Summary List Placement

One of the hottest segments in the booming cybersecurity industry is developer security, which focuses on helping engineers build safer software and applications from the very beginning, with the goal of preventing would-be hacks from ever taking place. 
Its rise is part of cybersecurity’s mantra of “shift left,” which is industry slang for moving security earlier in the process of developing software and mobile applications. Companies are now beefing up application security in the beginning of development— by using artificial intelligence to check security code or pulling from libraries of “clean” code — rather than tacking it on at the end. 
This delights some longtime cybersecurity experts: “I have spent 35 years trying to get at the root cause of cybersecurity issues,” Ted Schlein, the longtime cybersecurity investor and general partner at Kleiner Perkins told Business Insider in a recent interview.
The good news for Schlein and other experts is that developer security is being driven by startups, from $2.6 billion Snyk to newer firms like Apiiro and StackHawk.
PitchBook pegs application security – which developer security, or DevOps, falls under – as a $4.7 billion market as of 2020, with double-digit growth next year ultimately leading to a $7 billion market by 2023. 
“DevOps security tools are gaining traction because organizational culture shifts have led developers to become central to the security buying process,” says Brendan Burke, an emerging technology analyst at PitchBook. “Leading cybersecurity VC investors have achieved a first wave of exits benefiting from this cultural shift and are doubling down on the niche.”
DevOps companies Splunk, New Relic, PagerDuty, and most recently JFrog have all gone public in recent years, and all have DevOps security-related offerings. 
Here are 23 startups that PitchBook lists in the DevOpps security space with a valuation of at least $20 million, as well as two other startups in the space curated by Business Insider (all financial and company data via PitchBook unless otherwise stated):Snyk

Location: Boston
Founded: 2015
Employees: 375
Total funding raised: $454.51 million
Valuation: $2.6 billion
Investors: Salesforce Ventures, Addition, Canaan Partners
What it does: Snyk (pronounced sneak) scans open-source computer code — which software developers increasingly rely on to quickly build applications — and finds and fixes security vulnerabilities. The company raised a $200 million Series D in September and acquired an AI company from Switzerland DeepCode.
 
Auth0

Location: Bellevue, Washington
Founded: 2013
Employees: 700
Total funding raised:$333.5 million
Valuation: $1.92 billion
Investors: Telstra Ventures, DTCP, Bessemer Venture Partners
What it does: Auth0 manages user authentication and identity verification for large companies through single-sign-on or multi-factor authentication and makes it easy for developers to add that functionality to their applications. In June, the company raised a $120 million Series F round led by Salesforce. 
 
Contrast Security

Location: Los Altos, California
Founded: 2014
Employees: 290
Total funding raised: $119.6 million
Valuation: $480 million via PitchBook, though the company said this figure (from February 2019) is “significantly lower” than its current valuation. 
Investors: Warburg Pincus, Battery Ventures, General Catalyst
What it does: Contrast provides a tool called Route Intelligence that tests each segment of computer code for vulnerabilities and maps what parts have been tested, ultimately saving developers time. 
Aqua Security

Location: Ramat Gan, Israel
Founded: 2015
Employees: 250
Total funding raised: $131.3 million
Valuation: $362.69 million
Investors: TLV Partners, Lightspeed Venture Partners, Acrew Capital
What it does: Aqua Security automates security checks and prevents vulnerabilities for applicationsbuilt with “containers,” or a method of bundling code that makes it easy for developers to run applications in multiple clouds. Aqua raised $30 million in Series D funding in May.
 
Tigera

Location: San Francisco
Founded: 2016
Employees: Unknown 
Total funding raised: $53 million
Valuation: $155 million
Investors: Wing Venture Capital, New Enterprise Associates, Insight Partners
What it does: Tigera helps deveopers and enterprises secure computer code built with Google’s Kubernetes.
StackRox

Location: Mountain View, California
Founded: 2014
Employees: 69
Total funding raised: $60.5 million
Valuation: $145 million
Investors: Sequoia Capital, Redpoint Ventures, Amplify Partners
What it does: StackRox provides developers with a range of tools to help them quickly and securely build applications using containers. In September, StackRox raised a $26.5 million Series B that it said would be used to scale and meet demand. 
Gremlin

Location: San Jose, California
Founded: 2016
Employees: 65
Total funding raised: $26 million
Valuation: $143 million
Investors: Redpoint Ventures, Amplify Partners, Index Ventures
What it does: Using experiments that test for security failures, Gremlin points vulnerabilities out to developers and shows how they need to be fixed before applications are pushed through production. 
 
Uptycs

Location: Waltham, Massachusetts
Founded: 2016
Employees: 65
Total funding raised: $43.3 million
Valuation: $130 million
Investors: Comcast Ventures, ForgePoint Capital, Sapphire Ventures
What it does: Uptycs helps developers find long-term security issues, like vulnerabilities enterprise networks or from employees’ laptops. The company raised a $30 million Series B in June. 
vArmour

Location: Los Altos, California
Founded: 2011
Employees: 115
Total funding raised: $167 million
Valuation: $130 million
Investors: SC Ventures, NightDragon Security, Redline Capital Management
What it does: vArmour helps developers see how their applications will work with other applications, scanning multi-cloud networks to see how systems interact with the ultimate goal of reducing the risk of security issues. 
Polyverse

Location: Bellevue, Washington
Founded: 2012
Employees: 40
Total funding raised: $37 million
Valuation: $96 million
Investors: Soliton Systems, SpringRock Ventures, Clear Fir Partners
What it does: Polyverse targets its product to the US military: Its software disguises details of open-source code to prevent hackers from finding security weaknesses, which lets developers use it in defense applications. In September, the company raised $16 million.
Capsule8

Location: New York
Founded: 2016
Employees: 49
Total funding raised: $29.8 million
Valuation: $80 million
Investors: Bessemer Venture Partners, Rain Capital, ClearSky
What it does: Capsule8 helps to ensure that separate applications running on the Linux operating system can work securely. It does this by testing the security of entire networks, rather than addressing application issues separately. 
 
ShiftLeft

Location: Santa Clara, California
Founded: 2016
Employees: 43
Total funding raised: $29.3 million
Valuation: $60.8 million
Investors: Thomvest Ventures, Mayfield Fund, SineWave Ventures
What it does: ShiftLeft is an application security tool designed to apply cybersecurity early on in the development process of new applications. 
 
ForAllSecure

Location: Pittsburgh
Founded: 2012
Employees: 32
Total funding raised: $14.7 million
Valuation: $59.7 million
Investors: Jim Swartz, Lane Bess, New Enterprise Associates
What it does: ForAllSecure sells a system that uses artificial intelligence to autonomously point out security flaws. In April, the company was approved for a Paycheck Protection Program Loan during the coronavirus pandemic.
 
Fossa

Location: San Francisco, CA
Founded: 2014
Employees: 74
Total funding raised: $33.9 million
Valuation: $58.5 million
Investors: Bain Capital Ventures, Canvas Ventures, Flight Ventures
What it does: FOSSA, an acronym for “free open-source software auditing,” helps developers find secure open source code to integrate into the software they are building, and counts Uber, Motorola, and Verizon among its customers.
 
Blue Cedar

Location: San Francisco 
Founded: 2016
Employees: Unknown 
Total funding raised: $27 million
Valuation: $57 million 
Investors: Grayhawk Capital, Kreos Capital, Sway Ventures
What it does: Blue Cedar offers a “no-code” platform for easily installing security features that block unauthorized access to user data. 
 
GitGuardian

Location: Paris, France
Founded: 2017
Employees: 32
Total funding raised: $14 million
Valuation: $42.64 million
Investors: Delphis, Lise Invest, Scott Chacon
What it does:GitGuardian’s software continuously scans public computer code repositories for confidential company assets accidentally uploaded that hackers could use to break into networks.
 
Cybellum

Location: Tel Aviv, Israel
Founded: 2016
Employees: Unknown 
Total funding raised: $14.5 million
Valuation: $37.32 million
Investors: RSBG Ventures, Target Global, Blumberg Capital
What it does: Cybellum makes a risk-assessment tool that helps manufacturers of connected devices identify and fix security issues during the development and production process. 
 
 
Calypso AI

Location: San Mateo, California 
Founded: 2018
Employees: 17
Total funding raised: $13 million
Valuation: $33 million
Investors: Manta Ray Ventures, Lightspeed Venture Partners, Phoenix International Investments
What it does: CalypsoAI uses machine learning programs to make government artificial intelligence systems more secure. The company recently nabbed $13 million in Series A funding in April. 
 
Aurora Labs

Location: Tel Aviv, Israel
Founded: 2016
Employees: 30
Total funding raised: $34.1 million
Valuation:$32.4 million+ via PitchBook, though exact figure is unknown
Investors: TA Ventures, MizMaa Ventures, Fraser McCombs Capital
What it does: Aurora Labs helps developers build applications to allow cars and other machinery to address security issues through automatically rolling out patches. It raised a $23 million Series B in September.
 
TerraTrue

Location: San Francisco
Founded: 2018
Employees: 12
Total funding raised: $4.5 million
Valuation: $24.5 million
Investors: Neal Katyal, Anthos Capital, Christopher Sacca
What it does: TerraTrue helps companies comply with local and federal privacy and user data laws by implementing privacy safeguards throughout software development and production. In April, the company was approved for a Paycheck Protection Program Loan.
 
BluBracket

Location: Palo Alto
Founded: 2019
Employees: 17
Total funding raised: $6.5 million
Valuation: $24 million+ PitchBook, though exact figure is unknown 
Investors: Unusual Ventures, SignalFire, Firebolt Ventures
What it does: BluBracket helps software developers track and map their use of public computer code from repositories like GitHub. 
 
Alcide

Location: San Mateo, CA
Founded: 2016
Employees: 34
Total funding raised: $12.2 million
Valuation: $20.5 million
Investors: Israel Innovation Authority, Elron Electronic Industries, Intel Capital
What it does: Alcide helps make containers more secure. 
 
Medcrypt

Location: Encinitas, California
Founded: 2016
Employees: 34
Total funding raised: $8.3 million
Valuation: $21 million, according to the company
Investors: Eniac Ventures, Section 32, Grant Park Ventures, Y Combinator
What it does: Medcrypt is a data security company focused on the medical industry. The company helps developers to build privacy features into medical equipment with a few lines of code.  
 
Bonus: StackHawk

Location: Denver
Founded: 2019
Employees: 15
Total funding raised: $14.62 million
Valuation: Unknown 
Investors: Sapphire Ventures, Todd Vernon, Costanoa Ventures
What it does: StackHawk works in tandem with developers to check for security flaws every time they write a line of code. The company raised $10 million in Series A in October.
Source: StackHawk
Bonus: Apiiro

Location: Tel Aviv, Israel 
Founded: 2019
Employees: 25
Total funding raised: $35 million 
Valuation: Unknown 
Investors: Kleiner Perkins, Amichai Shulman, Greylock Partners
What it does: Apiiro helps software developers ensure the applications and products they are building will be free from security vulnerabilities by using machine learning programs to learn how computer code will perform when connected with other code – and automatically addresses any security issues. The company launched out of stealth last month with a $35 million Series A.
 

Read More