HeroDevs, a leading provider of security and compliance solutions for deprecated open-source software, today announced the acquisition of Xeol, a New York City startup providing businesses with end-of-life software detection intelligence for their technology stacks. Through the acquisition, HeroDevs will augment its Never-Ending Support (NES) solutions by giving businesses, organizations, and developers reliant on open source software visibility into packages that are deprecated and past their end-of-life.
Also Read: Secure with Simplicity: Why IT Teams Need Better Backup Processes
Xeol’s platform tracks end-of-life data for more than 100,000 open source software packages. The company uses this data to identify potential cybersecurity risks within companies’ software supply chains. Xeol had previously raised $3.2 million in funding from Shield Capital, Y Combinator, and 468 Capital.
The acquisition builds on HeroDevs legacy as a security and software supply chain trailblazer in the open source community. HeroDevs’ services help developers and cybersecurity professionals make sure their end-of-life open source software stays patched and secured. This is especially valuable to businesses who must adhere to strict compliance standards that prohibit the use of unsupported software, such as FedRAMP, HIPAA, PCI DSS, and SOC 2.
“When it comes to securing your applications, the first step is knowing you have a problem and for many, that is the biggest challenge,” said Aaron Frost, HeroDevs Founder and CEO. “The Xeol team has built an extremely large, exhaustive database of open source software that has reached its end-of-life, and could therefore put organizations at risk. Our team is thrilled to continue the journey they’ve started and, in the spirit of open source, we will make this comprehensive database available to the public for free so developers, CISOs, and technology leaders can easily ensure their applications are secure and safeguarded against data breaches.”
When open source software packages reach their end-of-life and are no longer maintained by the organizations and developers building them, using that software can be a threat vector for hackers and data breaches. Most software security scanners track common vulnerabilities and exposures, but tracking threats for unsupported, deprecated open source software is more challenging, as developers overseeing those projects do not have resources to reproduce and validate the vulnerabilities. In addition, tracking end-of-life data for open source software packages has been extremely decentralized, until now.
Also Read: TrueData Introduces Low-Latency Identity API That Fits Into Any Data Workflow
By maintaining this data repository and making it publicly available for free to companies and open source users, HeroDevs aims to empower open source software supply chain tools and companies with the data to better identify potential cybersecurity threats.
“Joining HeroDevs feels like the perfect opportunity for Xeol to really make a bigger impact on the open source community,” said ShiHan Wan, Cofounder and CEO at Xeol. “The kind of insights we can provide through our database could be game-changing for open source developers and cybersecurity pros alike. The fact that HeroDevs is making that data freely available says a lot about their commitment to open source values like collaboration and transparency.”
End-of-life data can also be incorporated into software composition analysis and vulnerability detection tools. HeroDevs recently partnered with Mend.io to help companies struggling with open source end-of-life challenges make remediation immediately available through Mend’s AppSec (application security) Platform.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
