Cigital chief executive officer Jeffery Payne likes to deliver good news to his customers first, when possible: that their systems are 100% secure. But, sometimes, he has to deliver bad news as well. That the software is totally unreliable.
“People are worried about security, but in the end the problems with software are the age-old problem, that it just doesn’t work,” he says.
Cigital, a software-consulting firm in Dulles, Va., has thrived by figuring out exactly why computer code doesn’t behave the way it’s supposed to. The firm, which markets itself as a provider of “software-quality management” services, operates as a kind of forensic-analysis squad for software developers.
“They’re one of the elite companies doing anything like this,” says Avi Rubin, an associate professor of computer science at Johns Hopkins University.
Payne and Cigital’s other founder, Jeffrey Voas, first met as graduate students in the computer science department at The College of William and Mary in the late 1980s. The duo (referred to inside the company as “the two Jeffs”) met up again in 1990, as Voas was finishing his doctoral thesis about how to make software more reliable. “He was talking about the fact that software didn’t work very well, and it started me thinking there was a business opportunity there,” Payne says.
There was—but for Cigital, it’s been a relatively small one. The 70-person company, which works on between five and 15 projects at a time, expects to pull in somewhere between $10 million and $20 million in revenue this year, Payne says.