Ox Security, an Israeli cyber security startup that offers end-to-end software supply chain security platform for DevSecOps, exited stealth with $34 million in funding led by Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with participation from Rain Capital.
Founded less than a year ago by Neatsun Ziv and Lior Arzi, two former Check Point executives, Ox Security says that its platform is already used by over 30 leading companies to secure their software supply chains, including Kaltura and Bloomreach.
The rise in software supply chain attacks, explains Ox Security, like the SolarWinds hack, prompted last year’s executive order requiring vendors to provide a software bill of materials (SBOM). This software “ingredients list” can help security teams understand if a newly disclosed vulnerability impacts them. However, industry experts caution that it isn’t comprehensive enough to prevent attacks or address the challenges of securing today’s dynamic software supply chains.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at firstname.lastname@example.org.
These are possibly the scariest kind of cyber-attacks. The thought of terrorists being able to hack into major systems that control power grids, or air traffic control, is frightening. And this is no longer just something written about in thrillers by authors like Robert Ludlum.
To address these issues, OX Security is developing a new open standard, PBOM, in collaboration with cybersecurity-conscious companies. The Pipeline Bill of Materials (PBOM) includes within it the SBOM but goes further, covering not only the code in the final product but also the procedures and processes that impacted the software throughout its development. OX Security and its partners undertook extensive research on the root causes of more than 70 attacks from the past year. They specifically designed the PBOM to contain the information that would have been needed to prevent each of the recent attacks.
OX Security boats that its platform is the first product using the PBOM standard to provide end-to-end software supply chain security, allowing it to cover every step of the development pipeline, from the earliest planning stages until deployment to production. OX seamlessly integrates with existing tools and infrastructure to monitor and record every action affecting software throughout the entire development lifecycle. It gives security and DevOps teams complete visibility and control over the attack surface, including source code, pipeline, artifacts, container images, runtime assets, and applications.
“Developers and DevOps make constant changes to the software supply chain, adding new tools, open source components and SaaS services,” said Neatsun Ziv, OX’s CEO and co-founder. “The OX platform gives DevSecOps teams real-time, end-to-end visibility into all aspects that impact software through the entire pipeline, so they have the necessary context and control to ensure security.”