Kodem – a dynamic software composition analysis (SCA) platform that uses runtime intelligence to determine application risk – recently announced that it launched from stealth and announced $25 million in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team.
This modern software supply chain is viral. And every software component a developer imports includes all the functionality — and the vulnerabilities — it contains. The traditional SCA and cloud security posture management (CSPM) tools are noisy. And they alert on every vulnerability scanned, regardless of whether it is exploitable.
Kodem has been redefining application security by using runtime intelligence to gain deep application understanding and determine actual application risk. And this significantly reduces the time it takes to remediate issues and brings the number of alerts down by more than 90 percent, dramatically improving efficiency, saving organizations real time and money, and making applications safer.
The company was founded by Aviv Mussinger (CEO), Pavel Furman (CTO), and Idan Bartura (Head of Engineering), cybersecurity veterans with decades of experience in cybersecurity, research, and innovation. And the founders’ deep cybersecurity expertise and unique background in operating systems allowed them to develop a solution that addresses critical vulnerabilities while eliminating false positives.
The company’s core patented technology underlying the Kodem platform enables the ability to monitor the application in a non-intrusive way and to analyze its behavior and risks in real-time. And early customer data shows just over 10 percent of software code is used in runtime and that less than 5 percent of runtime software is actually vulnerable.
Kodem is now currently used by companies across industries, including financial services, insurance, and technology.
KEY QUOTES:
“We started Kodem in response to the inefficiency of the application security process. With traditional tools, it’s difficult for developers to see whether vulnerabilities are exploitable. After years of researching the problem, we found that the key to clarifying actual risk is to observe application behavior during runtime. By analyzing a running application, we can understand its context to know exactly which components are in use, how data moves between them, and the risk that is created. We based the Kodem solution on these findings, and we look forward to helping additional security teams build safer applications more efficiently.”
— Aviv Mussinger, CEO and co-founder of Kodem
“As enterprises continue to move their workloads to the cloud, application security is growing in importance and priority for IT cybersecurity teams. Kodem has assembled an exceptional product team that is developing the next generation of application security – one that is cloud-native, deploys seamlessly, and provides the highest levels of accuracy with strong growing coverage.”
— Asheem Chandna, Partner at Greylock
“We met the Kodem team in the very first days of their journey. What became very clear — very early on — is the team’s quality, the strong bond between the partners, their deep-rooted understanding of AppSec, and the profound technical expertise they brought to this new venture. It is not surprising then that in the time passed since our investment, the founders and amazing team they’ve recruited have managed to clearly demonstrate how well they eliminate noise and make remediation easy for AppSec teams.”
— Guy Yamen, Managing Partner at TPY Capital
