WhiteSource, a platform for securing and managing the open source components of software, has raised $35 million in a round of funding led by Susquehanna Growth Equity, with participation from Microsoft’s venture capital (VC) arm M12 and 83North.
Founded out of Tel Aviv, Israel, in 2011, WhiteSource is all about providing visibility into only the open source facets of your company’s own software — it monitors and tracks all the open source elements, and serves up real-time alerts on security issues. It also tells you about licensing restrictions, and whether there are any requirements you need to comply with.
Because anyone is able to contribute to open source software, companies may not always be aware of tweaks and changes that are made — this means that you might not know when a crucial update is available, while some updated components may have vulnerabilities. Continuously verifying open source software manually is a time-sapping task — WhiteSource monitors all of this to ensure company software remains secure and compliant.
Prior to now, WhiteSource, which is now headquartered in New York, had raised $11 million in funding. With another $35 million in the bank, the startup said that it plans to “double down” on targeting the enterprise market, where it already counts customers such as Microsoft, Comcast, and IBM. It also plans to open sales, marketing, and customer service hubs in London and San Francisco, in addition to other locations around the world.
“We are now at a stage where the question is not whether or not to use open source components, but how to put in place the solutions and policies to manage them well,” noted WhiteSource cofounder and CEO Rami Sass.
Notably, we’ve seen a lot of investment going into the DevOps realm of late, with the likes of JFrog raising $165 million and GitLab raising $100 million. And open source software too is a major part of that movement, which is partly why Microsoft in currently in the process of acquiring GitHub for $7.5 billion.
“Microsoft’s acquisition of GitHub for $7.5 billion showcases that companies have accepted open source as crucial to the software development process, but incidents such as the Equifax data breach underscore the necessity for all companies to protect their products from attacks that would exploit the open source components they are using,” added Sass.
Open source software plays a crucial part of many modern day applications, and monitoring this has emerged as big business. Burlington-based Black Duck, which is a proposition similar to WhiteSource, was acquired by Synopsis for more than $500 million last year. And just last month, open source governance platform Sonatype hoovered up $80 million in fresh funding, taking its total funding raised past the $150 million mark.