{"id":642202,"date":"2024-10-22T15:10:34","date_gmt":"2024-10-22T12:10:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/socket-lands-a-fresh-40m-to-scan-software-for-security-flaws\/"},"modified":"2024-10-22T15:10:34","modified_gmt":"2024-10-22T12:10:34","slug":"socket-lands-a-fresh-40m-to-scan-software-for-security-flaws","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/socket-lands-a-fresh-40m-to-scan-software-for-security-flaws\/","title":{"rendered":"#Socket lands a fresh $40M to scan software for security flaws"},"content":{"rendered":"
\n

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent\u00a0survey<\/a>, 88% of companies believe poor software supply chain security presents an \u201centerprise-wide risk\u201d to their organizations.<\/p>\n

Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. Security firm Synopsys\u00a0found<\/a> in its 2023 report that 89% of businesses\u2019 codebases contained open source tools over four years out of date. A 2024\u00a0report<\/a>\u00a0by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack. These attacks could cost the economy almost $81 billion in lost revenue and damages by 2026, estimates<\/a> Juniper Research.<\/p>\n

Socket<\/a>, a startup that provides tools to detect security vulnerabilities in open source code, has raised $40 million to help address the problem.<\/p>\n

CEO Feross Aboukhadijeh founded Socket in 2020. A prolific open-source maintainer and web security lecturer at Stanford, Aboukhadijeh says he came to believe that traditional security tools were insufficient to address the challenges of modern software development.<\/p>\n

\u201cThe extensive network of dependencies \u2014 numbering in the thousands \u2014 pose significant security risks that traditional tools fail to mitigate,\u201d Aboukhadijeh told TechCrunch. Dependencies are pieces of software or libraries that an app<\/a> relies on to function. \u201cEven with rigorous internal code reviews, external dependencies introduce the risk of software supply chain attacks that are hard to detect and manage,\u201d Aboukhadijeh continued. <\/p>\n

Socket\u2019s solution is a scanner that looks for malicious activity, like backdoors and obfuscated code, in open source components, and alerts developers when dependencies and packages are updated or added.<\/p>\n

Through integrations with generative AI APIs from Anthropic and OpenAI, Socket can also generate summaries of vulnerabilities (with minimal hallucinations, one hopes). In addition, the platform can optionally check to see that open source code is properly licensed \u2014 and therefore legal \u2014 for re-use.<\/p>\n

\u201cSocket is designed for engineering teams and application security teams who rely heavily on open-source software,\u201d Aboukhadijeh said. \u201cIt integrates seamlessly into the developer workflow, providing real-time insights during code reviews and dependency updates without overwhelming users with false positives.\u201d<\/p>\n

More software companies are relying on open source than ever before. In a 2023 report<\/a> published in collaboration with the Open Source Initiative and the Eclipse Foundation, 95% of respondents said that their organizations increased \u2014 or at least maintained \u2014 their open-source usage in the past year.<\/p>\n

With the software supply chain security platform market expected to grow<\/a> to as much as $3.5 billion by 2027, it\u2019s not surprising that Socket has rivals. <\/p>\n

Oligo, a company that focuses on runtime app security and observability, came out of stealth in February backed by $28 million.\u00a0Endor\u00a0emerged from stealth with $25 million last October, following Chainguard\u2019s $50 million raise in early June.\u00a0<\/p>\n

What sets Socket apart, Aboukhadijeh argues, is its ability to catch possibly harmful code other tools miss \u2014 in particular code to exfiltrate sensitive data. Socket is detecting over 100 zero-day software supply chain attacks every week, he claims.<\/p>\n

\"Socket\"
Using Socket to identify an app\u2019s dependencies. <\/span>Image Credits:<\/strong>Socket<\/span><\/figcaption><\/figure>\n

Socket\u2019s impressive list of backers \u2014 and clients \u2014 would suggest that there\u2019s some credence to those assertions. <\/p>\n

Entrepreneur Elad Gil and Andreessen Horowitz participated in Socket\u2019s Series<\/a> B, along with Yahoo co-founder Jerry Yang (disclosure: Yahoo is TechCrunch\u2019s corporate parent), OpenAI chairman Bret Taylor, Twilio co-founder Jef Lawson, and Shopify co-founder and CEO Tobias L\u00fctke. <\/p>\n

Socket\u2019s customers, meanwhile, include Anthropic, Harvey, Figma, Vercel, one of the four biggest banks in the U.S., and \u201cthe largest and most well-recognized AI company.\u201d (Interpret the last one as you will.)<\/p>\n

Aboukhadijeh described the new Series B round as \u201cpre-emptive,\u201d claiming that Socket still hasn\u2019t spent the Series A cash that it raised last August.<\/p>\n

\u201cWe are on track to grow revenue by 400% in 2024,\u201d Aboukhadijeh told TechCrunch. \u201cSocket currently has over 100 customers and protects more than 7,500 organizations, defending 300,000 code repositories and supporting over 1 million developers worldwide.\u201d<\/p>\n

The new cash brings Socket\u2019s total raised to $65 million during what Aboukhadijeh described as a pivotal moment in open source history. AI, he pointed out, is being used to write more and more code, which is introducing<\/a> the potential for security holes<\/a>. <\/p>\n

\u201cNow was the right time to raise these funds,\u201d Aboukhadijeh said. \u201cNew AI attack vectors have created a pressing need for Socket to bring security assurances to the code generated by these AI-powered tools. Socket\u2019s technology<\/a> addresses this critical gap in the market, and the additional funding will help scale its impact.\u201d<\/p>\n

Socket, which has 32 employees today, plans to grow its team to 50 people by the end of the year with a focus on the engineering, product, design, and sales sides of the Stanford-based company. <\/p>\n<\/div>\n

If you liked the article, do not forget to share it with your friends. Follow us on\u00a0Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n

\n

If you want to read more like this article, you can visit our Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n

Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent\u00a0survey, 88% of companies believe poor software supply chain security presents an \u201centerprise-wide risk\u201d to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained….<\/p>\n","protected":false},"author":1,"featured_media":642203,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/05\/cyberark-Hero-ad-1.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[77337,75885,75719,83071,75568,76253,70375,75083,61594,74839,147146,72287,127800,99936,70917],"class_list":["post-642202","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ai","tag-enterprise","tag-funding","tag-open-source","tag-supply-chain","tag-code","tag-cybersecurity","tag-developer","tag-exclusive","tag-fundraising","tag-generative-ai","tag-security","tag-socket","tag-startup","tag-startups"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/642202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=642202"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/642202\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/642203"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=642202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=642202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=642202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}