Snyk’s FossID Buy to Boost C++ Compliance for Embedded Devs
An estimated 7.3 million developers worldwide actively use the C or C++ programming languages according to SlashData’s “20th State of the Developer Nation Q1 2021.” Their unmet needs were on the mind of Snyk founder Guy Podjarny announcing the acquisition of FossID, a provider of open source compliance solutions.
C++ is the preferred programming language of 40% of all developers that work on embedded applications per the aforementioned SlashData study. Podjarny believes C/C++ developers have unmet needs and cites a 2020 C++ community survey in which the major point for these developers is managing libraries their applications depends on. It must be difficult to manage libraries when you can’t connect to the cloud. According to the same study, only 51% of C++ use the cloud in their software development lifecycle. Let us repeat, half of the C++ developers don’t use the cloud to deploy updates. Embedded applications are often shipped in physical devices that are rarely if ever connected to a network, making continuous deployment rather difficult.
FossID addresses a second issue that C++ developers appear to care more about than others — code snippets. Code from other sources, such as StackOverflow, is sometimes pasted without regard to licensing constraints. Since embedded code is less likely to rely on libraries built via the cloud, it is more important to review it for code snippets than other types of applications. Scanning snippets is time-consuming and requires a large knowledge base of information to be done effectively from a software composition analysis (SCA) perspective, but FossID claims to have developed an AI technology that makes the process efficient.
A year ago, less than 5% of organizations were using Snyk or FossID for open source compliance according to our own Open Source in the Enterprise study, although more than two-thirds of organizations utilized some methodology or tool to help with governance. Snyk appears to want to grow its presence here, starting with the C++ community. The company knows that only 23% of its target audience have adopted policy compliance testing — it reported that fact based on over 600 interviews in last week’s State of Cloud Native Application Security report. Automating policy tests along with security tests is a great idea. Now let’s see the vision turn into a reality.