Apiiro LLC, a new code security startup founded by Microsoft Corp. veterans, emerged from stealth mode morning this morning with $35 million in funding courtesy of Kleiner Perkins and Greylock.

Apiiro offers a software platform that companies can use to find security issues in their applications faster. Often, vulnerable code is only found after it’s released to production, which can create an opening for hackers. Apiiro’s platform promises to improve security by enabling enterprises to catch vulnerable code before it’s deployed and notify developers in time.

The Code Risk Platform, as the offering is called, works by plugging into the code management tools used by a company and creating an inventory of software development assets. This process allows the Apiiro’s algorithms to identify sensitive application components such as databases. When a developer changes part of an application, the Code Risk Platform analyze the modifications to determine if they may introduce a weakness into a sensitive component.

Apiiro can detect security issues such as weak encryption and interface elements that may be vulnerable to malware injection. It can also detect regulatory  compliance violations, like if an application processes customer information in a way that doesn’t fully meet the requirements set forth by GDPR. All these issues are flagged during the software development process, which allows developers to change vulnerable code early before it can become a more serious problem.

Besides looking at the code, Apiiro’s platform also evaluates developer behavior as part of how it identifies risks. The platform takes into account factors such as whether a piece of vulnerable code was written by a senior developer or a new hire when it determines the severity of problems.

Apiiro co-founders Idan Plotnik and Yonatan Eldar worked at Microsoft as engineering executives before launching the startup. Plotnik, Apiiro’s chief executive, had earlier founded Aorato, a hybrid cloud security startup that Microsoft acquired for a reported $200 million in 2014. 

The concept of embedding security scanning directly into the software development workflow has also been implemented in other forms. Snyk Inc., which raised funding at a unicorn valuation last month, provides a tool that can scan applications for vulnerable open-source components. Another startup called BluBracket Inc. picked up $6.2 million earlier this year for its code safety offering.

Code security tools are drawing interest because they not only improve application security but also boost developer productivity by freeing up time. Historically, code security reviews were conducted largely by hand, which created extra work for software teams and delayed product releases. Injecting automation into the workflow allows companies to pursue their application projects in a more time-efficient manner. 

Photo: Unsplash