About 20 years ago, I founded a company called Fortify Software that ushered in the idea that security needs to be built in. Adding security on after the fact wasn’t sufficient in the least ー security had to be done “from the inside out.” Though the mission was never finished, apiiro has come along to further the belief that if we do not build secure systems from the start, we will never have a chance.
Today, developers own the end-to-end process across applications and infrastructure development. This creates a friction between developers, security and compliance teams with the dilemma of blocking or releasing with risks.
Idan Plotnik and Yonatan Eldar felt the friction and pain of controls and risk management firsthand when they worked together at Aorato ー Idan was the founder and CEO and Yonatan the engineering manager. Aorato was acquired by Microsoft where the two worked together to move from waterfall to agile development. It was during this process that they decided to build a systemic bridge between developers, security and risk management.
What they have created with apiiro is a systematic and comprehensive approach for engineering teams to ensure that what they build is as secure as possible. The company is helping product security architects, security champions, developers and risk management practitioners accelerate delivery and time-to-market by automatically remediate product risk with every material change before it is shipped to production. They have already introduced a Code Risk Platform™, enabling organizations to accelerate application and infrastructure delivery by automatically remediating risk with every change.
We’re excited to co-lead apiiro’s Series A with Saam Motamedi and Asheem Chandna at Greylock, and partner with the team on their mission to disrupt the DevSecOps market.