Brazilian Nalbatech buys bugScout solution

Brazilian Nalbatech, a company in the Nfq group, bought bugScout, a Spanish platform for analyzing source code of mobile apps and other software. The solution can analyze and identify in a few minutes if there are vulnerabilities in the source code of 34 different programming languages. Sabesp and El Corte Inglés are among bugScout’s customers. The purchase price was not disclosed, but NalbaTech informs that it will invest 1.5 million euros in three years to reinforce the operation of bugScout, whose development team will continue in Spain. A curious fact about the business: NalbaTech was, until then, a sales channel for bugScout. It is, therefore, a rare case in the business world where the sales channel buys the manufacturer.

BugScout performs two types of source code analysis: static and dynamic. In the static, it is verified if the programming met all the different international security standards and protocols. The dynamics, in turn, consists of “stressing” the software in an attempt to reveal some vulnerability that has not been pointed out by static analysis. On average, 94% of the vulnerabilities are pointed out in the static analysis.

“The vulnerabilities are global. When a new one is identified, we update the platform. It is a living world that evolves every day. Our update is constant, done daily. We have engineers dedicated solely to this ”, reports Francisco Bernabeu, director of Nalbatech. “Data exposure is the main vulnerability that has the greatest impact on mobile apps and applications in general,” he comments.

Each vulnerability found is classified according to its severity: high, medium, low or merely informative. Each vulnerability found is classified according to its severity: high, medium, low or merely informative. The bugScout report estimates how many hours of work it will take for each fix.

The analyzes are made through a virtual application with access controlled by the client, for the protection of its source code. The process is quick and takes just a few minutes. Bernabeu cites a recent example of a 1.8 million line source code that was analyzed in 20 minutes.

Billing is done by application, as a managed service. It is worth remembering that apps and other software from large companies usually undergo frequent updates, which requires new tests to analyze parts of their source code.

Nalbatech acquires bugScout

Nalbatech, a company of the Nfq Group, specialized in consulting and professional services for banks, capital markets and insurance, announces the acquisition of the bugScout platform, created by the Spanish Buguroo Offensive Security, of which it has been a partner for more than 4 years for offering, implementing and supporting the security risk detection solution throughout the life cycle of software applications.

BugScout is a robust, state-of-the-art source code analyzer used by companies from various segments in their software projects and also in the security validation of third-party applications at the time of contracting. With the acquisition of bugScout, NalbaTech strengthens its portfolio of Information Security, Governance and Compliance and Software Quality technologies and services.

Francisco Bernabeu, director of NalbaTech, says that since 2013 the company has been offering managed services based on bugScout and the decision to purchase the definitive rights to the tool “strengthens its position as a key supplier of managed security and software quality services, since the company becomes the owner and developer of the platform, and is also responsible for its evolution and technological improvement ”.

The executive also states that, with acquisition, NalbaTech achieves a strategic position in a market where all systems face some type of vulnerability at some stage of its life cycle. “In practice – companies suffer from high security weaknesses and the real possibility of data loss or cyber attacks on corporate networks. In addition, investments in fixing vulnerabilities are on average three or four times greater than development itself. With bugScout right at the beginning of the software project, this time and investments can be 90% less considering the current expenditure, in addition to avoiding incalculable losses in the event of an attack ”, highlights Bernabeu.

BugScout is compatible with the languages most used in web and mobile environments and includes complete frameworks for each development environment, covering the most complex flows, such as dependency injection, ORMs or databases unrelated to others. The platform assists in building secure applications based on the analysis of all vulnerabilities identified in all reference standards, such as OWASP, WASC or CWE.

“The solution has a high capacity for observing source codes and minimizes the risk exposure of companies and users, making the developed software stronger and more robust against threats, both in the corporate internal environment and on mobile”, emphasizes Francisco Bernabeu.

More information: