The software development industry is growing by leaps and bounds every day, but security still seems to be a problem that hasn’t been conquered. Many businesses have had the displeasure of dealing with hack attacks, and we read about them almost every week.
So here comes SourceClear: a security company focused on software developers that wants to redefine how they tackle security.
“Software security has always been a big and critical topic among developers, but more recently the topic has become a boardroom discussion,” said Mark Curphey, CEO and founder of SourceClear. “Most focused on downstream security implications, and yet look at Heartbleed, Shellshock, or more recently XcodeGhost and you see that these flaws have reached ‘celebrity’ status because they are pervasive and hidden from security defenses. When you combine them with the past year of data breaches, where entire sectors of retail and healthcare have been compromised, and a global corporation brought to its knees in Sony, the cause for the domino to fall needs to be examined.”
(Related: Majority of Android risks come from a lack of app updates)
Unlike previous approaches to security, the company claimed its software works inside a developer’s workflow and with a team’s tools, enabling visibility into the risks of using other people’s code in real time as the developers work. SourceClear’s data-science and machine-learning platform digs into the depths of open-source security issues at scale and at speed, uncovering issues not yet disclosed to the public.
The company just recently announced a US$10 million Series A round of funding, and while most companies use this round of funding to get their business off the ground, SourceClear will be using it to expand its mission. “Our early customers have become our evangelists and champions, and customer demands require us to quickly expand our executive, engineering and research team,” said Curphey.
SourceClear works to make sure developers’ software is secure by providing a real-time inventory of their open-source components to see where they came from, how they were created, and how they are impacting applications. The company also informs developers about potential vulnerabilities that could be exploited by hackers, and it provides them with the knowledge they need to prevent them, according to Curphey.
“SourceClear is different in that we’re not just a security company identifying and solving a problem,” he said. “We’re a company that is giving one of the least-served and most critical security stakeholders—software developers—the tools they need to eradicate the problem moving forward, and give it to them in the way they can use it most effectively while still providing the highest-quality products.”
In addition to expanding its executive, engineering and research teams, SourceClear will use the recent funding to accelerate the addition of product features such as support for Python and C/C++.