Tuesday, August 25, 2015

'Take 5' with Code Dx Founder Ken Prole


Ken Prole, CTO at Code Dx, sat down with our team to discuss the passion and inspiration behind his popular software assurance and analytics tool. The goal behind Code Dx was to deliver a product that would solve real problems for real people. Ken and his team identified the problems that many developers confront with application quality and security testing such as difficult installation, expensive tools, and having to use multiple tools which makes it hard to compare results.

Learn more about Code Dx and Ken’s journey that led to a successful company in our latest ‘Take 5’ with the Founder:

What advice would you offer to any soon-to-be startup founders out there?

You need to understand your user’s pain points and needs very well. This means getting out of the office and talking with people. Listen carefully to how things are being done today and what challenges your solution can solve for them – this creates your value proposition. Then implement that solution, incrementally, starting with the MVP (Minimal Viable Product), always working closely with users for feedback. Don’t be afraid to pivot and change direction as you get more feedback. Your early customers are critical for turning your idea into a product that actually solves someone’s needs. Also look for mentors. Reach out to people who have had success growing a startup. They’ll likely be more open than you think to help and might even join your Board of Advisors, which is another important tip for success.

What was your original source of inspiration when you started Code Dx?

We saw a bunch of tools appearing to help developers detect quality and security issues, but there was nothing to bring all those results together and various studies by NIST and NSA were showing that a collection of tools gives you much better coverage. DHS Science & Technology Directorate shared the same vision and were instrumental in funding our initial research and development through their Small Business Innovation Research (SBIR) program.

What problem will your product solve? + How does it matter in the market?

Code Dx is a software vulnerability management tool. It helps developers, software testers and security analysts find software vulnerabilities, prioritize them and assign them for remediation before the attackers can exploit them. For developers, we embed Code Dx right into your IDE so you can find the vulnerabilities early in the SDLC. As a result you write better quality code so your software doesn’t crash or perform poorly, as well as more secure code, so that vulnerabilities are detected before the bad guys find them. There are plenty of software scanning tools out there already, but we developed Code Dx to respond to specific challenges those tools present. The challenges we heard most often from people getting started in application quality and security testing were that (1) tools are too expensive and licensing restricts its usage by line-of-code or number of projects; (2) tools are difficult to install, configure, and interpret the results; (3) no single tool finds everything and when using multiple tools it is very difficult to compare results. We solved these problems with Code Dx and feel it is helping the overall quality and security tool market since now people can more easily consume the results of multiple tools.

What is your one-line pitch?

Code Dx finds, prioritizes, and visualizes software vulnerabilities – fast and affordably.

Describe the experience of your first customers?

Finally getting a product into the hands of real users solving real problems is what it’s all about. Seeing how our first customers used Code Dx was enlightening to us. We saw how our vision actually helped users do things they couldn’t before. It helped validate that Code Dx was a product that fulfilled someone’s needs. We also learned what frustrated users with our early versions, and used that feedback to make Code Dx even better. That’s what we continue to do today. So try out Code Dx and let us know what you think!

Now for the lightning round!

Coffee or tea?
Coffee in morning, tea in afternoon.

PC or MAC?
PC and Android for me. I feel like more and more colleagues are switching to MAC, but I haven’t been able to make the switch yet.

Early bird or night owl?
Kids have made me an early bird, but I can still do the night owl thing when needed.

Bagels or muffins?
Bagels, especially on Bagel Friday.

Classic or modern?
Modern

Detailed or abstract?
Abstract.

Washing dishes or doing laundry?
Washing dishes. Laundry is such a process.

Saver or spender?
Saver.

Hardwood or carpet?
Hardwood
Pancakes or waffles?
Waffles

Asking questions or answering questions?
Asking questions as the answer.

Javascript or C?
Anything but going back to C programming.