From day one, we founded Binarly to truly solve the software supply chain security problem. That’s been the mission and purpose of our journey from the beginning. It’s become quite clear that existing solutions and approaches aren’t working, adding to the scale and severity of a global problem.
Most software composition analysis (SCA) and software supply chain solutions rely on outdated tools and open-source feeds of vulnerability data. They map file hashes and versions to known CVEs and risks similar to legacy antivirus software. The sheer volume of alerts generated by these legacy solutions creates fatigue and an unmanageable demand for today’s product and security teams. To make things worse, existing solutions can’t identify transitive dependencies like statically linked code. They provide information only related to the top component, which isn’t helpful for complete SBOM creation or validation.
Changes in software development practices and the growing popularity of AI-generated code assistants will only exacerbate existing security challenges. To address today's risks, we need to look elsewhere entirely and adopt a new approach to securing the software supply chain with a new velocity of the scale of the problem -- this is why we created Binarly with such an ambitious mission.
Binarly’s mission is to create a shift left, focusing on changing the way we detect and respond to the growing number of threats and vulnerabilities at every layer of the software supply chain.
In 2022, we raised a pre-seed financing round and released our flagship Binarly Transparency Platform. We quickly moved from markers on whiteboards to prototypes and a full-fledged enterprise product that is in deployment at some of the largest device manufacturers. We are already solving software supply chain problems for the firmware ecosystem, validating our approach by the massive number of vulnerabilities we have disclosed over the last two years.
Binarly is the only company that can detect unknown threats and vulnerabilities with deep contextualization and show an exploitability guided by code-reachability analysis with near-zero false positives without access to the source code.
Binarly’s deep code analysis approach is working and it’s the right way to solve these industry-wide problems. With this new investment, the plan is to scale our vision beyond firmware to solve the software supply chain puzzle for the entire industry. Two Bear Capital strongly supports our vision and mission by leading this financing round. Strategic participation of the Cisco Investments validates that Binarly developed unique technology and product by focusing on building the relationships to solve important industry challenges.
This round was overbooked, with huge interest from a diverse group of investors. Still, we decided to partner with Canaan Partners, Liquid 2, and Blu Venture Investors with strong support from existing investors.
What makes us different is that we didn’t look for the easiest solution to solve the software supply chain problem. We decided to find the right one that will help the entire industry recover from a massive amount of repeatable security failures. We are not trying to rebuild what already exists on the market. Instead, we gathered top program analysis, firmware, and software security experts and went back to core principles.
Together, we built and launched the industry's first binary risk intelligence platform in 2023. Combining modern static analysis techniques with the latest research, advancements in machine learning and our deep industry expertise, we’re decoding the software supply chain puzzle. This is what makes us different; we built a unique company culture that mixes the best from academia and industry with special vulnerability research spicy sauce.
What’s next? Our focus now is on solving the hardest industry problem: alert fatigue, which is growing exponentially in the supply chain security world. Security teams have reached the point where legacy methods don’t keep pace with the scale of the problem. Binarly is building a new actionable and data-driven paradigm for how security teams and software developers should detect, analyze, and fix or react to software security risks. We need to reduce the latency in reaction to the problems and the cost of fixing them.
Be cool and solve gnarly problems. 🤙
Alex