OX Security completes $34 million Seed round for end-to-end software supply chain security
OX Security completes $34 million Seed round for end-to-end software supply chain security
The Israeli startup was founded less than a year ago by Neatsun Ziv and Lior Arzi, two former Check Point executives
OX Security, which has developed an end-to-end software supply chain security platform for DevSecOps, announced on Thursday that it has completed a $34 million Seed round. The round was led by Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with participation from Rain Capital.
OX Security was founded less than a year ago by Neatsun Ziv and Lior Arzi, two former Check Point executives. Its platform is already used by over 30 leading companies to secure their software supply chains, including Kaltura and Marqeta.
The rise in software supply chain attacks, like the SolarWinds hack, prompted last year’s executive order from the White House requiring vendors to provide a software bill of materials (SBOM). This software “ingredients list” can help security teams understand if a newly disclosed vulnerability impacts them. However, industry experts caution that it isn’t comprehensive enough to prevent attacks or address the challenges of securing today’s dynamic software supply chains. To address these issues, OX Security is developing a new open standard, PBOM, in collaboration with leading companies. The Pipeline Bill of Materials (PBOM) includes within it the SBOM but goes further, covering not only the code in the final product but also the procedures and processes that impacted the software throughout its development.
OX Security’s platform covers every step of the development pipeline, from the earliest planning stages until deployment to production. It gives security and DevOps teams complete visibility and control over the attack surface, including source code, pipeline, artifacts, container images, runtime assets, and applications. OX Security identifies which security tools are in use, verifies they’re all connected and operational, and determines if additional tools are necessary. Following the scan, OX Security presents any security issues that were found, prioritized by their business impact.
“The introduction of SBOM is an important step, however, it isn’t sufficient to ensure the security and integrity of software supply chains,” said Admiral Mike Rogers, former director of the NSA. “Recent high-profile breaches — like those that affected SolarWinds, Codecov and Log4j — could not have been detected or prevented with the static list of software components contained in an SBOM. There’s a real risk of providing a false sense of protection by having a standard for compliance that does not equate to security.”
“Developers and DevOps make constant changes to the software supply chain, adding new tools, open source components and SaaS services,” said Neatsun Ziv, OX Security’s CEO and Co-Founder. “The OX Security platform gives DevSecOps teams real-time, end-to-end visibility into all aspects that impact software through the entire pipeline, so they have the necessary context and control to ensure security.”