Lexumo, a Cambridge, Massachusetts cloud service that continuously checks open source code to be sure it has the latest security updates, announced a solid $4.89 million seed round today.
What has Lexumo created to warrant that kind of financial attention? It indexed all of the open source code in the world and created a cloud security service aimed at helping companies using open source code inside embedded systems or enterprise software. These groups can submit their code to the Lexumo service and it checks for any known security vulnerabilities. What’s more, it will then continuously monitor the code for updates and inform developers when one is available.
The service provides an automated to way to keep the code secure, a process that has been difficult if not impossible for companies using open source code in their software to track themselves, Brad Gaynor, CEO at Lexumo told TechCrunch.
The company recognized that developers were using open source libraries to quickly build and distribute software, but lacked the personnel to track updates (or understand how it would affect the existing code to implement those updates).
“[Open source communities] are finding security vulnerabilities and building new code into new release and the companies using the [open source] code can’t keep up.,” Gaynor said.
He stresses it’s not just about pointing out vulnerabilities and fixes because sometimes the update could include changes to the API or the interface and the developer just wants to patch the security vulnerability. Lexumo solves that by providing a custom patch for those types of cases. “Upgrading isn’t the answer all the time,” Gaynor explained.
The company’s roots go back about five years ago inside of Draper Labs, an MIT-based not-for-profit research organization. The group, which was spun last year as an independent company, began looking at cyber security and came up with a way to index all the world’s open source code to make it searchable. The team recognized this had value, but weren’t sure how to apply it at first.
“At that point, we had this ability to analyze the world’s open source software. We iterated a lot with that. We were sitting with a hammer looking for a nail,” he said.
They settled on this idea of exposing open source code security vulnerabilities as a service. At a time where we keep hearing about a tightening funding environment, almost $5 million is a healthy seed round by any measure.
“It’s indicative that this large market is underserved. Our technology and business model addresses an unmet need in embedded systems,” Gaynor said.