Developer security operations startup Ox Appsec Security Ltd. exited stealth mode today armed with a hefty $34 million in seed funding.
The round was led by Evolution Equity Partners, Team8 and Microsoft Corp’s venture capital fund M12, with participation from Rain Capital.
Ox Security, as it likes to be called, is developing an entirely new software security standard known as the Pipeline Bill of Materials, in order to help enterprises better secure their software supply chains. The PBOM standard is based on the “software bill of materials” that declares the inventory of components used to build an application.
SBOM can be thought of as a kind of ingredients list for software products that’s meant to help teams understand if any newly disclosed software vulnerabilities might affect them. However, industry analysts say this standard isn’t comprehensive enough to prevent cyberattacks or address the challenges around securing software supply chains.
“The introduction of SBOM is an important step, however, it isn’t sufficient to ensure the security and integrity of software supply chains,” said Admiral Mike Rogers, former director of the U.S. National Security Agency. “Recent high-profile breaches — like those that affected SolarWinds, Codecov and Log4j — could not have been detected or prevented with the static list of software components contained in an SBOM. There’s a real risk of providing a false sense of protection by having a standard for compliance that does not equate to security.”
Ox Security’s PBOM standard includes all of the requirements of SBOM, but it’s more comprehensive, covering not only the code within an application but also each of the procedures and processes that impacted the development of a specific app. OX says that along with its partners, it has carried out extensive research on the root causes of more than 70 cyberattacks over the past year. The PBOM standard was then created to contain information that could have helped prevent each of those attacks.
Ox Security says its flagship platform provides end-to-end software supply chain security, covering every step of the development pipeline — beginning from the earliest planning stages through to deployment in production. It integrates with existing developer tools and infrastructure to monitor and record every action taken by developers that impacts an application throughout the development lifecycle, the company said.
When connected to a company’s code repository, it performs a full scan of that environment from code to cloud, automatically mapping all assets, applications and pipelines. It then identifies which security tools are being used, verifies they’re all connected and operational, then determines if any additional tools are required.
Once the scan is complete, Ox reports any issues it has found, prioritizes them and provides context, automated fixes and recommendations to fix any vulnerabilities. A PBOM can then be generated at any time for each application that’s scanned, then used to verify that it’s derived from trusted and secure software builds.
In this way, Ox says, DevOps teams have complete visibility and control over their attack surface, including not only the source code but also the development pipeline, artifacts, container images and runtime assets.
Ox co-founder and Chief Executive Neatsun Ziv (pictured right, alongside Chief Product Officer Lior Arzi) said his company’s platform keeps track of the constant changes that developers make to the software they’re building, such as adding new open-source components, tools and SaaS-based services. “The Ox platform gives DevSecOps teams real-time, end-to-end visibility into all aspects that impact software through the entire pipeline, so they have the necessary context and control to ensure security,” he said.
Although it’s exiting stealth only today, Ox claims its platform is already being used by more than 30 companies to secure their software supply chains, including the cloud streaming software firm Kaltura Inc. and payment technology provider Marqeta Inc. With today’s launch, it’s clearly hoping to add to that list.
“Ox Security is tackling a critical challenge facing companies today, and are uniquely positioned to become leaders in their space,” said Nadav Zafrir, managing partner at Team8 Group. “The ground-breaking PBOM standard enables Ox’s platform to provide unparalleled security coverage and I have no doubt that PBOM will be widely adopted across the industry.”
Image: Ox Security
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.