Israeli application security startup Myrror Security today emerged from stealth mode with $6 million in funding from Blumberg Capital and Entrée Capital.
Founded in 2022 as BlindSpot Security, the Tel Aviv-based firm aims to disrupt the software supply chain threat landscape and secure the entire software development lifecycle.
Myrror Security’s platform tackles the presence of malicious code in open source dependencies, and continuous integration and continuous delivery (CI/CD) attacks.
For that, the startup combines AI with binary-to-source code analysis to identify threats in real time during the development phase, before they make it to production.
The company fetches dependencies’ original source code from public or private repositories, depending on whether the package is open source or proprietary, and uses it for analysis and comparison, to identify potential compromises.
By continuously scanning dependencies for changes and indexing new versions, while filtering dynamically-generated code and other compilation noise, the platform can identify any code in the binary that should not be there, Myrror Security CEO and co-founder Yoad Fekete told SecurityWeek.
Additionally, Myrror maintains its own database of open source software, which it uses for the tampering binary-to-source validation, which essentially reverse-engineers binary artifacts to identify code changes.
“To check for vulnerabilities, we fetch data from multiple external databases and then save it internally after performing reachability analysis and enrichment,” Fekete said.
Once an issue is identified in the analyzed package, the customer is notified in real time, so they can take the appropriate steps immediately.
Fekete also says that the company is working on new features to provide users with context about any additional code identified in dependencies, to identify compromised packages that are fetched dynamically in production, and to check the calls an application makes after execution.
Myrror also provides a Code Aware SCA (Software Composition Analysis) solution to identify vulnerable functions within the analyzed code, along with mitigation plans to help customers remediate identified risks.
The new investment will help the startup add new capabilities to its products and expand its go-to-market distribution channels.
“The integration of unverified open source components into the software development process creates a massive attack risk on one hand, and a large amount of false positives for security teams on the other hand. We founded Myrror Security to help security teams protect their organizations from attacks and sort through their mess of alerts before code gets to production, without requiring any engineering behavioral change,” Fekete said.