Ox Security Secures $34M in Seed Funding to Strengthen Software Supply Chains – TechCrunch

The rise in software supply chain attacks, such as the SolarWinds hack, prompted the Biden administration’s executive order last year requiring vendors to provide a software bill of materials (SBOM). SBOMs can help security teams understand if a recently disclosed vulnerability is affecting them – in theory. But industry experts warn that they are not always comprehensive enough to prevent attacks or address the challenges of securing supply chains.

One startup, Ox Security, is moving forward with an alternative to SBOMs it calls Pipeline Bill of Materials (PBOM), which Ox says goes further by covering not only the code of end software products, but also the procedures and processes that impacted the software. His development. PBOM seems to be gaining ground. Despite being founded less than a year ago, Ox has raised $34 million in seed funding – a fact it revealed today – and has 30 clients, including FICO, Kaltura and Marqeta. .

Investors to date include Evolution Equity Partners, Team8, Rain Capital and M12, Microsoft’s venture capital fund.

“When the infamous SolarWinds attack took place, I remember the amount of stress the industry felt,” CEO Neatsun Ziv, a former Check Point executive, told TechCrunch in an email interview. . “While brainstorming ideas with my co-founder Lior Arzi, we talked about the need for an end-to-end supply chain solution – something that doesn’t just look at the code that goes into the end product, but also all of the procedures and processes that could have impacted the software throughout the development cycle. At the end of 2021, we founded Ox Security to build this solution.

In developing PBOM, Ziv claims Ox undertook “extensive” research into the root causes of more than 70 attacks in the past year. PBOM was designed to contain information that could have prevented attacks if it had been readily available at the time, he says, and to be shared with stakeholders so they could verify that the software they were using is derived from reliable and secure software. to build.

Picture credits: Beef Safety

Ox’s platform, leveraging PBOM, integrates with existing software development tools and infrastructure to record actions affecting software throughout the development lifecycle. It connects to an organization’s code repository and performs “code-to-cloud” environmental scanning, producing a map of discoverable assets, applications, and pipelines.

Ox also attempts to identify the security tools used, verify that they are operational, and determine if additional tools are needed. Then the platform highlights any security issues it finds, prioritized based on their business impact, along with automated fixes and recommendations.

“Most IT departments are understaffed, lack visibility, and struggle to prioritize security projects across engineering and DevOps. This results in shadow dev and DevOps, where software development tools and processes are beyond the control and ownership of security teams,” Ziv continued. “There is also a severe lack of automation that results in manual labor and high attrition for people in these roles. The Ox platform addresses these issues by providing continuous visibility, prioritizing risks, automating manual workflows and securing the posture of [software development] things like GitLab, Jenkins, the artifact registry, and production. »

PBOM is – at least for now – a voluntary specification. And Ox competes with vendors like Legit Security, Cycode and Apiiro, the last of which Palo Alto Networks is reportedly set to acquire for $550 million. But Ziv says OX is gaining notoriety, highlighting the startup’s customer base of just over 30 brands.

“We are fully focused on building the business and growing the number of customers we serve. So far, we are only seeing an increase in demand due to the increasing number of attacks,” said Ziv said. “If you look at previous downturns, there were very successful companies that started in all of them. So we try to be obsessed with resolving the security risk, rather than what might happen with the market. We are embarking on this journey with strong partners who want to see this vision come to life. »

Mony Hassid, Managing Partner of M12, added in an emailed statement: “Supply chain attacks are on the rise and the attack surface is getting bigger. When it comes to software security and integrity, you need to look beyond the components used and consider the overall security posture throughout the development process. Ox is pioneering a standard that will transform supply chain security. We are proud to work with OX to improve software security.

With proceeds from the fundraising, Ox plans to double its headcount to 30 employees by the end of 2023.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button