Montreal-based BoostSecurity exits stealth with $12m seed funding to secure the software supply chain
BoostSecurity, the developer-first, zero friction DevSecOps automation platform that builds trust into every step of the software supply chain, has emerged from stealth with $12 million in seed funding.
Led by Sorenson Capital, with additional support from Hoxton Ventures, Golden Ventures, Firebolt Ventures, Transform VC and Security Leadership Capital, the investment will be used to accelerate the platform’s go-to-market and engineering initiatives.
BoostSecurity solves the problems that have plagued organizations that are trying to ship software fast, while doing it securely. The modern technology stack is complex, as is the modern CI/CD pipeline. Security tooling is needed at various stages in the develop, build, test, and release processes. However, all these additional security measures come at the expense of friction to development, velocity slowdown, and security noise for development teams. Moreover, the tools and environments where software is being built, have become the target of cyberattacks themselves.
BoostSecurity disrupts DevSecOps by bringing the automation that hyperscale companies developed internally to all. Now, organizations can secure CI/CD pipelines, ship code fast, run all the necessary security checks on every commit, and fix issues as they are building code along the way, all without additional personnel, services or infrastructure.
Zaid Al Hamami, CEO, BoostSecurity: “Most software organizations do not have the resources to implement the same grade of automation and optimization as hyperscale companies do when it comes to shipping software fast and securely. BoostSecurity empowers organizations of any size to implement the same DevSecOps processes and technologies that the most advanced organizations have refined, ultimately closing the trust gap between DevOps and security. Our platform enables early detection and remediation of security vulnerabilities at every layer of the stack while ensuring the continuous integrity of the software supply chain at every step from the developer’s keyboard to cloud production.”
In addition to the challenge of shipping secure software, BoostSecurity’s SaaS offering helps all engineering and security teams contend with the challenging task of securing the software supply chain itself against CI/CD misconfigurations, insider threats, compromised dependencies, and more.
Mark M. Willis, CISO, Bluescape: "BoostSecurity has helped transform the Bluescape Secure Development Life Cycle, as we are targeting real, actionable, and high value security issues inside of a Pull Request. Targeting such issues has helped build trust between security and engineering as neither team has time for noise. In general, BoostSecurity has allowed us to expand our DevSecOps tooling to cover our supply chain such as our application, infrastructure, 3rd party code, APIs, and containers. By doing so, they helped us expand into the Federal space without having to go through integration hell - namely fighting the traditionally high false positive rates and automated friction that are notorious for such tools, and/or dedicating precious security time and expertise to managing tooling. This is truly “Complete Supply Chain Security-as-a-Service”.
Vidya Raman, Partner, Sorensen Venture and Lead Investor, BoostSecurity: “Even with the increased awareness and the exploding industry around developer security, we believe that we are still in the early innings of a major transformation. The world now knows how to ship high quality code, rapidly. The next challenge is continuing to do both, but much more securely. BoostSecurity’s depth of experience in the fields of open source, application, and cloud security as well as their uniquely innovative approach to solving the problem, coupled with the fact that the software supply chain has itself become a major target of attacks is what got us excited about this company. I’m thrilled to be part of the BoostSecurity journey as they set out to transform how software supply chain security is done.”