November 7, 2023 at 05:16PM
Myrror Security, a company specializing in application security for organizations using open-source packages, has received $6 million in seed funding from Blumberg Capital and Entrée Capital. The funds will be used to expand product capabilities and distribution channels. Myrror Security aims to address the increasing rate of software supply chain attacks by detecting malicious packages and prioritizing known vulnerabilities with their proprietary binary-to-source code analysis capabilities and advanced AI matching techniques.
Myrror Security, a DevSecOps company based in Tel Aviv, Israel, has launched with $6 million in seed funding from Blumberg Capital and Entrée Capital. The company aims to secure organizations’ Software Development Life Cycle (SDLC) process in the face of increasing software supply chain attacks targeting open-source dependencies and CI/CD pipelines.
In recent years, there has been a sharp rise in software supply chain attacks, with a 740% increase in Open Source Software (OSS) supply chain attacks in 2022 alone. Incorporating open-source components into the SDLC has become a common vector for these attacks, which is concerning considering that OSS constitutes 70-90% of modern software. Traditional solutions focus primarily on known vulnerabilities and inundate security teams with alerts for vulnerabilities that may not even be prevalent in the final code, leading to unnecessary alerts and a false sense of urgency.
Myrror Security’s platform addresses these challenges by detecting both known and unknown threats in real-time, including malicious packages, malicious code, and CI/CD breaches, before they reach production. Using proprietary binary-to-source code analysis capabilities and advanced AI matching techniques, the company provides comprehensive mitigation plans and prioritizes known vulnerabilities. Their Code Aware SCA (Software Composition Analysis) solution reduces the noise generated by traditional SCA tools by determining whether a vulnerable function is actually used in the code.
The integration of unverified open-source components into the software development process poses a significant attack risk and generates false positives for security teams. Myrror Security aims to tackle both of these problems by offering a unique security solution that protects organizations from attacks and helps sort through alerts before code reaches production, without requiring any behavioral changes in engineering. The company’s investors trust their ability to provide a comprehensive security solution, especially as this threat vector becomes more popular among attackers.
Myrror Security’s Breach Detection solution utilizes a unique, AI-enhanced binary-to-source analysis process that compares binary artifacts with the original source code. In real-time, users receive alerts when discrepancies between the two versions are detected, preventing compromised packages from being incorporated into the software.
The use of open-source components in application development has been advantageous for developers, but it also comes with significant risks, particularly in the form of supply chain attacks. Myrror Security addresses this challenge with their pioneering binary-to-source analysis solution, which sets them apart in the market.
For more information about Myrror Security, please visit their website at https://ift.tt/W8nhicg.