Seal Security wants to make open-source vulnerability remediation easy

Share via:


Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today and announcing a $7.4 million seed funding round like by Vertex Ventures Israel, with participation from Crew Capital, PayPal Alumni Fund, and Cyber Club London.

Ever since the Log4j vulnerability was discovered and the White House issued its software supply chain executive order, everybody who builds software knows about the importance of keeping the many open-source libraries they rely on up to date. But that’s often easier said than done, with large enterprises often employing entire teams that focus on nothing else but keeping their packages updated. In recent years, we’ve seen a number of security companies that specialize in alerting developers when one of their packages is vulnerable and while that’s valuable, the real work is in remediating these vulnerabilities, which in most cases simply involves installing an update.

Seal was founded by Itamar Sher (CEO), Lev Pachmanov (CTO) and Alon Navon (CPO). After their time in Unit 8200, the team members worked at various companies, including Cymmetria, Curv and PayPal. Sher tells me that the team joined forces in the summer of 2022.

“For me, it was really a matter of wanting to be a builder,” Sher said. “I spent some of the time being on the other side: being a researcher, hacking stuff, breaking stuff — which is fun in its own way. But I think one of the things that I cared about — and I really wanted to bring forward — is being more on the builder side.” As the first employee at Cymmetria, he already got a taste of that experience, but now as a founder and CEO, he is getting to see the full spectrum of the startup experience.

Image Credits: Seal Security

What makes Seal different is that it actually patches the vulnerable packages and doesn’t just update them. While working at PayPal, he realized that there was a lack of tools that could not just discover but also remediate security vulnerabilities. He also stressed that many of today’s tools bombard developers with hundreds of alerts, making it hard to prioritize which ones to focus on. In the end, these teams spend a large chunk of their time and energy on keeping packages updated (even those that may not even be used in production). “What we noticed is that for the majority of vulnerabilities that are out there, you can actually take the security patch that mitigates the risk and just apply it on the existing versions that the developers are using already,” Sher explained.

Currently, Seal Security integrates with GitHub to enable these patches in a company’s CI/CD pipeline. But what’s maybe more important is that Seal creates these patches itself. A lot of this process is automated and backed, in part, by using a large language model. These models, Sher explained, are very good at identifying the commit that introduced a given patch, for example. Indeed, without the models, a solution like Seal Security likely wouldn’t have been scalable only a couple of years ago.

“Open source components are foundational to software development, and organizations face significant challenges in managing libraries with critical vulnerabilities. These challenges have a significant impact on business outcomes,” explains Daniel Dines, the co-founder and general partner at Crew Capital (and the co-founder and co-CEO of UiPath). “Seal Security addresses this market demand with a solution that streamlines security patch management, allowing its customers to effectively eliminate vulnerabilities.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Seal Security wants to make open-source vulnerability remediation easy


Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today and announcing a $7.4 million seed funding round like by Vertex Ventures Israel, with participation from Crew Capital, PayPal Alumni Fund, and Cyber Club London.

Ever since the Log4j vulnerability was discovered and the White House issued its software supply chain executive order, everybody who builds software knows about the importance of keeping the many open-source libraries they rely on up to date. But that’s often easier said than done, with large enterprises often employing entire teams that focus on nothing else but keeping their packages updated. In recent years, we’ve seen a number of security companies that specialize in alerting developers when one of their packages is vulnerable and while that’s valuable, the real work is in remediating these vulnerabilities, which in most cases simply involves installing an update.

Seal was founded by Itamar Sher (CEO), Lev Pachmanov (CTO) and Alon Navon (CPO). After their time in Unit 8200, the team members worked at various companies, including Cymmetria, Curv and PayPal. Sher tells me that the team joined forces in the summer of 2022.

“For me, it was really a matter of wanting to be a builder,” Sher said. “I spent some of the time being on the other side: being a researcher, hacking stuff, breaking stuff — which is fun in its own way. But I think one of the things that I cared about — and I really wanted to bring forward — is being more on the builder side.” As the first employee at Cymmetria, he already got a taste of that experience, but now as a founder and CEO, he is getting to see the full spectrum of the startup experience.

Image Credits: Seal Security

What makes Seal different is that it actually patches the vulnerable packages and doesn’t just update them. While working at PayPal, he realized that there was a lack of tools that could not just discover but also remediate security vulnerabilities. He also stressed that many of today’s tools bombard developers with hundreds of alerts, making it hard to prioritize which ones to focus on. In the end, these teams spend a large chunk of their time and energy on keeping packages updated (even those that may not even be used in production). “What we noticed is that for the majority of vulnerabilities that are out there, you can actually take the security patch that mitigates the risk and just apply it on the existing versions that the developers are using already,” Sher explained.

Currently, Seal Security integrates with GitHub to enable these patches in a company’s CI/CD pipeline. But what’s maybe more important is that Seal creates these patches itself. A lot of this process is automated and backed, in part, by using a large language model. These models, Sher explained, are very good at identifying the commit that introduced a given patch, for example. Indeed, without the models, a solution like Seal Security likely wouldn’t have been scalable only a couple of years ago.

“Open source components are foundational to software development, and organizations face significant challenges in managing libraries with critical vulnerabilities. These challenges have a significant impact on business outcomes,” explains Daniel Dines, the co-founder and general partner at Crew Capital (and the co-founder and co-CEO of UiPath). “Seal Security addresses this market demand with a solution that streamlines security patch management, allowing its customers to effectively eliminate vulnerabilities.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Australian government drops misinformation bill

The Australian government has withdrawn a bill that...

Latin America fintech will be a market to watch...

Midway through 2024, Mike Packer, a partner at...

Reserve Bank of India expanding cross-border payments platform

According to the Atlantic Council, 134 countries are...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!