Por Dimitris Mostrous (Aikido Security).

In this talk, I will share insights from my experience in functional programmer roles in several startups, highlighting how functional programming is used in industry today and crucially, why it makes sense from a business perspective.

In the second part of the talk we will explore Opengrep, an open source Static Application Security Testing (SAST) tool written in OCaml, supported by a consortium of organisations in the application security space.

Opengrep is designed to search for patterns in source code, with a particular emphasis on vulnerability detection. Users define patterns as code fragments enhanced with matching constructs; these are converted into abstract syntax trees and matched against the AST representation of the target code.

Opengrep also supports taint tracking: identifying places where untrusted user input is passed to trusted subsystems without proper sanitisation.

We will discuss why functional programming is well-suited to this kind of work and mention some of the analyses performed under the hood, including parsing, intermediate representations, constant propagation and dataflow analysis.

Bio: Dimitris Mostrous earned his PhD in Computing at Imperial College London. He's currently the lead maintainer of the open source Opengrep SAST tool (https://opengrep.dev) and OCaml Engineer at Aikido Security (https://aikido.dev). This is his third experience working as functional programmer for startups, having previously worked with Clojure and OCaml in domains such as analytics and crypto payments.