Seal Security, a Tel Aviv-based startup founded by a group of former members of Israel's intelligence unit 8200, today emerged from stealth and launched 740, as well as Vertex Ventures Israel, with participation from Crew Capital and PayPal. Announced $1 million in seed funding round. Alumni Fund and Cyber Club London.
Since the Log4j vulnerability was discovered and the White House issued a software supply chain executive order, it's important for anyone building software to keep the many open source libraries they rely on up to date. I am aware of this. However, this is easier said than done, as large companies often employ entire teams focused solely on keeping packages up to date. In recent years, we've seen a number of security companies that specialize in alerting developers if one of their packages is vulnerable. While this is helpful, the real work is to fix these vulnerabilities, which in most cases is just a matter of installing updates.
Seal was founded by Itamar Sher (CEO), Lev Pachmanov (CTO), and Alon Navon (CPO). After their time at Unit 8200, team members worked at his various companies, including Cymmetria, Curv, and PayPal. Shah said the team has him affiliated in the summer of 2022.
“For me, it was really about wanting to be a builder,” Shah said. “I've spent time on the other side being a researcher, hacking things, breaking things, and that's fun. But one of the things I care about is… And I think one of the things I really wanted to suggest is to be more on the side of the builder.'' As one of Cymmetria's first employees, he's already had a taste of that experience, but now… As a founder and CEO, I got to see the full spectrum of startup experience.
Image credits: seal security
What sets Seal apart is that it actually patches vulnerable packages, rather than just updating them. While working at PayPal, he realized that there was a lack of tools that could not only discover but also repair security vulnerabilities. He also emphasized that many of today's tools bombard developers with hundreds of alerts, making it difficult to prioritize which ones to focus on. After all, these teams spend a lot of time and energy keeping packages (even ones that may never even be used in production) up to date. “What we realized is that for most of the vulnerabilities that are out there, all you have to do is actually get a security patch that reduces the risk and apply it to the existing version that the developer is already using. That is,” Shah explained.
Seal Security is now integrated with GitHub to enable these patches in your enterprise's CI/CD pipeline. But perhaps more importantly, Seal is writing these patches himself. Much of this process is automated and partially supported using extensive language models. These models are very good at identifying, for example, commits that introduced a particular patch, Shah explained. In fact, without the model, solutions like Seal Security probably wouldn't have scaled just a few years ago.
“Open source components are the foundation of software development, and organizations face significant challenges managing libraries with critical vulnerabilities. These challenges have a significant impact on business outcomes.” explains Daniel Dines, co-founder and general partner of Crew Capital (co-founder and co-CEO of UiPath). “sticker safety Meet this market demand with solutions that streamline safety Patch management enables customers to effectively eliminate vulnerabilities. ”