Apiiro LLC, a new code security startup founded by Microsoft Corp. veterans. Founded, surfaced out of stealth mode this morning with $35 million in funding courtesy of Kleiner Perkins and Greylock.
Apiiro provides a software platform that helps companies find security issues in their applications faster. Often, vulnerable code is only found after it’s been released to production, which can create an opening for hackers. Apiiro’s platform promises to improve security by enabling companies to detect vulnerable code before it’s deployed and notify developers in a timely manner.
The Code Risk Platform, as the offering is called, works by plugging into the code management tools used by a company and creating an inventory of software development assets. This process allows Apiiro’s algorithms to identify sensitive application components such as databases. When a developer changes part of an application, the Code Risk Platform analyzes the changes to determine if they might introduce a vulnerability in a sensitive component.
Apiiro can detect security issues like weak encryption and interface elements that might be vulnerable to malware injections. It can also detect violations of legal regulations, e.g. B. When an application processes customer information in a way that does not fully meet the requirements of the GDPR. All of these issues are flagged during the software development process, allowing developers to change vulnerable code early before it can become a more serious problem.
In addition to looking at the code, Apiiro’s platform also evaluates developer behavior to identify risks. The platform takes into account factors such as whether vulnerable code was written by an experienced developer or a new contributor when determining the severity of the issues.
Apiiro co-founders Idan Plotnik and Yonatan Eldar worked at Microsoft as technical executives before founding the startup. Plotnik, CEO of Apiiro, previously founded Aorato, a hybrid cloud security startup from Microsoft acquired for reportedly $200 million in 2014.
The concept of embedding security scans directly into the software development workflow has also been implemented in other forms. Snyk Inc., which raised funds at a Unicorn Rating last month a tool that can scan applications for vulnerable open source components. Another startup called BluBracket Inc. Raised $6.2 million Earlier this year for its code security offering.
Code security tools are attracting interest because they not only improve application security but also increase developer productivity by saving time. In the past, code security reviews were largely done by hand, creating additional work for software teams and delaying product releases. Integrating automation into the workflow allows companies to track their application projects in a more time-efficient manner.