SourceClear, a startup that provides tools developers can use to find security issues hiding in open-source software that their applications draw on, is announcing a $10 million round of funding today.
For the time being, SourceClear is focused on improving security for technology companies, and in this business, it’s common for software engineers to draw on existing open-source software — which, in turn, can draw on other open-source software. From time to time, researchers discover vulnerabilities in open-source software, leading companies to scramble to figure out if they’re affected and, if so, to patch their software. (Remember Heartbleed?) SourceClear wants to make sure developers only deploy code that’s secure — and to also minimize the impact when new vulnerabilities emerge.
“When we see vulnerabilities get published, we go and see which other libraries may have the same problem,” founder and chief executive Mark Curphey told VentureBeat in an interview. “It turns out that lots of other libraries have exactly the same issues but have not been reported.”
Other code analysis tools include Coverity and HP’s Fortify.
SourceClear currently supports Java, Ruby on Rails, and Node.js. The new money will help the startup add support for Python and Scala. C and C++ support is coming, too, said Curphey, previously a former principal group program manager inside Microsoft’s developer division.
SourceClear started in Seattle in 2013 and is now based in San Francisco, with 21 employees and 10-20 customers. To date, the startup has raised $11.5 million.
Index Ventures and Storm Ventures provided the new funding for SourceClear.