Socket, a leading cybersecurity company, has made a strategic move by acquiring Coana, a Danish cybersecurity firm specializing in advanced vulnerability detection. This acquisition is expected to set a new standard for software security, offering a more precise and efficient way for teams to handle vulnerabilities.
A Game-Changing Technology for Security Teams
In today’s rapidly evolving world of AI-generated code and expanding attack surfaces, security teams are overwhelmed with thousands of vulnerability alerts, many of which are false positives. This “alert fatigue” can cause genuine threats to go unnoticed, putting organizations at significant risk.
Coana’s reachability analysis technology, integrated into Socket’s platform, filters out the noise and highlights only the most critical vulnerabilities. By using static control-flow and call graph analysis, Coana helps teams eliminate up to 80% of false positives, drastically reducing the time spent on alert triage.
Socket’s acquisition comes after a $40 million Series B funding round, led by Abstract Ventures, Elad Gil, and a16z. The move is expected to solidify Socket’s position in the growing $12 billion software supply chain security market, which is increasingly crucial in the wake of AI-generated code and complex attack surfaces.
The integration of Coana’s technology has already resulted in impressive improvements for companies like Anthropic, Figma, and OpenAI. With Socket’s platform, these companies have seen up to 10x faster remediation times for critical vulnerabilities. For instance, Anthropic’s AppSec team reduced their mean remediation time from 14 days to just 36 hours, and Figma saved 15 hours per week previously spent on addressing false positives.
The dual-layer defence provided by Socket’s platform blocks malicious packages, typosquatting, and obfuscated code while prioritizing vulnerabilities based on their reachability and exploitability. This streamlined approach results in faster response times and more effective security operations.
Expanding Socket Comprehensive AppSec Platform
Founded in 2021 by Professor Anders Møller and his team at Aarhus University, Coana focuses on static analysis and software security. The company raised $1.6 million in pre-seed funding from Sequoia Capital and other investors before being acquired by Socket. Coana’s innovative approach in control-flow analysis is the cornerstone of its technology, which allows the company to identify the most critical vulnerabilities while filtering out irrelevant alerts.
Martin Torp, Coana’s CPO, noted, “We founded Coana to provide developers with a tool that identifies 100 critical issues, not 10,000 trivial ones. Joining Socket allows us to take that vision to the next level.”
With Coana’s advanced reachability analysis integrated into Socket’s platform, the company now offers the most comprehensive Software Composition Analysis (SCA) solution available. Socket’s system scans every code commit in real time, proactively detecting and blocking threats in open-source dependencies.
Socket’s platform offers protection from malicious packages, typosquatting, and obfuscated code while prioritizing vulnerabilities based on their exploitability. With over 500 attacks blocked weekly, the platform provides actionable, noise-free security alerts, ensuring teams can focus on what matters most.
A New Standard for Secure Software Development
As the security landscape continues to evolve, Socket’s acquisition of Coana sets a new industry standard for software security. The integration of Coana’s research-driven, precise vulnerability detection ensures that modern development teams can stay ahead of the rapidly expanding threat landscape, reducing alert fatigue and improving response times.
Feross Aboukhadijeh, CEO of Socket, stated, “Great people build great technology. The Coana team shares our values and brings world-class engineering talent to Socket. Together, we’re going to redefine secure software development.”
With AI-generated code and new attack surfaces increasing the complexity of security threats, precise and efficient vulnerability detection has become more critical than ever. Socket’s acquisition of Coana enhances its platform, providing noise-free alerts and enabling teams to address vulnerabilities faster and more effectively, ensuring the security of their software in today’s fast-paced digital landscape.
