Supply chain

Socket raises $60 million for its open-source security platform

Supply chain vulnerability being exploited through a cyber attack on text code in an editor.

As detailed in Silicon Angle, cybersecurity startup Socket Inc. has announced a $60 million Series C funding round, valuing the company at $1 billion. The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's total funding to $125 million.

Package managers, tools developers use to incorporate open-source components into software, have become a significant target for cyberattacks. Hackers inject malicious code into legitimate open-source projects, compromising developer machines. Socket's platform aims to prevent these supply chain attacks by blocking malicious packages before they are downloaded. It scans open-source modules for malware, vulnerabilities, and license restrictions, reportedly blocking over 1,000 attacks weekly.

The platform allows customization of responses to risky downloads and includes a "Monitor" feature for ongoing oversight of potentially risky components. Beyond blocking, Socket helps fix existing vulnerabilities with a scanner and a "Reachability" tool that filters non-exploitable issues, reducing false positives by up to 90%. They also offer "Certified Patches" to streamline the update process and tools to reduce transitive dependencies, aiming to enhance the security of software development pipelines.

Source: Silicon Angle

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds