The software supply chain faces threats from all sides. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack, with 54% having experienced one within the past year. Supply chain attacks typically target services from third-party vendors or open source software that make up a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
The software supply chain faces threats from all sides. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack, with 54% having experienced one within the past year.
Supply chain attacks typically target services from third-party vendors or open source software that make up a company’s tech stack, and they can financially devastate an organization. According to a Juniper Research study, supply chain cyberattacks could cost the global economy almost $81 billion in lost revenue and damages by 2026. The White House has indicated a commitment to addressing the broader issue of software supply chain security, openly declaring it a national security problem and releasing an executive order aimed at establishing mitigatory standards.
The threat has fueled the demand for platforms that can be used to detect — and, in a perfect world, mitigate — attacks on a business’ software supply chain. One startup creating such a platform, Lineaje (a semi-phonetic spelling of “lineage”), today closed a $20 million Series A funding round.
Founded in 2021 by Javed Hasan and Anand Revashetti, Lineaje develops tools to detect software in an organization’s supply chain that’s been tampered with, as well as outdated, potentially vulnerable open source software. Once Lineaje finds a likely vulnerability, it recommends fixes — if any are available — and warns against implementing those that might break the software.
“For organizations that care about the risk their software creates for their organizations as well as their customers, focusing and managing this risk is critical,” Hasan, Lineaje’s CEO, told TechCrunch. “Lineaje was born to discover, manage and secure software irrespective of where it’s built.”
Both Hasan and Revashetti hail from the cybersecurity industry, having worked at vendors including Symantec, McAfee and Norton. They crossed paths while at McAfee, where Revashetti was a fellow and chief architect.
“Software supply chain attacks and concerns have been steadily increasing,” Hasan said. “As we looked at this space, it was clear that that supply chain was a top-three concern for CISOs and the U.S. government.”
Lineaje occupies a crowded market. Kusari, Ox Security, Chainguard, Dustico and Endor are among its rivals, and big tech companies such as Google, Amazon and Microsoft are mounting efforts to improve general open source software security.
But one way Lineaje is attempting to stand out is by embracing defense work. Hasan claims that the company has a contract with the U.S. Air Force to support its “Eagle Eyes” anti-terrorism program as well as relationships with other unnamed federal agencies.
Public sector agencies certainly deal with software supply chain challenges similar to what the private sector sees. A recent report released by the U.S. Department of Homeland Security found that one U.S. government cabinet agency spent months responding to a vulnerability in the library of Apache’s Log4j2, a Java-based logging utility, in part because its security teams had trouble identifying where the vulnerable packages resided within their software environments.
The proceeds from Lineaje’s Series A, which bring the startup’s total raised to $27 million, will bolster its efforts to acquire even more U.S. public sector clientele, Hasan continued.
“The Series A funding round will cover us until early 2027 at least,” he said, adding that last year was Lineaje’s first year of revenue. “We have about 30 employees currently, with plans to double headcount by the end of the year.”
The round was co-led by Prosperity7 Ventures, Neotribe and Hitachi with participation from Tenable Ventures, Carahsoft, Wipro Ventures, SecureOctane and AlumniVentures.
Leave a Reply