How monitoring libraries rather than containers is key to open-source security

The security of open-source projects leaves a lot to be desired. With 84% of codebases containing an open-source security vulnerability, organizations need to be much more proactive in identifying potential entry points in downstream software components.

It’s a challenge that runtime application security provider, Oligo Security, is setting out to solve. Today, the company left stealth with $28 million in funding. It features a team of former officers from the Israel Defense Force’s cyber units. 

Oligo Security’s platform uses an eBPF-based engine to detect application vulnerabilities during runtime and alert the user. By leveraging data within the running application, the tool offers dynamic library-level analysis and behavior monitoring to identify vulnerabilities in running packages and prioritize fixes based on application context. 

This funding round reflects the central role that securing open-source software components has to play in preventing the loss of mission-critical data.  

The open-source security movement 

With high-profile vulnerabilities Log4Shell and Log4j shaking confidence in open-source software from 2021 to 2022, it became clear that organizations couldn’t afford to overlook potential exploits in downstream software components. After all, organizations that don’t are open to having their systems breached. 

“Open-source code comprises 80% to 90% of modern software, providing an attractive attack vector for nation-states and cybercriminals,” said Nadav Czerninski, CEO and cofounder, Oligo Security. 

After Oligo’s other cofounder, Gal Elbaz, “discovered that a widely used app like Instagram could be easily compromised by using an open-source library in a way that deviates from the library’s permissions, we realized that there is a wide gap in the way the market currently addresses open-source security,” Czerninski said. 

In response, Czerninski and Elbaz understood they needed to monitor the behavior of each library rather than the entire container like other runtime solutions. 

Monitoring libraries during runtime enables Oligo to leverage application context and focus on the vulnerabilities that are most relevant, so that developers can prioritize and remediate the most damaging potential exploits first. 

The application security market 

Oligo Security’s solution falls under the broader category of the application security market, which researchers estimate will reach a value of $27.7 billion by the end of 2030. 

Other providers offering security for applications include Aqua Security, which offers a platform for scanning apps, VM images, container images and serverless functions for vulnerabilities. It then generates details on remediating discovered issues. 

In March 2021, Aqua Security announced raising $135 million in series E funding and achieved a $1 billion valuation. 

For Elbaz, Oligo’s use of contextual vulnerability prioritization differentiates it from other providers. 

“Existing solutions lack the context of the running application and therefore alert even when vulnerabilities could not even be exploited. The noise ratio is very high — about 85% of alerts are irrelevant given the context of the application,” Elbaz said.