Semmle Wins 2019 CDM InfoSec Awards

March 04, 2019


Reading time

SAN FRANCISCO, March 4, 2019Semmle, a variant analysis platform, today announced two industry wins for the Cyber Defense Magazine (CDM) InfoSec Awards, with recognitions for Open Source Security and Code Variant Analysis. The awards come less than one year after the company’s global launch, cementing Semmle’s first-of-its-kind variant analysis technology that empowers both enterprise and open source developers to secure their software.

Now in its seventh year, CDM, the industry’s leading electronic information security magazine, honors InfoSec innovators that provide “unique and compelling value.” Semmle’s mission to secure all software starts with making available for free for all open source projects. LGTM is variant analysis platform that automatically checks your code for real CVEs and vulnerabilities. Its QL query engine, recognized by CDM for Code Variant Analysis, powers LGTM allowing product security teams to deliver variant analysis results to development teams to ship safe code and protect their customers.

“We’re honored to be recognized as a leader in Open Source Security and Code Variant Analysis,” said Dr. Oege de Moor, CEO of Semmle. “We believe security is a shared responsibility, and that starts with enabling the community to work together to secure open source software. Technology to automate variant analysis helps scale an organization’s security expertise, ultimately making vulnerability hunting much faster and more effective.”

In the six months since Semmle’s global launch, its own team has been focused on this shared responsibility, disclosing several high-impact vulnerabilities, including critical remote code execution vulnerabilities in both Apache Struts and MacOS. In keeping with Semmle’s mission to secure all software, these disclosures and any relevant variant analysis queries that unearthed them are immediately added to Semmle standard QL libraries, ensuring every user benefits.

To learn more about Semmle, please visit

About Semmle

Semmle believes security is a shared responsibility. Our mission is to secure all software by bringing the security and development communities together. Security and software engineering teams at Google, Microsoft, NASA, Nasdaq and Uber depend on Semmle to secure their code. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Copenhagen, New York City, Oxford, Seattle and Valencia, Spain.

About CDM InfoSec Awards

This is Cyber Defense Magazine’s seventh year of honoring InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at