SAN FRANCISCO, Oct. 15, 2020 /PRNewswire/ — FOSSA, the open source management company, today announced that it has closed a $23.2 million Series B funding round from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures, bringing its total amount of funding to $35 million. The company also announced the launch of FOSSA Security Management and continued expansion into EMEA, further validating its leadership position in the software composition analysis (SCA) market.
“Since our last round of funding, we’ve been heads-down driving product innovation and enterprise customer adoption,” stated Kevin Wang, CEO and founder of FOSSA. “And our hard work is paying off. Since we first launched our commercial product two years ago, FOSSA has grown to become the most comprehensive policy engine for open source management. We’ve seen revenue accelerate significantly in the past year, enabling new investments to become a world-class software composition analysis solution with an expanded global presence. I look forward to working with our amazing VC partners and customers through our next phase of growth.”
A Complete Policy Engine for Open Source Security and Compliance
With the explosive growth of open source adoption, estimated by Gartner to account for 90% of total code in 90% of software in development and production, companies must take open source risk assessment and mitigation seriously.1 As open source contributions and usage grow, the attack surface for vulnerabilities has increased considerably, leading to higher security risk.
And software development pipelines have historically lacked a complete vulnerability and license scanning solution built atop clear standards across teams and timelines. Despite legacy code SCA tooling, a recent Forrester survey revealed that 35% of global security decision makers who experienced an external breach said that it occurred due to software vulnerabilities.2
With recent studies showing a steady increase in the number of vulnerabilities in open source libraries and the lack of a comprehensive policy engine and scanning tools, organizations are working overtime to secure their software supply chain and prevent vulnerabilities or incorrectly licensed software from entering their applications while also maintaining developer velocity.
FOSSA Security Management empowers enterprises to identify, control and remediate open source vulnerabilities without slowing down software delivery. With FOSSA, organizations can actively monitor their open source software for vulnerability and license risks and enforce the appropriate risk policies across their teams at scale for continuous risk mitigation.
With the addition of Security Management, FOSSA delivers a complete open source risk mitigation platform and an evolution of software composition analysis, where enterprise teams can assess, manage and mitigate open source vulnerability and license risk. To read more on FOSSA Security Management, please see our blog.
In total, FOSSA has powered more than 90 million open source software scans. As the only developer-native open source management platform, FOSSA is trusted with license compliance and, now, security management at some of the world’s largest automotive, telecom, high-tech, manufacturing, and financial services companies. FOSSA also has more than 80 enterprise contracts plus partnerships with major global SIs and key CI/CD software providers.
“We’re excited to see the continued growth with FOSSA,” stated William Lehmann, Partner at Bain Capital Ventures. “When we first met Kevin and his team, we were immediately impressed and quickly realized the company was solving a growing problem. With open source software penetrating every enterprise and the increase in malicious activity, it’s more important than ever to ensure security and compliance throughout the full software development lifecycle. As we move into 2021, we look forward to continued product innovation and global customer adoption.”
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for security management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows. FOSSA enables organizations like Uber, Zendesk, Twitter, Verizon, Fitbit, and UiPath to manage their open source at scale and drive continuous innovation. Learn more at https://fossa.com.
1 Source: Gartner Software Composition Analysis Report, 2019
2 Source: Forrester Analytics Global Business Technographics® Security Survey, 2018