Our Q&A about Security at Ponicode with Baptiste Bouffaut
Are you confused between Ponicode and CircleCI? It’s not you, it’s us. Ponicode was acquired by CircleCI as of March 2022. The content and material published prior to this date remains under Ponicode’s name. When in doubt: Ponicode = CircleCI.
Hello Baptiste. You are CTO of Ponicode, previously VP Engineering at Recast.AI. Today we would like to talk about security with you in order to let our users know more about what’s happening here at Ponicode.
First of all, how does Ponicode handle personal information?
Baptiste: Ponicode does not handle a lot of personal information. We use Github, GitLab and BitBucket authentication to ease and secure our users’ access to Ponicode. The data we collect through this process is very limited. These platforms are very careful with users' data and we only receive the data they agree to share with us. Nonetheless it is kept private and safe. And as requested by GDPR, anyone can send us a request to access or delete their account.
Personal information represents the simplest part of our security challenges.
A bigger part of sensitive information that we are led to handle is the code of our users itself. Information contained in the code of our users raises Industrial Security challenges. Indeed, we see that the code of our users might contain sensitive information. I am not thinking about personal information per say but rather sensitive information such as access tokens, database connection strings or third party APIs connection strings.
There are many young developers that are not yet on top of our industry's best safety practices and might leave this kind of sensitive information in their code repo. Even though it is always recommended to remove all sensitive information from your code. The truth is that we are active defenders of clean and beautiful code and we want to raise the responsibility of each to be cautious with the sensitive information hardcoded in their code. But we also want to earn our community’s complete trust and we want to hold the responsibility of the code our users trustfully share with us. That means we have an active code safety roadmap and we are researching the best and the most innovative ways to protect sensitive data in our user’s code. The hottest solution at the moment is data anonymisation, cool companies such as GitGuardian bring great solutions to the table. With their technology you can spot any sensitive information hardcoded into a program and anonymise it. Such a solution would provide a guarantee to users that their personal responsibility is never at stake when they use Ponicode.
In any case, in line with the GDPR, anyone can reach out to us at firstname.lastname@example.org to access the pieces of code we have in our DB and ask to revoke their account and delete their data.
Are Ponicode team members reading the code that is unit tested by users?
Baptiste: Ponicode’s standards are to have a very strict control over database access. We have strict limitations of access to users’ logs and we have total control over who and when our team members access such information. Detailed connection logs of our members are stored for safety purpose. We make sure our users’ intellectual property remains safe when it transits through our hands. Our users' code is considered as private information and we don’t make our AI rely on it to improve.
Ponicode is trained on open source projects and this stream of code represents such a big amount of input data that we never rely on user’s code to improve our algorithm.
Is there a higher level of protection Ponicode can provide beyond this policy?
Baptiste: Well our product roadmap is sealed to our safety roadmap since one of our main goals at the moment is to shift Ponicode into a multi tenant structure. Our vision for Ponicode is to become a multi tenant SaaS platform.
(If you want to know more about multi tenancy, here is an IBM-made 3 minute presentation about it)
A multitenant structure enables each and everyone of our client to get their own virtual appliance of Ponicode running inside their infrastructure. Thus the code of our user never goes outside their own infrastructure.
The move toward multi tenancy for Ponicode is in line with many aspects of our product. From the security standpoint it makes total sense. With multi-tenancy we are reinforcing our guarantee that nobody can access our user’s data with an extra layer. Multi tenancy makes it possible to build a Chinese wall around the tenant even from our own team access. It means that our users can decide who has access to their tenant, when and for how long. Many of our users are now considering multi tenancy as an absolute best practice for the tools they use. Thus making very clear, as we were designing Ponicode, that it was a must have for us.
On the feature standpoint it is a great architecture to adopt. We are actively working on a user-context-specific-AI that would be able to train and improve based on user code while keeping our user code into their tenant scope. Multitenancy would enable us to have, on top of our generic AI, a user-specific AI that will provide user-specific recommendations / suggestions, and then considerably enhance the UX of Ponicode. A customised user experience delivered through a customised technology.
This customisation and this privacy does not mean that our users will become isolated from the general improvements of our AI. The AI’s global improvements made possible by our research and development are continuously fed to each tenant all along the way.
But I won’t divulge all about it today.
To get back to your question the multi-tenancy really answers our security needs, or should I rather say, our user’s needs for security.
Let’s shift away from the product and dig into your vision of security as a software engineer and as a CTO?
Baptiste: My vision of security as a developer is integrated into my vision of DevOps for the Ponicode team. I think that in order to perform a great deployment and make sure that our production is safe we need every team member to be aware of Devops and DevSecOps challenges. GitLab wrote some good things about it.
Security and deployment can not rely on one or two persons’ shoulders only. It must be the priority of every software engineer in the team. The Devops culture at Ponicode is to consider that everyone has a responsibility to ensure the success of a new feature from designing it to deploying it. Devops and DevSecOps awareness is key and it is fundamental to our success.. When I create a new feature I think from day one about its deployment and the impact it has on the security of our software. The goal is, for every team member, to be capable of keeping control of what they do. And with that DevSecOps & DevOps awareness they will be capable of taking the right decisions all along the way.
We often talk about quality code at Ponicode. We feel like we need to be irreproachable about security and deployment because we want to be irreproachable about code quality.
My conviction for DevOps and DevSecOps at Ponicode is that we must root those skills into our work culture. I want everybody to become capable of understanding the stakes of infrastructure, deployment and security throughout deployment. As a CTO I try to infuse this culture into every team member’s work ethic. That can be achieved through workshops, training, maybe further down the road by hiring a DevOps expert. If we do hire, it will not be to have one person take care of DevOps but to have someone who can provide guidance and advisory to the team. Not someone who does for everyone but someone who ensures that everybody can do, and they can do it well.
If you don’t do that, you end up with friction and projects going back and forth between teams. You get a slower production process which can be harassing for everybody in the long run.
I believe this approach to devops-and-security-as-a-culture is a real innovation in our industry when it comes to company culture and responsibility structure.
Well, thank you for all these details. If I sum up what you said today, the external side of security at Ponicode is personal and sensitive information from your users. You already address this and you are going to shift towards a multi tenant structure in order to provide the optimal safety environment for users to explore Ponicode. Your personal approach to security in development is to root a seamless DevOps and DevSecOps culture in your team so that Ponicode technology is always made of beautiful and safe code. Anything more you want to share with our community?
I assumed you wanted to talk about tech security. But as a CTO I want to add that I also look out for the safety of my team. Especially now with the COVID-19 pandemic, we have the team working remotely most days and we are following closely the french government recommendations on health in the working environment. Actually we have been wearing masks full time since July here at our Station F office and we are making sure everybody is comfortable and safe with this new work environment.
Thank you Baptiste.
You want to share your opinion with us? You would like for Baptiste to detail his ideas about security at Ponicode? Please reach out to us on Twitter, Facebook or our Slack community and we will be pleased to share them with him.
Of course, you should also check out our magical unit test extension here