Estonian cybersecurity startup Patchstack has successfully raised $5 million in a Series A funding round aimed at enhancing its open-source security solutions. This round, led by Karma Ventures, saw participation from G+D Ventures and Emilia Capital, the investment firm established by Yoast founders Marieke van de Rakt and Joost de Valk. This funding follows a €2.7 million R&D grant from the European Innovation Council in 2022, which has significantly bolstered Patchstack’s research and development efforts.
The rapid pace of cyber threats necessitates efficient responses; on average, it takes organizations over 200 days to patch critical security vulnerabilities. Patchstack addresses this pressing issue by providing developers with tools to quickly identify, prioritize, and auto-mitigate vulnerabilities, all without requiring user intervention or code alterations. This unique approach ensures the integrity of applications while delivering real-time protection.
Recently, Patchstack unveiled a complimentary tool co-funded by the EU, designed to assist open-source software vendors in aligning with the forthcoming Cyber Resilience Act (CRA). This significant legislation, expected to be enacted later this year, mandates robust cybersecurity standards for digital products within the EU, including mandatory incident reporting and automated security updates.
Currently, Patchstack scans over five million websites for vulnerabilities, effectively preventing millions of attacks. Its clientele includes prominent names such as GoDaddy, Digital Ocean, and Plesk/cPanel. Originally focused on WordPress, the world’s largest open-source content management system, which powers over 40% of all websites, Patchstack is poised to extend its services to other content management systems and the broader open-source software ecosystem.
Patchstack’s access to extensive vulnerability data positions it as a leader in the field. The company recently launched a gamified bug bounty program and manages the Vulnerability Disclosure Program (VDP) for WordPress plugins, attracting thousands of ethical hackers to report new security vulnerabilities. This initiative has solidified Patchstack’s reputation as a premier provider of open-source security intelligence, with a remarkable 76% of all known WordPress-related vulnerabilities published by the company in the previous year. In early 2023, Patchstack was selected for Google’s AI for Cybersecurity accelerator program, further enhancing its capabilities.
Founders Oliver Sild (CEO) and Dave Jong (CTO) first connected on a PHP Security subreddit in 2016, driven by a shared passion for cybersecurity. Their collaborative efforts have since transformed Patchstack into a dynamic force in the industry. Sild expressed his excitement about the new funding, stating, “With the data and technology we possess, we believe we could potentially hyper-automate the entire open-source software security process.”
As Patchstack embarks on this next chapter, the combination of their innovative technology and strategic partnerships promises to reshape the landscape of open-source cybersecurity. The increasing regulatory focus on security, especially in the wake of the Cyber Resilience Act, positions Patchstack as a vital ally for companies striving to meet compliance requirements while safeguarding their digital assets.
In our view, Patchstack is well-positioned for success in an era where cybersecurity is paramount. The startup’s proactive approach and commitment to automation not only enhance the security of open-source projects but also empower developers with the tools they need to manage vulnerabilities effectively. As the demand for robust cybersecurity solutions continues to grow, Patchstack’s unique offerings and vision for the future place it at the forefront of the industry.
If you need further assistance or have any corrections, please reach out to editor@thetimesmag.com.