Socket raises USD $40m to enhance open-source security

Socket has announced the successful closure of a USD $40 million Series B funding round, aimed at bolstering its efforts in combating security threats in the software supply chain.

The funding round was led by Abstract Ventures, with participation from Elad Gil, Andreessen Horowitz (a16z), and a host of angel investors, marking another significant milestone for Socket as it advances its mission to enhance security in open-source software.

With more than 90% of modern applications being built on open source, security concerns have escalated. Socket focuses on proactively monitoring open source packages to detect and prevent malicious activities such as backdoors and typo-squatting, often before they occur.

"We've seen incredible momentum over the past year," stated Feross Aboukhadijeh, founder and CEO of Socket. "Our technology has made it possible for leading AI, B2B, and finance companies to switch from legacy SCA solutions like Snyk to Socket. We're not just catching vulnerabilities – we're detecting and blocking malicious threats in real time."

The company's platform now supports six programming languages, including the recent additions of Java and Ruby. This broad support allows for a comprehensive approach to critical use cases such as license enforcement and reachability analysis.

Jason Clinton, CISO at Anthropic, said, "Attackers are evolving their supply chain attacks and legacy tools aren't catching them. Socket's real-time threat detection helps strengthen our security posture, even from zero-day supply chain attacks."

"As generative AI drives unprecedented speed in software development, the risk of malicious or vulnerable packages slipping through is higher than ever," noted Amjad Masad, Founder and CEO at Replit. "Socket provides preventative protection, catching threats before they can compromise organizations and enabling developers to innovate without sacrificing security."

Dev Akhawe, Head of Security at Figma, encouraged exploration of the platform, suggesting, "If you haven't explored Socket yet, now's the time."

The company reported that in the past year it has developed AI-powered threat detection features for software dependencies across six programming languages, which enable it to block over 100 supply chain attacks weekly. Currently, it safeguards over 7,500 organisations and 300,000 GitHub repositories.

Ramtin Naimi from Abstract Ventures remarked, "Socket is revolutionizing how companies secure their software. As organizations face increasing software supply chain threats, Socket's preventative and developer-friendly approach is exactly what's needed. We're proud to lead their Series B and support them in their mission to make open source software safer for everyone."

With fresh capital from this funding round, Socket plans to enhance product development and expand its workforce across engineering, product, and sales, to meet growing market demands. "We're building a world-class team to tackle one of the most urgent challenges in software today," Feross Aboukhadijeh added.

Elad Gil, investor and co-founder at Color Health, stated, "Socket is taking an entirely new approach to one of the hardest problems in security in a stagnant part of the industry. It's rare to see a team ship this fast and deliver such a meaningful impact."

The latest funding brings Socket's total capital raised to USD $65 million, a substantial increase that underscores the company's commitment to its mission of enhancing security across the open-source software landscape.