Name: SecMate
Availability: PreOrder
Author: SecMate

Question 1

What languages does SecMate support?

Accepted Answer

C and C++ today. Python, TypeScript, and Rust coming soon.

Question 2

What about false positives in SecMate?

Accepted Answer

We trace actual paths. If an attacker can't reach it, we don't flag it. If it's not exploitable, we tell you. You fix what matters, not what might matter.

Question 3

Why choose SecMate over Semgrep or Coverity?

Accepted Answer

Semgrep matches patterns. Coverity flags possibilities. SecMate traces attack paths and assesses exploitability. Different job.

Question 4

Where does my code go when using SecMate?

Accepted Answer

To LLMs for analysis. Yours or ours. No training on your code. Self-hosted option available. We never store your code.

Question 5

What does a SecMate finding look like?

Accepted Answer

The vulnerable code. The path an attacker takes to reach it. Why it's exploitable. How to fix it.

Question 6

How does SecMate compare to CodeQL?

Accepted Answer

CodeQL requires writing queries. SecMate works out of the box for embedded security with built-in exploitability analysis.

Question 7

How does SecMate compare to Snyk?

Accepted Answer

Snyk focuses on dependency scanning and general application security. SecMate specializes in embedded software - firmware, RTOS, drivers - with exploitability-first analysis.

Question 8

What types of vulnerabilities does SecMate find?

Accepted Answer

Buffer overflows, use-after-free, integer overflows, format string bugs, command injection, and other memory safety issues common in embedded C/C++ code.

From the attacker's playbook
to your pull request.

Why.

Maxime Rossi Bellom

Ramtine Tofighi Shirazi

See what we see.

From the attacker's playbookto your pull request.

Why.

Maxime Rossi Bellom

Ramtine Tofighi Shirazi

See what we see.

From the attacker's playbook
to your pull request.