Application security management platform provider Tromzo Inc. today launched out of stealth mode to announce that it has raised $3.1 million in new funding to further its mission to eliminate friction between developers and security.

Innovation Endeavors led the seed round. Also participating in the round were more than 25 leading chief information security officers, including Caleb Sima from Robinhood Markets Inc., Adam Glick from SimpliSafe Inc. and Steve Pugh of Interceontental Exchange Inc., who participated through Silicon Valley CISO Investments.

Founded in 2021, Tromzo offers a developer-first application security management platform that uses context to make AppSec data actionable. The platform is enriched with security signals with context from DevOps and cloud platforms to sort through the noise and empower developers to fix what matters.

Inspiration for the platform came from the two founders’ personal experiences. While head of security at Medallia Inc., co-founder Harshil Parikh says he struggled with application security scaling challenges and eventually built an internal solution. Co-founder Harshit Chitalia worked at Juniper Networks Inc., where he led an engineering team and experienced these challenges firsthand from the engineering perspective.

Tromzo is offering a solution to a serious problem. The company says that developers are expected to release software more frequently because of the mainstream adoption of DevOps practices and cloud platforms. As they work to meet these rising expectations, the vulnerabilities security asks them to fix often end up being ignored. That causes friction between developers and security and leaves applications vulnerable to security breaches.

“Modern application security teams are overwhelmed and frustrated,” Parikh explained. “They are spending all their time trying to convince developers and chasing them to fix security issues. This makes scaling their application security program practically impossible and they constantly feel they are being left behind.”

The platform works in four steps. The first is to connect data sources to gain complete visibility within minutes by connecting AppSec tools, DevOps systems and cloud platforms using application programming interfaces. In the second step, prioritization with context identifies what is relevant or leverages out-of-the-box rules to create actionable security alerts across continuous integration and continuous deployment or CI/CD workflows.

The third step is the automatization of remediation campaigns, with developers being automatically alerted about actionable alerts in the tools they use, so they have the full context of why an issue needs to be fixed and how. The last step is measuring and improving AppSec programs, including communicating security posture with development teams and executives.

“Tromzo enables my team to partner with the Dev team at scale to reduce our overall risk,” noted early Tromzo customer and investor Ralph Pyne, head of security at NextRoll Inc. “Both teams benefit with my security engineers freed up to focus on higher-value tasks and the dev team given rapid intelligence on prioritized vulnerabilities.”

Image: Tromzo