AU researchers give millions of programmers a new weapon in the fight for our IT security
By founding the company Coana, researchers at the Department of Computer Science have created a technology that solves a problem for programmers all over the world. And that ultimately improves IT security for all of us.
Imagine a world in which 95 per cent of the security alerts you receive are irrelevant.
This is the reality for software developers. When they develop an app, for example, they build on existing code that may well contain errors and security flaws. So they are bombarded with security warnings on a daily basis – and have to invest time distinguishing between the harmless and the serious vulnerabilities.
Cybersecurity
In connection with this year’s MatchPoints conference on cybersecurity on 18-19 April, AU is shining a spotlight on cybersecurity research.
This is something that Coana, a new spin-out company from Aarhus University, wants to change. With new cutting-edge technology, the team at Coana can filter out the noise from harmless security alerts and highlight the vulnerabilities that actually matter.
“The technology gives software developers useful information about where exactly they need to concentrate their efforts to improve the security in their systems. If you need to develop an online banking app, for example, and you don’t discover the relevant vulnerabilities in the code you’re using, you could end up with security issues in your software. In the worst case, this could lead to hackers being able to access data they shouldn’t be able to see. It all comes down to security in the end,” says Anders Møller, co-founder of Coana and professor of computer science.
At the moment, all six employees at Coana are located at the Department of Computer Science, but it’s only a matter of time before they’ll need to move into new, larger premises. The company is growing. And, at the start of 2024, the Silicon Valley-based fund Sequoia Capital invested DKK 11 million in the Aarhusian start-up.
From research to product
It all started back in 2019, when Anders Møller began a research project on software analysis. Benjamin Barslev Nielsen and Martin Torp soon joined the project as PhD students, and together they developed a technology that proved to be effective and precise. The three researchers thought it would be a shame if their discovery only ended up as journal articles.
“We agreed to go one step further and turn our research into something that could be applied in practice. But there is a long way from research to commercial product. It’s not enough just to have the technology. It has to be integrated into the software that programmers use in their daily professional lives,” says Anders Møller.
In 2021, via AU’s entrepreneurial hub The Kitchen, the researchers were put in touch with Anders Søndergaard, who helped to develop the product further and to establish connections with designers and potential users. And so Coana was founded.
“As a researcher, it can sometimes be a bit frustrating when good ideas don’t make it out of the academic world. It’s very satisfying to take this research a step further,” says Anders Møller.
GAN Integrity uses Coana
The company GAN Integrity helps other businesses, including LEGO, Danone and Tesla, to protect their sensitive data. GAN Integrity uses the tool developed by Coana. Casper Guldberg, VP of Engineering at GAN Integrity, explains why:
“In the past, our developers used more traditional methods to scan for vulnerabilities, which gave rise to many false alarms. We wanted to find a more effective tool that could differentiate between real threats and false alarms, and this led us to Coana. By using Coana, our team is able to focus on the genuine threats, which significantly improves our vulnerability management process without compromising security,” says Casper Guldberg.