Lexumo Gets $ 4.89 Million Funding Round To Help Keep Open Source Code Safe – TechCrunch


Lexumo, a Cambridge, Massachusetts cloud service that constantly checks open source code to make sure it has the latest security updates, today announced a solid funding round of $ 4.89 million.

The round was led by Complice, .406 Ventures and Draper.

What did Lexumo create to justify this kind of financial attention? He indexed all the open source code in the world and created a cloud security service aimed at helping businesses using open source code in embedded systems or enterprise software. These groups can submit their code to the Lexumo service, which searches for known security vulnerabilities. Additionally, it will constantly monitor the code for updates and notify developers when code becomes available.

The service provides an automated way to secure code, a process that has been difficult if not impossible for companies using open source code in their software to keep up with each other, said Brad Gaynor, CEO of Lexumo at TechCrunch.

The company acknowledged that developers were using open source libraries to quickly build and distribute software, but lacked the staff to keep up with updates (or understand how that would affect existing code to implement those updates).

“[Open source communities] find security holes and build new code in a new version and companies using the [open source] the code cannot follow. ”Gaynor said.

He emphasizes that it’s not just about reporting vulnerabilities and fixes, because sometimes the update can include API or interface changes and the developer just wants to fix the security vulnerability. Lexumo addresses this issue by providing a custom fix for these types of cases. “Upgrading isn’t the solution all the time,” Gaynor explained.

The company’s roots go back about five years with Draper Labs, an MIT-based nonprofit research organization. The group, which was formed last year as an independent company, began to delve into cybersecurity and found a way to index all of the open source code in the world to make it searchable. The team recognized this to have value, but were unsure how to apply it at first.

“At that time, we had this ability to analyze the open source software of the world. We’ve iterated a lot with that. We were sitting with a hammer looking for a nail, ”he said.

They settled on this idea of ​​exposing security vulnerabilities in open source code as a service. At a time when we keep hearing about a tightening funding environment, almost $ 5 million is a good seed in every way.

“This indicates that this large market is underserved. Our technology and business model addresses an unmet need for embedded systems, ”Gaynor said.


Comments are closed.