Spectral Exits Stealth With $6.2 Million to Protect Companies From Costly Coding Mistakes

The lightning-fast DevSecOps scanner ensures developers can code with confidence while protecting companies’ passwords, tokens, API keys and other sensitive data

Spectral left stealth, announcing $6.2 Million in funding for their developer-first code security scanner. The Tel Aviv-based DevSecOps startup, founded by Dotan Nahum, Lior Reuven, Uri Shamay and Idan Didi, uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The seed round was led by Amiti and MizMaa.

When a company’s code isn’t secure, their data isn’t secure. Exposing internal API keys or committing passwords and other sensitive access credentials to repositories and cloud providers, can give bad actors unauthorized access to codebase and developer assets, and from there, quickly lead to severe security breaches.

Recommended AI News: G2 recognizes RFP360 as Best Software for 2021

In fact, Spectral’s recent data shows that 35% of organizations that have a strong open-source posture had at least one public leak. In addition, close to 50% of the leaks are due to bad security hygiene originating from personal employee accounts and shadow accounts on cloud services like GitHub, Dockerhub, npm, and others.

With increasing demand to produce more, better quality software in less time, a tiny mistake by an ambitious R&D team can have a disproportionate impact on the business, costing a company millions in fines, lost revenue and reputation. IBM estimates that even small security breaches cost US companies an average of $8.2M.

Dotan Nahum, Spectral’s founder and CEO, saw these challenges while CTO at Como, HiredScore and unicorn Fintech company Klarna. As an established open-source contributor for around 20 years, he saw how the industry was shifting more responsibilities onto developers. Spectral’s customers and deep research activities also indicated that these issues were being compounded by poor developer tools.

Recommended AI News: Quantiphi Named as an IDC Innovator in Artificial Intelligence Services

“Scanning tools today take long minutes or even hours to run in a given pipeline,” said Nahum. “Developers just don’t have that kind of time, or the funds (many CI providers meter by the minute). Some developers are so overwhelmed by slow, irrelevant, and non-intuitive results that they stop using scanners altogether. There’s an obvious need for a robust yet simple, fast yet extensive product that’s developer-first and won’t slow down DevSecOps and CI/CD pipelines.”

Spectral is a lightning-fast, developer-first cybersecurity solution that finds and protects against costly security mistakes in code, configuration, and other developer assets. In a matter of seconds per average-sized repository, Spectral can detect mistakes across hundreds of tech stacks including the actual source code, providing real-time prevention as well as flagging these issues via a “single pane of glass” to allow each team to productively triage, fix and monitor these issues, charting their own progress and improvements.

Following the principle of “implement strong security measures, but act like you have none,” Spectral protects against the leakage of secrets outside of an organization as well as internally. “We observe that with so many tech stacks, SaaS vendors and integrations, mistakes in private repositories end up appearing in public repos too,” said Nahum, “It’s these things – the things you don’t know that you don’t know about – that really keep you up at night. Spectral helps reveal these blindspots through a Public Scan feature through which we have already discovered breaches in over 20 Fortune 500 companies and counting.”

“Our solution prevents security breaches on a daily basis,” said Spectral’s co-founder and COO, Idan Didi. “The pain points we’re addressing resonate strongly across every company developing software, because as they evolve from own-code to glue-code to no-code approaches they allow their developers to gain more speed, but they also add on significant amounts of risk. Spectral lets developers be more productive while keeping the company secure.”

Recommended AI News: IP Infusion Selected by EvoNet as Key Partner for Future Network Expansion