Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/25/2018
02:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Snyk raises $22 million Series B led by Accel to automatically fix vulnerable open source packages

Funding to scale Snyk's developer-first offering and build runtime malicious package protection

LONDON, 25th September 2018: Snyk, a company that helps organisations use open source code securely, today announces a $22 million Series B investment led by Accel, with participation from GV and existing investors Boldstart Ventures, Heavybit and others. 

Open source software (OSS) is embraced by over 95% of enterprises, which dramatically accelerates software development but also introduces substantial risk. Developers draw vast quantities of OSS components into their apps, unaware that many carry known vulnerabilities, or are outright malicious. In fact, 77% of applications carry such known vulnerabilities, and only one in four OSS maintainers audit their code regularly. Developers need tools to manage these large volumes of third-party software.

Snyk helps organisations use open source code and stay secure. Developers use Snyk to find and block vulnerable and malicious OSS components, building on a comprehensive database maintained by Snyk’s security research team. Snyk’s solution goes further and automatically fixes the discovered issues, patching over 580,000 vulnerabilities each month, and continuously protecting over 140,000 projects.

Founded by serial entrepreneur Guy Podjarny and security experts Assaf Hefetz and Danny Grander, Snyk was built on the belief that developers will embrace security if given the right tools. With 150,000 users, over 200 paying customers including New Relic, ASOS, Auth0, and Skyscanner, and revenue growing 5x in nine months, this is proving to be the case.

With this funding, Snyk will expand from fixing vulnerable OSS components to protecting them in runtime. Today’s applications run these components blindly, implicitly trusting the thousands of authors maintaining them. While most maintainers mean well, recent news clearly demonstrates that some may be compromised, insecure, or outright malicious. Snyk’s upcoming offerings will help organisations regain control and visibility when running these open source libraries. 

“Our mission is to fix open source security, and that can only be done from within the open source community,” said Guy Podjarny, CEO and co-founder of Snyk. “This investment is a humbling validation of the impact that security-conscious developers have, and lets us expand open source security into runtime while continuing to serve these amazing users.”

Snyk will use today’s investment to further scale its business across ecosystems while keeping users happy; define and grow the new category of runtime open source security; and continue investing in the secure developer community and leading the DevSecOps movement. 

Philippe Botteri, Partner at Accel, will be joining the Board as part of the round. He said: “Some of the largest data breaches in recent years were the result of unfixed vulnerabilities in open source dependencies; as a result, we’ve seen the adoption of tools to monitor and remediate such vulnerabilities grow exponentially. We’ve also seen the ownership of application security shifting towards developers. We feel that Snyk is uniquely positioned in the market given the team’s deep security domain knowledge and developer-centric mindset, and are thrilled to join them on this mission of bringing security tools to developers.” 

About Snyk

Snyk is a developer-first security solution that empowers developers to use open source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities & license violations in open source components. Snyk integrates seamlessly into the developer workflow, tightly integrating with source control (e.g. GitHub), hooking into your CI/CD (e.g. Jenkins) pipelines and continuously monitoring PaaS and Serverless apps in production. Lastly, Snyk proactively fixes vulnerabilities using 1-click pull requests and patches.

 

About Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Atlassian, Algolia, Avito, Celonis, Cloudera, Crowdstrike, Deliveroo, DJI, Dropbox, Etsy, Facebook, Flipkart, Funding Circle, Kayak, Kry, QlikTech, Rovio, Slack, Spotify, Supercell, UIPath and WorldRemit are among the companies the firm has backed over the past 30 years. The firm seeks to understand entrepreneurs as individuals, appreciate their originality and play to their strengths. Because greatness doesn't have a stereotype. For more, visit www.accel.com,  www.facebook.com/accel orwww.twitter.com/accel

Notes to editors

 

- Two-minute Snyk product overview: https://www.youtube.com/watch?v=4ng5usM6fd8

- Snyk named Gartner Cool Vendor: https://snyk.io/blog/snyk-named-a-2018-gartner-cool-vendor-in-application-and-data-security

- Live exploits of an application through known OSS vulnerabilities (product showcase): https://www.youtube.com/watch?v=0dgmeTy7X3I

- Team pictures: https://snyk.io/about/

- Media pack (logo etc): https://snyk.io/press-kit  

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.