Tel Aviv, Israel, September 29, 2022 — Ox Safety, the end-to-end software program provide chain safety platform for DevSecOps, exited stealth immediately with $34M in funding led by Evolution Fairness Companions, Team8, and M12, Microsoft’s enterprise fund, with participation from Rain Capital. OX was based lower than a 12 months in the past by Neatsun Ziv and Lior Arzi, two high Test Level executives. Its platform is already utilized by over 30 main firms to safe their software program provide chains, together with Kaltura and Bloomreach.
The rise in software program provide chain assaults, just like the SolarWinds hack, prompted final 12 months’s govt order requiring distributors to offer a software program invoice of supplies (SBOM). This software program “components listing” might help safety groups perceive if a newly disclosed vulnerability impacts them. Nonetheless, business specialists warning that it isn’t complete sufficient to stop assaults or tackle the challenges of securing immediately’s dynamic software program provide chains.
“The introduction of SBOM is a crucial step, nonetheless, it isn’t adequate to make sure the safety and integrity of software program provide chains,” mentioned Admiral Mike Rogers, former director of the NSA. “Current high-profile breaches — like people who affected SolarWinds, Codecov and Log4j — couldn’t have been detected or prevented with the static listing of software program parts contained in an SBOM. There’s an actual threat of offering a false sense of safety by having a regular for compliance that doesn’t equate to safety.”
To deal with these points, OX is creating a brand new open customary, PBOM, in collaboration with main cybersecurity-conscious firms. The Pipeline Invoice of Supplies (PBOM) contains inside it the SBOM however goes additional, masking not solely the code within the closing product but in addition the procedures and processes that impacted the software program all through its improvement. OX and its companions undertook in depth analysis on the basis causes of greater than 70 assaults from the previous 12 months. They particularly designed the PBOM to comprise the knowledge that might have been wanted to stop every of the latest assaults.
OX’s platform is the primary product utilizing the PBOM customary to offer end-to-end software program provide chain safety, permitting it to cowl each step of the event pipeline, from the earliest planning phases till deployment to manufacturing. OX seamlessly integrates with current instruments and infrastructure to watch and file each motion affecting software program all through the complete improvement lifecycle. It provides safety and DevOps groups full visibility and management over the assault floor, together with supply code, pipeline, artifacts, container photographs, runtime property, and purposes.
“Builders and DevOps make fixed modifications to the software program provide chain, including new instruments, open supply parts and SaaS providers,” mentioned Neatsun Ziv, OX’s CEO and co-founder. “The OX platform provides DevSecOps groups real-time, end-to-end visibility into all elements that affect software program by means of the complete pipeline, so that they have the required context and management to make sure safety.”
OX connects to a corporation’s code repository and performs a scan of the setting from code to cloud, to routinely produce a full mapping of property, apps and pipelines. OX identifies which safety instruments are in use, verifies they’re all related and operational, and determines if extra instruments are vital. Following the scan, OX presents any safety points that have been discovered, prioritized by their enterprise affect, alongside context, automated fixes and suggestions, empowering DevSecOps groups to deal with their cybersecurity backlog. A PBOM, which incorporates an SBOM, model lineage, SaaSBOM, construct hashes and extra, may be routinely generated and shared with inner stakeholders or prospects, so that they in flip can confirm that the software program they use is derived from trusted, safe builds.
“Ox Safety is tackling a essential problem going through firms immediately, and are uniquely positioned to grow to be leaders of their house,” mentioned Nadav Zafrir, Managing Companion at Team8 Group and former head of Israel’s elite intelligence Unit 8200. “We’re thrilled to affix forces with Neatsun and Lior. The bottom-breaking PBOM customary allows OX’s platform to offer unparalleled safety protection and I’ve little question that PBOM shall be extensively adopted throughout the business.”
“Provide chain assaults are on the rise, and the assault floor is rising,” mentioned Mony Hassid, Managing Companion at M12, Microsoft’s enterprise fund. “In relation to software program safety and integrity, you need to look past which parts have been used and contemplate the general safety posture all through the event course of. Ox Safety is pioneering a regular that shall be transformative for provide chain safety. We’re proud to work with OX to enhance software program safety.”
“The cybersecurity business has been taking part in catch-up to this point by pursuing a unending technique of patching manufacturing environments and chasing alerts, points and fixes,” mentioned Karthik Subramanian, Normal Companion at Evolution Fairness Companions. “OX’s groundbreaking strategy brings management again to DevSecOps groups by offering visibility and full management over a corporation’s code. The extent of innovation in OX’s platform is really exceptional and gives worth to everybody in a corporation — from builders to DevSecOps groups to executives.”
“I consider the PBOM customary will reverse the tide,” mentioned Mario Duarte, Vice-President of Safety at Snowflake. “I’m proud to participate in a mission that may have such a significant affect on the long run safety panorama, and to share our data and experience.”
“OX is really altering how software program provide chains are protected, making certain that each one code comes from safe and trusted builds,” mentioned Naor Penso, Senior Director of Product Safety at main utilized analytics firm FICO. “The OX platform prevents software program provide chain assaults whereas accelerating and streamlining improvement. The PBOM framework created by OX, expands the standard SBOM with contextual data and true end-to-end lineage that drives assurance in software program safety throughout its whole life-cycle.