You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Socket
Socket
Sign inDemoInstall

Company News

Announcing $20M Series A to Secure Open Source Software

Empowering Developers: Our Journey to a Safer Open Source Ecosystem

Announcing $20M Series A to Secure Open Source Software

Feross Aboukhadijeh

August 1, 2023


Open source has fundamentally reshaped the way developers write software. Yet, it's a twisted irony that what makes open source great – unparalleled transparency, collaboration, and speed of development – is also the source of our greatest challenges when it comes to shipping secure software. Open source software has won, but security has been an afterthought.

When we first announced Socket one year ago, we set out with a clear mission: to redefine how teams think about application security. Modern applications use tens of thousands of dependencies written by thousands of maintainers. In this interconnected web, shipping secure software isn't just about securing your own code but about securing every piece of code that you rely upon.

That's why we're excited to announce our $20M Series A led by Andreessen Horowitz (a16z) as well as a suite of new features designed to make open source safer for everyone.

Announcing our $20M Series A round#

Today marks an important milestone. We're announcing $20M of new funding led by Andreessen Horowitz. The round was led by Zane Lackey, who was an early believer in Socket and most importantly has already built a company of similar ambition. Joining him in the round are some of the sharpest independent minds in security and tech, including Abstract Ventures, Michael Ovitz, Wndrco, Arash Ferdowsi, Aaron Levie, and Jawed Karim, as well as existing investors Elad Gil, Dylan Field, Nat Friedman, Guillermo Rauch, and Julia & Kevin Hartz (full list below).

Zane Lackey, General Partner at Andreessen Horowitz & cofounder of Signal Sciences

We'll use the new capital to improve our product capabilities, grow our team, and further extend our core technology to new applications. We're focused on meeting the needs of our customers with support for more programming languages, ecosystems, and integrations.

I'm also thrilled to welcome Zane, General Partner at a16z and cofounder of Signal Sciences, to our board of directors. Zane's leadership has been instrumental in shaping the way organizations think about security in the context of fast-paced software delivery and modern infrastructure.

Martin Casado, General Partner at Andreessen Horowitz
“We invested in Socket because the best companies come from the people who are passionate about the problems they’re solving. This team knows how to build products that developers love, they understand security, and they’re tackling an urgent problem for a community they’ve been part of for more than two decades.” – Zane Lackey, General Partner at Andreessen Horowitz & cofounder of Signal Sciences
“Socket shows all the signs of becoming an iconic security company: experienced leadership, a beloved commercial product, and the technical ability to solve a real problem for their customers.” – Martin Casado, General Partner at Andreessen Horowitz

Revolutionizing Dependency Security#

When we unveiled Socket last year, we brought with us the combined experience of open source maintainers with over a billion monthly downloads. Our mission was clear and urgent: make open source safer.

We looked at the hundreds of dependency security tools on the market and were disappointed to find the tools were imprecise, noisy, and reactive. Not only did they generate thousands of low-value alerts but they were incapable at a fundamental level of detecting and stopping the fastest-growing security threat: software supply chain attacks.

Yan Zhu, Chief Information Security Officer at Brave

Trying to secure an application built on a foundation of ten thousand third-party dependencies that constantly update and change is like trying to build a stable structure on shifting sands. With today's rapid and continuous development cycles, a malicious dependency can be updated, merged, and running in production in a matter of days or even hours after publication.

Socket tackles this problem head on. We're taking an entirely new approach to one of the hardest problems in security in a stagnant part of the industry.

Socket revolutionizes dependency security by using "content-based analysis" to analyze dependency behavior and get a ground-truth understanding of open source risk. There's nothing else like it, and our customers love it.

Devdatta Akhawe, Chief Information Security Officer at Figma
“Our goal is to help the teams at Figma ship products and features as securely as possible, without impacting the pace of development. Socket is a natural fit for us because it's frictionless and doesn't get in the way of developers.” – Devdatta Akhawe, Chief Information Security Officer at Figma
“For many years, organizations have been installing open source dependencies without insight into potential vulnerabilities and issues. Socket is like an X-ray into open source dependencies, going above and beyond to detect issues that aren’t yet known vulnerabilities within the security community. It’s so easy-to-use, it’s a no-brainer.” – Yan Zhu, Chief Information Security Officer at Brave
"Socket goes beyond relying solely on CVEs or third-party sources for threat intelligence. They conduct first-hand analysis to identify unknown issues in open-source dependencies before they can impact our code. Early detection, coupled with supporting documentation, means Socket not only strengthens our security but also saves valuable time and resources that would otherwise be spent on remediation efforts." Aaron Brown, Head of Cloud Security at Vercel

This week, we’re also announcing 3 new products!#

Socket Chrome Extension – 🎉 Launched Monday, July 31!

We're launching a free browser extension to verify that the open source package you’re about to install is secure and trustworthy. It’s currently available for Chrome, Edge, Brave, and any other Chromium-based browser, as well as Firefox.

Go ecosystem support – 🎉 Launched Wednesday, August 2!

Go support is now available, in addition to JavaScript and Python. We're aggressively expanding Socket language support in the coming months.

Organization-wide Dependency Search – 🎉 Launched Thursday, August 3

This powerful search function lets you delve into your codebase – across your whole organization – to find any dependency at any time. Socket tracks every change to your dependencies in real-time and ensures you have the most recent dependency information at your fingertips. Now you have the freedom to investigate malicious or vulnerable packages in your codebase and eradicate the threat, even when there’s no official security disclosure yet.

These join our other recent product launches#

At Socket, we move incredibly fast and constantly ship improvements to our product. The new product announcements today join the list of significant features that Socket has introduced over the past few months to support developers and security teams throughout every stage of development. Here are a few highlights:

  • AI-Powered Threat Analysis with ChatGPT, to examine every open source package in real-time, identify security threats, and explain its findings.
  • Support for Python ecosystem, one of the most popular programming languages in the world.
  • safe-npm, a CLI tool that transparently wraps the npm command and protects developers from installing malware, risky dependencies, and enforces policies on allowed dependencies.
  • Socket Dependency Overview helps developers understand the risk of dependency changes with an in-depth pull request comment anytime a dependency is added, updated, or removed.

We've also shipped an organization dashboard, VSCode extension, SOC 2 compliance, and support for new package managers yarn and pnpm.

Gratitude#

Every great company is a conspiracy to change the world. Thank you to our many co-conspirators; we wouldn't be here without your support. We're so grateful to our early customers, founding employees, investors, mentors, and the open source and security communities. On behalf of everyone at Socket, it's an honor to share my eternal gratitude for you all.

Every leap we take is not just for us, but for the countless developers and organizations that trust us. Here's to safer open source software for all.

We're hiring#

Want to be part of this journey? We're recruiting for various roles – from engineering, security, operations, and sales. Explore roles at socket.dev/careers.

Get in touch#

Questions, feedback, or just want a chat? Schedule a demo with our technical experts. Or, get protected in 2 clicks by installing Socket for GitHub.

Series A Investors#

Lead investor:

  • Andreessen Horowitz (a16z)

Joined by new investors:

  • Abstract Ventures
  • Wndrco
  • Michael Ovitz, Cofounder, Creative Artists Agency
  • Arash Ferdowsi, Cofounder, Dropbox
  • Jawed Karim, Cofounder, YouTube
  • Aaron Levie, Cofounder & CEO, Box

Participation from existing investors:

  • Elad Gil, Serial entrepreneur, author
  • Dylan Field, Cofounder & CEO, Figma
  • Nat Friedman, former CEO, GitHub
  • Julia and Kevin Hartz, Cofounders, Eventbrite
  • Guillermo Rauch, founder & CEO, Vercel
  • Freddy Kerrest, Co-founder & COO, Okta
  • Unusual Ventures

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc