San Francisco, Calif. – June 16, 2022 – RapidFort Inc., creator of the first software attack surface management platform (SASM), announced the closing of its $8.5M seed funding led by Felicis. Joining Felicis are ForgePoint Capital, Bloomberg Beta, Global Founders Capital, Plug & Play Ventures, GIT1K Club, and a group of investors from RapidFort’s earlier rounds. RapidFort launched a suite of free services for developers, DevOps, and security professionals at the 2022 RSA Conference.
Open-source software has transformed how we build software but comes at the cost of security and knowledge of how the system operates. This makes managing the software supply chain risk very complex. Workloads built upon open-source components often contain copious vulnerabilities that need remediation – an expensive process with mediocre results. RapidFort has discovered that 50%-90% of software components in modern cloud workloads are unused.
RapidFort’s breakthrough solution identifies and removes those unused components accurately and efficiently. This results in smaller workloads that are more secure, faster to load, and easier to maintain.
RapidFort offers a complete suite of tools that scan, profile, estimate, and automatically remove unused code. The solution includes industry-leading RBOMs (Real Bills of Materials), which accurately identify a workload’s execution-path components and provide deep observability into workloads. In a case study with a United States Government Agency, RapidFort reduced OSS vulnerabilities and container size by approximately 80%.
"Enterprises have access to many tools to manage their network attack surface. But software supply chain risk comes from the software attack surface, which is challenging to secure given the prevalence of open-source components. Until now, there have been no tools to understand and manage the software attack surface," notes CEO Mehran Farimani. "RapidFort empowers developers, DevOps, and security teams to collaborate efficiently based on the common language of software components instead of vulnerabilities in code that other people write. Teams can safely remove a large portion of the software before deploying it to production, helping their organizations be nimbler and more secure. Our solution addresses the intractable problem of OSS vulnerability management security teams face. It allows DevOps teams to release small, perfectly packaged workloads into production. And it frees up developers to build new features and software instead of chasing OSS vulnerabilities."
"Open source vulnerabilities present the unavoidable problem of software supply chain risk," says Aydin Senkut, Founder and Managing Partner at Felicis. "Mehran and the RapidFort team have delivered a powerful tool that strikes at the heart of the problem, removing the source of vulnerabilities and enabling developers to reduce security concerns while maintaining development velocity."
Addressing software supply chain risk has become critical for government and private organizations, especially in the wake of recent complex attacks like SolarWinds and Log4j. The White House has held several emergency meetings on the topic. An industry consortium, the Open Source Security Foundation, has been assembled to address this problem.
Founded by cybersecurity and machine learning veterans, RapidFort is the industry's first SASM (Software Attack Surface Management) platform. Its cloud-native container security solution provides complete visibility into the operation of workloads and tools to optimize and secure them. RapidFort supports all major programming languages, registries, Linux variants, orchestration platforms including Kubernetes, and managed services such as AWS Fargate. It is available in multiple SaaS and on-prem deployment configurations. RapidFort's offices are in Sunnyvale, CA. Learn more: https://www.rapidfort.com
Founded in 2006, Felicis is a venture capital firm investing in companies reinventing core markets, as well as those creating frontier technologies. Felicis focuses on early stage investments and currently manages over $2.1B in capital across 8 funds. The firm is an early backer of more than 41 companies valued at $1B+. More than 91 of its portfolio companies have been acquired or gone public, including Adyen (IPO), Credit Karma (acq by Intuit), Cruise (acq by General Motors), Fitbit (IPO), Guardant Health (IPO), Meraki (acq by Cisco), Ring (acq by Amazon), and Shopify (IPO). The firm is based in Menlo Park, CA. Learn more at www.felicis.com.