JFrog Ltd., a publicly traded maker of developer tools, has inked a $300 million deal to acquire a startup called Vdoo Connected Trust Ltd. that helps companies secure their applications’ code. 

JFrog said in its announcement of the acquisition this morning that it will finance the deal with a mix of cash and stock.

A typical enterprise application comprises many different types of files. There are container images, which are subcomponents of the workload that run inside software containers, binaries, another type of subcomponent, and configuration scripts responsible for managing the infrastructure on which the workload will run. These files are collectively known as artifacts.

JFrog makes the industry’s most popular collection of tools for managing artifacts in software development projects. When developers wish to update one of their applications’ binary subcomponents or add a new script, they can use JFrog’s tools to carry out task. It’s this process that the company is hoping to simplify through the acquisition of Vdoo.

Updating the components of a mission-critical enterprise application, such as the accounting system that contains upcoming earnings figures, is a delicate process. Developers must thoroughly scan every piece of code they add for security vulnerabilities to make sure it won’t render the application vulnerable to hackers. Vdoo has built a software platform that automatically detects such vulnerabilities, which saves time for developers and thereby makes it simpler to roll out updates to an application.

Vdoo’s technology will enable JFrog to enhance the tools it provides for rolling out artifact updates and thereby make its product portfolio more competitive. The technology will complement Xray, JFrog’s existing product for finding security issues in software files. 

“This move will amplify JFrog’s current success with our security solution, JFrog Xray, and create the expectation that ‘fearless releases’ will be the experience for both security and development teams,” said JFrog Chief Executive Officer Shlomi Ben Haim (pictured).

Vdoo’s platform scans application updates before they’re released to ensure any vulnerabilities they contain don’t reach production. The platform alerts developers to security issues in the code they write and provides pointers on how to fix them. Vdoo also detects vulnerabilities in code that a company’s developers didn’t write, such as open-source software components they incorporate into an application project from external sources. Practically every modern enterprise application is made up in part of open-source components.

Beyond features that help ensure secure updates, the Vdoo acquisition buys Frog tools for a number of other security tasks. Perhaps the most notable of those tools is Vdoo’s runtime vulnerability mitigation engine.

If a vulnerability is found in one of a company’s applications, the usual course of action for the software team is to build and release a patch as soon as possible. However, there are scenarios where releasing a patch immediately is not possible, for example because the vulnerability is so complex that implementing a fix would take weeks. The longer it takes to fix the issue, the more time hackers have to launch a cyberattack against the company.

Vdoo’s vulnerability mitigation engine can protect a vulnerable application even before the fix is ready. The engine analyzes the security issue and then, using the technical information it gleans, automatically generates a cybersecurity program that blocks breach attempts. This automatically generated program can keep hackers at bay until a company’s developers fix the underlying security flaw.

Vdoo designed its vulnerability mitigation engine with a particular focus on “internet of things” devices. Rolling out vulnerability fixes to IoT devices is often difficult because they tend to be deployed in large numbers, which means each patch has to be deployed to as many as millions of systems, and because they often run specialized software that’s difficult to maintain. Vdoo counts several major players in the IoT market as customers, including Samsung Electronics Co. Ltd. and Fujitsu Ltd.

Consequently, acquiring the startup will not only enable JFrog to boost its core features for helping developers roll out updates but also will give it a presence in a lucrative new market: IoT security. This segment is growing rapidly, judging by the large amount of venture activity it has been seeing recently. Esper Enterprises Inc., a startup with software for managing and securing Android-based connected devices, raised a $30 million funding round in May. A few months earlier, IoT breach prevention specialist Armis Ltd. closed a $125 million investment.

JFrog plans to continue offering the Vdoo platform as a standalone product. In parallel, the company intends to integrate Vdoo’s technology into its existing product portfolio, and it’s hiring the startup’s approximately 80 employees to support the effort. 

Vdoo raised $70 million in funding prior to the acquisition from investors including Dell Technologies Inc.’s venture capital arm.

Photo: SiliconANGLE