WhiteSource raises $35 million for open source flaw detection platform

WhiteSource, a company that provides cybersecurity services to users of open source software, announced Wednesday that it raised $35 million in Series C funding.

The company’s platform draws from a database of open source repositories and alerts customers if they are using components that have unpatched bugs.

“We are now at a stage where the question is not whether or not to use open source components, but how to put in place the solutions and policies to manage them well,” said WhiteSource CEO and co-founder Rami Sass, in a press release.

Sass pointed to Equifax’s massive data breach last year as evidence for the need for automated open source bug monitoring services like WhiteSource’s. Equifax’s breach of about 148 million people’s personal data was reportedly caused by an unpatched version of Apache Struts, an open source web application framework.

“[A]s the open source community grows, and the number of reported vulnerabilities keeps climbing, manually verifying the security and compliance of open source components can no longer provide the necessary control over the security of these components,” the WhiteSource said in its announcement.

The funding round was led by Susquehanna Growth Equity, with participation from 83North and M12, Microsoft’s venture capital arm.

With offices in Boston, New York and Tel Aviv, boasts more than 500 customers, including several Fortune 100 companies. The company says it plans to use its new funding to “double down on serving the enterprise market,” adding that Microsoft, IBM, Comcast and KPMG use its platform.

Founded in 2011, WhiteSource competes with other startups in the “software composition analysis” space, like Snyk, which was also recently funded in a Series B round.