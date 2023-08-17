ProjectDiscovery raises $25M to launch a cloud version of its threat-scanning platform

Kyle Wiggers
·3 min read
0
Image Credits: ipopba / Getty Images

ProjectDiscovery, a platform that detects new, exploitable vulnerabilities in codebases, today announced that it raised $25 million in a Series A funding round led by CRV with participation from Point72, SignalFire, Rain Capital, Mango Capital, Accel and Lightspeed.

ProjectDiscovery began as a collaboration between four security engineers -- Rishiraj Sharma, Sandeep Singh, Nizamul Rana and Marco Rivoli -- who felt the tools they had to identify, find and fix vulnerabilities were too slow to innovate in response to growing threats.

"These tools produced too many false positives, making it hard to prioritize vulnerabilities, and they weren't customizable to their organizations' architecture," Rishiraj, who serves as ProjectDiscovery's CEO, told TechCrunch via email. "Worse, they made it hard to work on remediation across teams and departments."

After collaborating together on several open source solutions to attempt to solve these problems, Sharma, Singh, Rana and Rivoli founded ProjectDiscovery, a free vulnerability scanning platform, in 2020. Initially a side project, ProjectDiscovery raised a seed round in January 2021, and the team decided to begin working on it full-time following that.

ProjectDiscovery continuously monitors for exploits in websites, apps, APIs, cloud environments and services. Working from templates, IT teams -- alongside engineers -- can find and remediate vulnerabilities and misconfigurations.

Andy Cao, ProjectDiscovery's chief operating officer, asserts that ProjectDiscovery represents a "step change" in organizations' abilities to secure public-facing endpoints.

"Today’s security leaders face an ever-growing list of tools and offerings. But many of those are focused on a single area or on compliance over security," Cao said via email. "The addressable market for ProjectDiscovery includes enterprises of all sizes around the world."

That may be true. But it's also true that ProjectDiscovery is far from the only vendor selling exploit discovery tools. Socket recently raised $20 million for its service that detects security vulnerabilities in open source code, while SonarSource -- one of the bigger players in the code-scanning space -- last year landed a $412 million investment at a $4.7 billion valuation.

Cao isn't ignorant of the competition. But he makes the case that ProjectDiscovery has a powerful -- and differentiated -- resource in its open source community.

"We currently have over 60,000 community members who are contributing to and using our tools, most of whom work for larger enterprises," he said. "When critical new vulnerabilities emerge, our customers don't have to wait around in the dark for their vendor to take action. Instead, they benefit from hundreds of engineers working on templates that help them find and remediate those vulnerabilities, and that progress is available to everyone."

Going the path of countless open source startups, ProjectDiscovery is aiming to monetize that advantage with a managed cloud version of its free offerings. Called ProjectDiscovery Cloud Platform, the paid service handles maintenance and installation of ProjectDiscovery's growing software suite.

Can ProjectDiscovery users be convinced to pay for what's already available for free? Perhaps. Cao says that there's been 3,000 sign-ups for ProjectDiscovery Cloud Platform so far, including from Fortune 500 enterprises. A bigger question in my mind is the open source community's reception to ProjectDiscovery commercializing their work -- without compensation, I might add. But Cao didn't seem especially concerned.

"The power of open source -- and of our community -- means that ProjectDiscovery is able to provide a more comprehensive approach focused on protecting against attackers and not just auditors," Cao said. "Specifically, that means developing a better solution than traditional scanning tools . . . [and] new ways to streamline collaboration between the teams that are finding vulnerabilities and those that are remediating them."

To date, ProjectDiscovery has raised $28 million. Cao says that the proceeds from the latest round will be put toward hiring and supporting the launch of ProjectDiscovery Cloud Platform.

Recommended Stories

  • Mortgage rates top 7%, hitting 21-year high

    The average rate on the popular 30-year fixed mortgage increased to 7.09% this week, up from 6.96% the week prior.

  • Intel's modernization strategy could face setback with end of $5.4B Tower deal

    In 2021, Intel CEO Pat Gelsinger announced a comprehensive modernization strategy he dubbed IDM (integrated device manufacturing) 2.0. In a 2022 article, we described Intel's new approach this way: IDM 2.0 involves a three-pronged approach to semiconductor manufacturing: Intel’s network of global factories, use of third-party capacity and building out Intel Foundry Services, moving the company beyond simply producing Intel-branded chips, but helping meet the growing needs for custom chips. As part of that shift, Intel announced plans to acquire Tower Semiconductor, an Israeli chip manufacturer, for $5.4 billion in February 2022.

  • WhatsApp adds support for HD photos, says HD video coming 'soon'

    WhatsApp is getting an upgrade that will allow users to share HD photos through the messaging app, according to an announcement shared by Meta CEO Mark Zuckerberg on his Instagram broadcast channel and via a Facebook post. Earlier this summer, users spotted the option available through the Android beta version of WhatsApp and the TestFlight app on iOS, suggesting a public launch was nearing. WhatsApp says this choice was made to ensure that sharing photos remains fast and reliable.

  • CISA says hackers are exploiting a new file transfer bug in Citrix ShareFile

    Hackers are exploiting a newly discovered vulnerability in yet another enterprise file transfer software, the U.S. government’s cybersecurity agency has warned. The agency warned that the flaw poses “significant risks to the federal enterprise,” and mandated that federal civilian executive branch agencies — CISA included — apply vendor patches by September 6. Citrix first released a warning about the vulnerability back in June.

  • Nissan reportedly postpones Frontier truck's next generation to focus on EVs

    It's better to focus on one thing than spread your efforts, and Nissan's using that strategy as it plans to roll out several new EVs in the coming years.

  • 'Alan Wake II' delayed by 10 days, will arrive on October 27th

    Alan Wake II is moving back by 10 days to October 27th, bringing it a little closer to Halloween. "October is an amazing month for game launches and we hope this date shift gives more space for everyone to enjoy their favorite games," developer Remedy Entertainment and publisher Epic Games said.

  • Arthur releases open source tool to help companies find the best LLM for a job

    Today it is releasing Arthur Bench, an open source tool to help users find the best LLM for a particular set of data. Adam Wenchel, CEO and co-founder at Arthur, says the company has seen a lot of interest in generative AI and LLMs, and so they have been putting a lot of effort into creating products. “Arthur Bench solves one of the critical problems that we just hear with every customer which is [with all of the model choices], which one is best for your particular application,” Wenchel told TechCrunch.

  • How to take a screenshot on a Windows PC

    Here are all of the ways you can take a screenshot on Windows PCs.

  • Viral 'mullet streaker' breaks down his infamous golf course adventure on A&E show 'My Strange Arrest'

    The infamous mullet streaker explains his epic PGA fairway run in 'My Strange Arrest.'

  • BNPL vendor Splitit moves to go private in exchange for fresh funds

    As the buy now, pay later (BNPL) market continues on its slow decline, one of the major players, Splitit, is embarking on an effort to reorganize and pivot. Splitit today announced that it has a $60 million "capital commitment" from strategic investors including Thorney Investment Group, Parea Capital and Motive Partners. Bringing the startup's total raised to around $350 million (assuming the deal goes through), the proceeds will be put toward growth and "supporting the execution of its strategic plan," according to managing director and CEO Nadan Sheth.

  • Armed with new execs, dLocal rebounds from a short seller attack in a big way

    Uruguayan fintech company dLocal saw its stock surge by over 30% on Wednesday on the news that the payments outfit had tapped former Mercado Libre CFO Pedro Arnt as its new co-CEO. Impressively, dLocal reported revenue of $161 million, up 59% year-over-year and 17% quarter-over-quarter. The company also saw a large jump in profits, reporting gross profit of $70.8 million in the second quarter of 2023, up 43% year-over-year compared to $49.6 million in the second quarter of 2022 and up 14% compared to $61.8 million in the first quarter of 2023.

  • IPO market could see 'real uptick' in 2024, Citi's US head of banking says

    The IPO market is seeking stability going into 2024, John Chirico said.

  • ‘Watch me get addicted to lip filler’ TikTok trend is raising concerns with beauty experts

    "This is when an injector needs to start saying 'I really don't think you need more.'"

  • Save up to 30% on Greenworks electric lawn tools for Labor Day

    Who doesn't love a little Labor Day lawn cleanup? Save up to 30% on Greenworks electric tools right now and give your yard one last makeover before winter.

  • Katie Haun will discuss the future of crypto at TechCrunch Disrupt 2023

    Launching two crypto funds totaling $1.5 billion is a thrilling accomplishment, especially for a woman in an industry that’s still male-dominated. Crypto VC firms raised more than $22 billion in 2022, compared with just $2 billion raised at this point in 2023. Last June, Haun Ventures led a $10 million seed round for Argus, a web3 gaming studio.

  • PayPal's new CEO faces these 3 big challenges

    PayPal's new CEO has a tough job ahead of him when he takes the reins from Dan Schulman on Sept. 27.

  • Not all Fed officials wanted to raise interest rates in July, minutes show

    Most Fed officials remained concerned about "significant upside risks" to inflation, implying more rate hikes are possible, but some urged caution.

  • Solo Stove introduces a $349 gas-only version of its Pi pizza oven

    Solo Stove's latest pizza oven is a gas-only model that's more affordable than its previous multi-fuel option.

  • Opera’s AI browser assistant is now available in its iOS app

    Opera announced today that its Aria AI assistant has made its way to iOS. The feature launched on desktop in June and stems from a partnership with ChatGPT creator OpenAI. Opera says Aria, now available on all major desktop and mobile platforms, has tallied over a million users on desktop and Android.

  • 2023 NFL preseason: How to watch the Buccaneers vs. Jets game

    The NFL preseason continues this week. Here's how to watch Saturday's Bucs vs. Jets game.