Lineaje is a company that provides Continuous Software Supply Chain Security Management to companies that build, buy or use software. Pulse 2.0 interviewed Lineaje co-founder and CEO Javed Hasan to learn more.
Javed Hasan’s Background
Javed Hasan has over two decades of experience in the cybersecurity industry and has held key executive roles at multiple well-known cybersecurity companies, including Symantec, McAfee, Norton, and Trellix. And Hasan said:
“I also act as an advisor to multiple startups, including Accurics (acquired by Tenable), TransientX (acquired by Deloitte) as well as upcoming startups like Titaniam, Inc. I hold a Bachelor’s of Tech from the Indian Institute of Technology, Kanpur, India and also have a MSIE from Louisiana State University, an MBA from Georgia State University, and hold six patents across cybersecurity and customer management.”
Formation Of Lineaje
How did the idea for Lineaje come together? Hasan shared:
“The importance of Supply Chain Security has been growing for the last five years-post the SolarWinds attack. However, Software Supply Chain attacks have been around for about 20 years. We realized that no existing tool has ever prevented a supply chain attack. There are specific reasons for it – and we realized no existing company will ever be able to prevent a supply chain attack- it needed a new approach to cybersecurity that did not exist. We must understand the full lineage of software we use and secure its lineage. Hence the concept of Lineaje was born to do that and the naming of the company was obvious.”
Favorite Memory
What has been your favorite memory working for Lineaje? Hasan reflected:
“It’s been a great journey and there have been numerous memories that could be my favorite. However, nothing could beat working and brainstorming with Anand Revashetti – my co-founder – and solving problems that are said to be unsolvable. The moment when we figured out how we can solve a problem and agreed on building a path forward is my favorite part of my job.”
Challenges Faced
What are some of the challenges you face in building the company and has the current macroeconomic climate had any effect on the company? Hasan acknowledged:
“The cybersecurity industry has believed that we can secure any software deployed at any company- this defies logic. A car built badly will not run well or be safe. Similarly, a badly built and insecure software will not run well or stay secure. So Lineaje’s message is: ‘Software not built secure, will not run secure.’ The main challenge with a startup is essentially the same – ‘A company not built well will not run well.’ All our focus and challenges stem from this idea but touches every aspect of the company – creating it when it’s needed in the evolution of the company.”
“The macro-economic climate is certainly a challenge. We are at a strange juncture where existing customers are pushing out decisions while our pipeline is exploding. It’s a tale of two cities. It is forcing us to be more deliberate about our investments and expansion plans. I believe it is making us a stronger company.”
Core Products
What are Lineaje’s core products and features? Hasan explained:
“Lineaje Inc. sells two products:
SBOM360 – Lineaje SBOM360 is the industry’s first SBOM Manager enabling software development organizations to create, attest, assess and publish compliant SBOMs for their entire portfolio. Software
Consumers can ingest, assess and manage all their vendors’ SBOMs and evaluate them using a single policy.
SBOM360 Hub – SBOM360 Hub is the industry’s first SBOM exchange enabling private and secure distribution of compliant SBOM attestation through the complex software distribution chain.
Lineaje solves a series of key problems for our customers.
Top 6 include:
1.) With more than 70% of all software being made of third party and open-source components, and those components being made of other components and so on (up to 20+ levels deep), organizations no longer know what is in the software they build or buy. Lineaje discovers all dependencies due to a unique crawler technology that operates left of shift-left. Current shift-left SCA tools do not have that visibility.
2.) The inherent risk of tens of thousands of components is based on their vulnerabilities, code quality, security posture, provenance, maintainability etc. Organizations have not been able to measure the inherent risk of what they source or buy. Lineaje technology assesses the inherent risk of every component in every product and rolls it up to a product’s inherent risk- highlighting the critical risks it assesses.
3.) With thousands of components and 20 level deep software supply chains that are opaque to organizations, they have no visibility if an n-level deep component is tampered (in fact they don’t even have visibility into that component). Lineaje’s deep fingerprinting detects deep tampers in the software supply chain.
4.) As Executive Order 14028 takes effect; organizations need to publish SBOMs for their federal customers that comply with the EO. Lineaje publishes compliant SBOMs for every product in the portfolio and enables them to be tied to SKUs they sell.
5.) Organizations are rightly concerned that their SBOMs and related doc-sets expose the ingredients they can potentially be used to attack them. Lineaje enables creation, as well as private and secure sharing of these doc-sets with the complex software distribution chain.
6.) Organization needs to assess the software their vendors provide. Some have 100s of vendors delivering multiple updates a year. Lineaje enables them to manage all their vendor’s SBOMs and doc-sets in one place and assess them with their policy. They can also search these SBOMs in seconds to find newly discovered vulnerabilities, IOCs, and any of the 170 attributes we track.”
Evolution Of Lineaje’s Technology
How has Lineaje’s technology evolved since launching? Hasan noted:
There are three ways our technology has evolved:
Usability – Customers using our software want to use it in specific ways. Tuning the software experience for them has been a great evolution making it easier for newer customers to adopt and deploy us more rapidly.
Applicability – Many new ideas have come from our customers and partners. In fact, a key idea we launched just before BlackHat 2023 came from one of our brilliant partners who is helping us go to market. They saw significant benefits in applying our technology in a broader context. So now, we are building a new offering with them.
Intelligence – Comprehending AI’s implication on our domain and moving rapidly to embrace it is transformative. When we started, I used to call ourselves a data and search company at its core- which it was. AI needs data and we have the deepest data set tied to the software supply chain. I am amazingly excited about what we are doing with AI. Just watch us!”
Significant Milestones
What have been some of Lineaje’s most significant milestones? Hasan cited:
“We have been around for about 15 months. I would break our milestones down to our inventions and market successes:
Inventions in these few months include:
1.) Industry’s first SBOM Manager (Infact we coined the term)
2.) Industry’s first Attestation technology for software that is independently verifiable by anyone
3.) Industry’s first SBOM Search: Search all your SBOMs in seconds for 170+ attributes we track
4.) Industry’s first Auto-compliance check for your SBOM:
We are also proud of our research driven by Lineaje AI Labs – Lineaje’s research arm. We released our first research report titled, “What’s in Your Open-Source Software?” The report was the analysis of over 40,000 open-source components embedded in the top popular projects of the Apache Software Foundation and revealed some interesting insights about the risks of open-source software. The report was significant because it showed the need for solutions like SBOM360 to continuously assess the dynamic, inherent risk and integrity of open-source software components that were built left of shift-left.
In addition, Lineaje was recently named a Gold Winner in the 2023 Cybersecurity Excellence Awards for the categories of Best Cybersecurity Startup, Software Supply Chain Security, and Software. Lineaje also won a Global InfoSec Award for Most Innovative Software Supply Chain Security Solution.”
Customer Success Stories
Upon asking Hasan about customer success stories, he replied:
“Lineaje’s largest deployment is with a top 5 software development company where Lineaje is deployed to secure their number one product from Supply Chain attacks. Lineaje was proven to be the only vendor to detect all supply chain tampers that they could be exposed to (Solarwinds type attack being the primary one).”
Funding/Revenue
After asking Hasan about funding and revenue, he pointed out:
“We are not able to discuss specifics around revenue at this time, but we have a healthy backing. In February 2023, we announced a $7 million seed funding round led by Tenable Ventures, a corporate investment program of Tenable, the exposure management company. The round also included participation from other industry-leading executives and cyber technology companies. The injection of capital came around the launch of SBOM360.”
Total Addressable Market
What total addressable market (TAM) size is Lineaje pursuing? Hasan assessed:
“Market: All companies that build, buy or use software
Key short term markets:
1.) Government compliance mandates in USA, expected follow-through in various Geos driving federal, defense, public sector and all federal contracting firms
2.) Increasing supply chain compromises and attacks impacting thousands of companies
3.) Highly regulated verticals: Finance, healthcare, Oil & Gas, critical systems, etc
4.) Software developers, contractors etc
Estimated Size: $3 billion by 2025”
Differentiation From The Competition
What differentiates Lineaje from its competition? Hasan affirmed:
“What separates us are deep technology innovations including:
1.) Discover software components and creating entire genealogy-including all transitive dependencies
2.) Establish integrity throughout the supply chain without relying on any external tooling and their assertion
3.) Evaluate inherent risk by determining examining each component of the software
4.) Remediate inherent risks strategically in order to address the most critical components based on the genealogy
5.) Open Source Crawlers that collect and up to 170 attributes, discover dependencies and rate everything they crawl on a dynamic set of categories
6.) Only attestation technology in software that can be independently validated with no access to build systems or CI/CD tools
7.) SBOM360 Hub enables private and secure sharing of SBOMs and attestations with customers and the distribution chain”
Future Company Goals
What are some of Lineaje’s future company goals? Hasan concluded:
“As we stare down the barrel of the rapidly approaching deadline for compliance with U.S. Executive Order 14028, our most pressing short-term goal is to increase awareness of the SBOM360 Hub so that organizations – both public and private – understand that there is a solution to help them get to where they need to be. Generally speaking, in the long term our goals are to help organizations of all kinds secure the software supply chain from malicious actors to protect against the reputational and financial damages of software supply chain compromises.”