Socket lands a fresh $40M to scan software for security flaws
Reading Time: 3 minutesThe software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an ‘enterprise-wide risk’ to their organizations.
Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. Security firm Synopsys found in its 2023 report that 89% of businesses’ codebases contained open source tools over four years out of date. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack. These attacks could cost the economy almost $81 billion in lost revenue and damages by 2026, estimates Juniper Research.
Socket, a startup that provides tools to detect security vulnerabilities in open source code, has raised $40 million to help address the problem.
CEO Feross Aboukhadijeh founded Socket in 2020. A prolific open-source maintainer and web security lecturer at Stanford, Aboukhadijeh says he came to believe that traditional security tools were insufficient to address the challenges of modern software development.
Socket’s solution is a scanner that looks for malicious activity, like backdoors and obfuscated code, in open source components, and alerts developers when dependencies and packages are updated or added.
Through integrations with generative AI APIs from Anthropic and OpenAI, Socket can also generate summaries of vulnerabilities (with minimal hallucinations, one hopes). In addition, the platform can optionally check to see that open source code is properly licensed — and therefore legal — for re-use.
‘Socket is designed for engineering teams and application security teams who rely heavily on open-source software,’ Aboukhadijeh said. ‘It integrates seamlessly into the developer workflow, providing real-time insights during code reviews and dependency updates without overwhelming users with false positives.’
More software companies are relying on open source than ever before. In a 2023 report published in collaboration with the Open Source Initiative and the Eclipse Foundation, 95% of respondents said that their organizations increased — or at least maintained — their open-source usage in the past year.
With the software supply chain security platform market expected to grow to as much as $3.5 billion by 2027, it’s not surprising that Socket has rivals.
Oligo, a company that focuses on runtime app security and observability, came out of stealth in February backed by $28 million. Endor emerged from stealth with $25 million last October, following Chainguard’s $50 million raise in early June.
What sets Socket apart, Aboukhadijeh argues, is its ability to catch possibly harmful code other tools miss — in particular code to exfiltrate sensitive data. Socket is detecting over 100 zero-day software supply chain attacks every week, he claims.
Socket’s impressive list of backers — and clients — would suggest that there’s some credence to those assertions.
Socket’s customers, meanwhile, include Anthropic, Harvey, Figma, Vercel, one of the four biggest banks in the U.S., and ‘the largest and most well-recognized AI company.’ (Interpret the last one as you will.)
Aboukhadijeh described the new Series B round as ‘pre-emptive,’ claiming that Socket still hasn’t spent the Series A cash that it raised last August.
The new cash brings Socket’s total raised to $65 million during what Aboukhadijeh described as a pivotal moment in open source history. AI, he pointed out, is being used to write more and more code, which is introducing the potential for security holes.
‘Now was the right time to raise these funds,’ Aboukhadijeh said. ‘New AI attack vectors have created a pressing need for Socket to bring security assurances to the code generated by these AI-powered tools. Socket’s technology addresses this critical gap in the market, and the additional funding will help scale its impact.’
Socket, which has 32 employees today, plans to grow its team to 50 people by the end of the year with a focus on the engineering, product, design, and sales sides of the Stanford-based company.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG