictly encrypt and decrypt personal accounts and other information in the database to ensure that all potential vulnerabilities are eliminated before data transmission processes or storage.
In helping the customer conduct code inspections, we can ensure that their software can protect every piece of sensitive data they call. Item calls and operations are in strict compliance with industry-standard corporate compliance requirements, eliminating any potential security risks of data leakage.
How does the Xcalibyte help industry customers with embedded systems, such as those found in IoT and autonomous driving?
Gavin: Customers in the automotive industry follow two standards, MISRA and ISO26262 certification. There is a certification body to review whether all the source code in the entire automotive equipment complies with industry standards. We can work with many partners to help customers in the automotive sector pass the certification, for business logic verification and sour code reviews.
Compared with the traditional automotive industry, the Internet of things involves a variety of devices and massive amounts of data. Therefore, in this process, we have a lot of exchanges and cooperation with many operating systems and hardware platforms. At present, Xcalibyte can support mainstream operating systems, chips and instruction set architectures covered by the Internet of Things, as well as the specific environments that some customers require. At the end of 2020, Xcalibyte started to cooperate with RT-Thread, an industry leading IoT operating system, to jointly provide end-users with source code analysis services.
What actions will you take to protect assets such as home smart systems?
Gavin: Let’s look at the examples of smart door locks or home surveillance cameras in IoT device companies. Although they use simple IoT devices, these devices are easily hacked. In response to this situation, Xcalibyte will help these customers identify the underlying vulnerabilities, especially the embedded systems, to solve these problems.
We will also help customers to prevent possible data leakage problems. We have done much work in this area. We always believe that developers should take a quality first and security by design approach.
What role will static code analysis tools play in the long-term development of enterprise security?
Gavin: Application Security Testing (AST) is a big family, and static code analysis is just a branch of the AST family. It also covers software component analysis, dynamic application security testing and interactive application security testing. Xcalibyte is in the field of static code analysis.
Xcalibyte’s static code analysis tool, Xcalscan, is a highly accurate and intuitive DevSecOps tool that improves productivity by identifying vulnerabilities and integrating this function into the software development process. It uses advanced compiler-level analysis to scan source code for quality, software standards compliance, and vulnerabilities. Before compiling and testing the source code, Xcalscan can identify defects that may cause memory corruption, buffer overflow, data leakage, etc. Therefore, Xcalibyte is an indispensable and powerful tool for every developer Writing code.
Looking forwards, Xcalibyte will enter more industry fields. We are currently focusing on chipsets, Internet of Things, automotive, and financial customers. Soon we will look at the transportation, medical and aerospace industries. In addition, after building the static code analysis, we will do some extensions. We will also develop and extend into interactive application security testing. Xcalibyte always puts customers’ interests first, directly addressing their business needs and the pain points of developers, using our proprietary static analysis tools.
Read more about Xcalibyte’s Industry Solutions.