October 04, 2018
When around 95% of enterprises use open-source to create apps and websites, it becomes extremely important to channel their security components in a more sophisticated manner.
Snyk, pronounced ‘Sneak’ and is an acronym for ‘So Now You Know’, is an example of this type of startup that is working towards the elimination of the present market gap. We have seen that, if unattended, the potential breaches in open-source software can lead to high-profile attacks like Equifax. Therefore, it makes sense that for handling a significant component of a $14 billion industry, Snyk has managed to raise a capital of $22 million in its second round of funding. Some of the better-known investors of the company include Google parent company Alphabet (GV), Accel, Boldstart, Ventures, and Heavybit.
Guy Podjarny, CEO and co-founder of Snyk, has this to say about the situation “This investment is a humbling validation of the impact that security-conscious developers have, and lets us expand open source security into runtime while continuing to serve these amazing users.” In this statement, Podjarny also expressed the startup’s mission, “to fix open source security, and that can only be done from within the open source community,”
So to tap into the open source community, and work from within to make it safer, the startup first built a threat intelligence system that listens to the activities in the open source platforms conversations. The system uses machine learning to detect the mention of potential vulnerabilities and then send its findings to the human analysts. The analysts can then pick the authentic ones and submit these vulnerabilities to the ‘vulnerability DB’.
But that’s just one face of what the startup does. The other aspect of it evaluates the source-code repositories such as GitHub and BitBucket to find vulnerable components in the source codes and automatically fix these. This is where the things get more intricate. The system doesn’t simply fix the vulnerabilities with security patches, built in-house, but also proposes the right dependency version to further improve the code’s reliability.
This will highly safeguard the open-source adoption practices for the enterprises that simply curate open-source codes and modify these for personalisation, baring the resultant application to the potential threats that were uncovered in the source code.
Though it was always important to protect data breaches for the companies, because to the massive responsibility this is customer data protection, recent high-profile attacks added, with huge penalties brought in effect by GDPR, have greatly increased the significance of what the startup is providing. As Philippe Botteri, an Accel partner who joined the chairman board of Snyk, said, “Some of the largest data breaches in recent years were the result of unfixed vulnerabilities in open source dependencies; as a result, we’ve seen the adoption of tools to monitor and remediate such vulnerabilities grow exponentially.”
This way Snyk becomes the second company to benefit in the wake of high-profile cybersecurity attacks after Sophos. As Botteri puts it, “We’ve [also] seen the ownership of application security shifting towards developers. We feel that Snyk is uniquely positioned in the market given.”
Resources:
https://venturebeat.com/2018/09/25/snyk-raises-22-million-to-tackle-open-sources-security-problem/
https://www.statista.com/statistics/270805/projected-revenue-of-open-source-software-since-2008/