New
August 1, 2024

The Lineage of Lineaje

Ten quarters ago, I reached out to my friend, Anand Revashetti, then a Fellow and Chief Architect at McAfee, with a simple question: Can you detect software supply chain tampers with any existing cyber-security tool? It was clear that runtime cybersecurity tools ignored how software was built. As always, he went down the path of detailed analysis.  

Three days later, he had an answer. Every Shift-left tool, whether it’s a SCA tool, an App-Sec tool, a code-analysis tool, or a vulnerability tool, every one of them could easily be fooled.  While these tools claimed that they could detect the components in your software, they had no idea what was inside these components. Their detection capability was nothing but only on the superficial layer of your software component hierarchy. In reality, on average, more than 70% of all applications were sourced from open source and third-party components, which contributed to more than 95% of the inherent risk in your software. One could conclude that the visibility and detections provided by all the Shift-Left tools in the market was indeed at a very minimal.

The implications were stunning:

  • What’s in our software? Software we source, we build, we sell, or we buy is opaque. Almost all software ships without a complete list of components.
  • Is our Software Tampered? Tampering in software components is undetectable by every tool deployed in the CI/CD pipeline.  Framework like SLSA popularized by Google – focus on software you build and not what you source. And Existing tools hide what they do not know creating a false sense of security.
  • Is our Software Secure? If the tools we use like vulnerability scanners, and application security scanners can see only a subset of components and are essentially half-blind, their detections and assertions of risk are unreliable.  Again, these tools are great at showing what they know but are hiding the “Known Unknowns” and of course the “Unknowns” in our software.  

The US Government, aware of these challenges, passed Executive Order 14028 mandating commercial software developers to pay attention and rectify these shortcomings by putting a deadline by when these challenges had to be addressed.

By the end of March 2022, we launched Lineaje Inc. – a company that would trace the complete lineage of all software, attest every component, and comprehensively and accurately assess risk starting with software in any form-factor: source code, containers, shipping binaries, and mobile apps,  and, finally, optimize software risk remediation to provide relief to overwhelmed security professionals and software developers.  

Category-creating Technology

The technology challenge led us into a deeply technical, confused world where software development factories manage people, processes, and tools but not the ingredients that make up the final product. So, Lineaje delivered a sequence of industry firsts - groundbreaking innovations that are copied by fast-moving competitors and some slower whales.

  • Industry’s First SBOM Manager  
  • Industry’s First SBOM reputation and assessment engine
  • Industry’s First SBOM Exchange hub
  • Industry’s First Software Third Party Risk Manager for Software Consumers
  • Industry’s First SCA Tool that can attest what you ship is what you built is what you sourced
  • Industry’s First Open-Source integrity and tamper Detection
  • Industry’s First Open-Source Manager
  • Industry first Lineaje AI-driven BOMbots to optimize software remediation

We are proud to be the leading software supply chain innovator.  

Unrestricted Global Opportunity  

Every company today is a software company. Every software company has a software supply chain – as they source, build, sell, deploy, or buy software. And so, Lineaje offers software supply chain management solutions for software you source, build, sell, deploy or buy. Our products reduce risk in ALL software you use.

The AI revolution is upon us and the impact of AI risks is as large as its promise. AI software is more opaque, more tamperable and brings more risks. Our products reduce AI risk.

A Harvard Business Review Study published Jan 1, 2024.Harvard Business Review Study published Jan 1, 2024 estimated the value of open-source software usage for organizations to be $4.15 billion. They estimate the value generated by these open-source components to be $8.8 trillion. Open-source software is almost completely opaque, lightly maintained, and unmanaged. Our products reduceopen-source risk and manage open-source software.

In 2024, according to Statista, Enterprises will spend more than a trillion dollars purchasing software. Our products can assess and reduce risks in software organizations’ buy.

We see the opportunity for Lineaje to be an essential ingredient in this digital transformation, needed by every organization that sources, builds, sells, or deploys software. We build products focused on these 4 spaces to help organizations:

  • Source Better Software
  • Build Better Software
  • Sell Better Software
  • Buy Better Software
Greener than Green Investors

Raising money is hard. At Lineaje, we have looked for “Greener than Green” investors -Investors whose money’s impact on Lineaje is multiplicative.

  • Tenable Ventures, with the amazing Matt Olton, led our SEED round. Tenable specializes in software exposure and so do we. Inherent synergies in every aspect of our business.
  • Series A is led by the very confident Abhishek Shukla and Sean Lee of Prosperity7. They will help us expand into the Middle East.  
  • Gayathri Radhakrishnan of Hitachi Ventures with their global strength and strong Japanese roots creates additional geo-expansion opportunities.  
  • Neotribe’s Nitin Chopra and Rebecca Mitchem with their vast GTM experience are invaluable as we leverage the Series A investment to create an actual GTM team
  • Carahsoft’s Craig Abod is brilliant. His guidance and advice both on product and Public Sector GTM fuels our success.
  • Wipro ventures, with the very driven Biplab Adhya, give us access to one of the largest software developers in the world and their GTM machines. We will do great things together.

Beyond these, the round contains investment from SecureOctane, AlumniVentures, J-Ventures and additional contributions from senior cyber-security executives.

The new investment brings our total funding to $27 million ($7 Million Seed + $20 Million Series A).

Customers and The Path Forward

Ultimately, we build the company and our products for our customers. Last two years we have worked with brilliant, cutting-edge customers. That is a great privilege. They help us build highly innovative products.  

A mantra that is critical for us to deploy technology without creating waves, so your technology can create waves. With that goal, we will invest to build a world-class GTM organization accelerating customer acquisition, expanding partner distribution network, and given deep penetration in the U.S. public sector, delivering services for highly secure defense deployments.

In addition, Lineaje will fortify its AI-powered platform, expand its innovative BOMbots solution insights, and introduce new AI advancements to autonomously resolve software supply chain issues transparently.  

We are amazingly pumped by this investment in our vision for the company. Our technology is groundbreaking, our market unrestricted, our investors are the greenest, and now it is time to put our heads down and execute!

Meet us at The Software Supply Chain Security Summit or at Booth SC212 at Black Hat