Semmle Blog

Angry developers: How code quality is affected by negative emotions

Happy cows make better cheese, but do happy developers write better code? In this data driven analysis I want to investigate how our emotional state of mind affects the code we're writing, and how developers can resist the pull of the dark side.

August 22, 2019

Black Hat 2019 Recap: CTF challenge, U-Boot and more

Black Hat is always one of the most interesting conferences of the year. Read our Black Hat 2019 recap to hear the takeaway messages from the Semmle team.

August 22, 2019

VLC vulnerabilities discovered by the Semmle security research team

Semmle’s security research team discovers 11 bugs in VLC, the popular media player. The VLC vulnerability CVE-2019-14438 could potentially allow an attacker to take control of the user’s computer.

August 19, 2019

Automated unit testing: How to avoid tests that harm your code

August 15, 2019

Python 3: Finding Code Compatibility Issues with QL

August 13, 2019

Unit Testing: Does more test code lead to fewer code alerts? (LGTM study)

August 08, 2019

Source code analysis: Preventing bugs through tests and alerts

August 01, 2019

Black Hat 2019: Semmle at Security Summer Camp

U-Boot RCE Vulnerabilities Affecting IoT Devices

U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)

Semmle’s security research team discovers 13 U-Boot RCE vulnerabilities in its bootloader, which is commonly used by IoT, Kindle, and ARM ChromeOS devices.

OODA for Code Review: Improving Your Code Quality

How can the OODA loops theory make our code review process more effective, and make our code more secure as well as easier to amend?