Today, software supply chain security provider Scribe Security raised $7 million to enable users to develop, distribute, and maintain code, while also testing code authenticity and integrity.
The solution aims to provide transparency over the entire software development lifestyle in order to combat software supply chain attacks, which grew by more than 300% in 2021, as cybercriminals exploit open source vulnerabilities and code integrity issues to distribute malware or backdoor entry points to enterprise technology.
Scribe Security provides organizations and decision-makers with a solution for analyzing code used throughout the environment that they can use to identify vulnerabilities in the environment and better understand their software’s security posture.
Getting to grips with software supply chain attacks
Many of these attacks are carried out through the use of dependency manipulation, exploiting components of the software organizations rely on every day. “Just because a piece of software comes from a familiar company doesn’t mean it’s fully secured,” said Scribe cofounder and CEO Rubi Arbel in an interview.
“Today’s software, including ones that are internally built, are often a black box in terms of security assurance of its components, artifacts, and the development process,” he said.
“Scribe automatically creates an ‘evidence trail’ for all the software it protects. This is achieved by collecting consistent, immutable evidence throughout the software development lifecycle to assure that the software is authentic, integrity is untampered, and the producer took due steps to assure its security,” Arbel said.
This is becoming more important as organizations rely on a growing number of software solutions with externally developed code whose security offers little to no transparency for enterprises.
Racing to become the go-to software supply chain solution
As publicity over supply chain attacks has increased amid high-profile incidents like the SolarWinds breach, there’s been an increased interest in software supply chain solutions.
One of Scribe’s main competitors, Aqua Security, a cloud-native security solution provider that offers full lifecycle security protection for containers, raised $135 million in series E funding in March 2021 and achieved a valuation of over $1 billion.
Similarly, software supply chain security solution Cycode recently raised $56 million in series B funding, bringing the total investment in the company to $81 million.
However, as more enterprises and investors pay more attention to the threat of supply chain attacks, Scribe Security is aiming to differentiate itself from competitors by “continuously and consistently providing the software product’s security assurance level and trustworthiness,” Arbel said.
The seed funding round for Scribe Security was led by Elron Ventures and Tal Ventures.