Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Company News
Sarah Gooding
October 30, 2024
We’re pleased to announce Socket’s inclusion in the Fortune Cyber 60, presented by Lightspeed, for the second year in a row. This recognition highlights our ongoing contributions to the cybersecurity sector and our commitment to addressing the challenges faced by enterprises worldwide.
The Cyber 60 list identifies the most significant venture-backed cybersecurity startups that have not yet undergone an IPO, acquisition, or major exit event. Socket’s placement on this list reflects our sustained growth and the effectiveness of our solutions in safeguarding open source dependencies.
Cyber 60 companies are meticulously curated through a comprehensive methodology. The selection process involves evaluating over 500 cybersecurity startups based on Annual Recurring Revenue (ARR), growth rates, and business operations. Socket was nominated by Lightspeed partners and validated through proprietary research, including consultations with a network of CISOs and analysis of the cybersecurity market landscape. This rigorous selection ensures that only the most promising and impactful companies are named to the list.
Our recognition is closely aligned with the latest insights from Lightspeed’s second annual CISO survey, conducted in collaboration with Wakefield Research. Surveying 200 CISOs at companies with over $500 million in revenue, the study revealed that cybersecurity remains the top priority for enterprise technology spending, with 68% of CISOs increasing their cybersecurity budgets this year.
Additionally, an overwhelming 87% of CISOs indicated that artificial intelligence will significantly influence their vendor choices for cybersecurity in the coming year. These trends highlight the critical need for advanced, AI-driven security solutions like those Socket provides, reinforcing the relevance and impact of our offerings in today’s dynamic threat landscape.
Half of the surveyed CISOs (50%) identified vendor consolidation as a top priority for the upcoming year. On average, CISOs are currently employing seven different cybersecurity products or solutions, highlighting the complexity and fragmentation of the current cybersecurity landscape. This complexity drives the demand for more integrated and efficient security solutions, and we’re committed to continue making Socket the definitive choice for enterprises using open source software.
For years, most products securing OSS dependencies have focused on scanning for known vulnerabilities (CVE’s), a defensive approach that hasn’t kept pace with modern software development. Socket goes beyond CVE’s to provide AI-powered threat detection for malicious dependencies, alongside best-in-class license policy enforcement and dependency optimization, for comprehensive enterprise supply chain security.
The future is open source, and Socket is dedicated to proactively securing our most vital digital infrastructure. We're honored to be included again alongside fellow Cyber 60 companies, as we push forward on our mission, empowering enterprises to confidently navigate the complexities of open source software security.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.