Snyk wins $70m injection with open source dev-first security pledge
An open source cybersecurity startup that takes aim squarely at developers as a route to market, Snyk, has just completed a $70 million investment led by Accel as well as existing investors GV and Boldstart – bringing the total investment to $102 million.
Founder and president Guy Podjarny tells Techworld that the plan is to continue to invest in community growth of the open source vulnerability database platform, while recently appointed CEO Peter McKay adds that the company has an aggressive product roadmap it hopes will carry on resonating with the developer and security communities.
Despite the paramount importance of cyber security, it can sometimes fall by the wayside when developers are under pressure to push out software quickly. By encouraging devsecops practices, the hope is that teams will consider security at the start of their development processes, rather than issuing tickets – or worse – when the application is already out in the wild.
Snyk, with its watchful doberman logo, works by scanning open source libraries, dependencies and container images for vulnerabilities. It uses a home-grown automated tooling system, Piper, to scan libraries for potential problems, which are then sent to the team of database vulnerability researchers based in Tel Aviv, Israel, who throw in the metadata and decide whether these should be included in the database. At the same time, users can also report vulnerabilities they come across, which are then surfaced to the Tel Aviv team for feeding into the database.
This appeals to organisations, says Podjarny, because Snyk can then run the appropriate due diligence and responsible disclosure process itself before the vulnerabilities are announced.
Users can access Snyk for free. But for enterprises, paid plans offer more extensive features, such as in-depth reporting, lifecycle management, and additional integrations including for Github repos, for example. Its customers include Microsoft, Salesforce, and Google, although Podjarny says the customer base runs from individuals through to SMEs and enterprises.
Podjarny, whose background is in application security and trying to attract developers towards the practice, explains that the Snyk model of creating a platform for developers above all else, has paid off. Developers find themselves trying the platform, and then it tends to spread outwards within the organisations where they work.
“The only way to scale software security is to get developers to really embrace a tool, because nothing else scales at the pace and complexity of development today,” he says. “We first won the developers’ hearts and minds, then we had to expand and broaden the product to make it more enterprise-ready, which really turned a corner a couple years ago. We’ve been on a pretty steep growth rate ever since.”
He adds that a priority has been to “focus on ease”. “You want to make it easy and elegant to get people on the platform to start to use it,” he says. “We are trying to eliminate that friction – and that includes in one aspect, the ease of use of the product, but also onboarding onto the service and using it in whatever way makes best sense to you.”
This injection of cash, says CEO McKay, has “really allowed us to do a couple of things faster than what we were planning on”.
That means additional resources to push into its product roadmap, where the team can focus on building more developer-friendly tools. Although “95 percent” of adoption is led by the users, according to the two, the company will also be expanding its go-to-market activities through various channels, so the firm can focus on both organic and inorganic growth.
Podjarny adds that the firm also recently acquired the DevSecCon conference, to “further boost the learning and collaboration in these communities” as “more and more people understand the need to change how security is handled in the devops era”.
“We need a platform for sharing learning, for sharing failures, for sharing tools, and we really want to invest in accelerating that trend,” he says.
The London-headquartered business just reached the 180 employee mark and also has offices in Boston and Ottawa.
Remarking on the firm’s London base, Podjarny says that it has been “helpful”.
“We started the company in Tel Aviv and London, and found that each ecosystem contributed greatly to our company and product,” he says. “Tel Aviv brought more security depth and an ‘anything is possible’ attitude, while London brought more user focus and product methodologies.”
He adds that the London startup ecosystem is “to NYC’s as NYC’s ecosystem is to the Valley, less mature but growing quickly … Compared to the Valley, it’s easier for Snyk to be a beacon for talent in this ecosystem and hire amazing people to our team.”