Hello World

Application security has reached a breaking point. 

The modern software supply chain is viral. Every component a developer imports brings with it all the functionality — and the vulnerabilities — of every other package it contains.

This is why traditional cloud security tools — like Software Composition Analysis and Cloud Security Posture Management platforms — are so noisy. They alert on every vulnerability scanned, regardless of whether it's exploitable. In fact, based on testing we have done with customers and prospects, we have found that over 90% of the alerts these traditional tools generate are just false positives. 

That’s 90% percent of the application security team’s time, energy, money, and resources … wasted.

What’s more, it also represents the time and energy developers spend chasing sham alerts. Those are resources that could be spent building software and growing businesses.

Today, we are proud to introduce Kodem. Kodem is the world’s first Dynamic Software Composition Analysis platform. Only Kodem uses application runtime to spotlight actual application risks. Kodem eliminates the noise and streamlines remediation by automatically creating application context based on what is happening during runtime, not just in static code. The Kodem platform provides full coverage — from code to cloud — and provides the storyline for remediation — what needs to be fixed, where, how, and who needs to fix it.

I’ve spent more than a decade in cybersecurity for international organizations, and over the years, I've become increasingly frustrated with the many inefficiencies of the application security process. The scale of these inefficiencies has become too big to ignore, so I’ve partnered with two of the best technologists I know — who happen to also be good friends — and together we founded Kodem.

After researching the problem of noise, false positives, and inefficient remediation, we have found that the only way to eliminate false positives and effectively prioritize remediation is to observe applications during runtime. By analyzing them as they’re operating, it’s possible to know exactly which components are in use, how data moves between them, and what part of the application is really vulnerable.

We're fortunate that many others in the industry also want to make application security simple and efficient. So, today we're also announcing that we've raised $25M in funding from Greylock Partners and TPY Capital. We'll use this funding to launch the Kodem platform globally and to expand our go-to-market team. I look forward to building a platform that changes the way the world thinks about application security and overall risk.

One last note about what we’re building together: The word “Kodem” means “first” or “early” in Hebrew. A priority. We believe in helping AppSec teams make security a priority by spotlighting the risks that truly matter. We believe in helping developers improve code quality by shifting left and catching issues early. Thanks to our employee team, customers, supporters, investors, and friends for making this vision possible.