top of page
Untitled design (1).png
GTM Research Logo (6).png

Oligo Security

Enterprise Applicablity
HEADQUARTERS
FOUNDED
FUNDING

Tel Aviv, Israel

$28M Series A

2022

FOUNDERS

Nadav Czerninski, CEO

Gal Elbaz, CTO

Avshalom Hilu

EMPLOYEES

42

PRIVATE | PUBLIC

Private

COTS

COTS | OSS
USE CASES

GTM Insights

GTM Domain Insights


Pure play SCA solutions are starting to emerge and for good reason. Approximately 80% of deployed code is now OSS with 95% of vulnerabilities taking place in transitive dependencies.  What’s more, when looking at the Census II report approximately 50% of all packages tracked did NOT have a release in 2022.


"Software ages like milk, not like wine" Varun Badhwar, CEO Endor Labs

Of the folks in this space, here are some notables:


  • Oligo Security - true differentiation is in their creation of a patent-pending implementation of assigning least-privilege for OSS packages. They work in runtime and see vuln packages in use, with the assignment of least privilege being unique. Great principle, but doesn't address the issue of why the package was even selected in the first place, or how to address the time gap waiting for a patch to be released.


  • Endor Labs (recommended) - Focuses on the nutrition label for OSS. Similar to others in this space, they are able to show risk exposure for vuln packages in use, but they can also recommend package alternatives, and even look at metrics around the project to determine overall suitability (risky maintainers/contributors, if the project is archived, how maintained the project is, etc.).


Differentiation:

  • Enforces Least Privilege for OSS; Patent pending


Architecture:

  • Based on EBPS <1% overhead

  • support python, java, go, node

License Compliance:


Vulnerability Detection:

  • Focus on runtime

  • Context - library loaded/running? Is it internet-facing?


Dependency Analysis:

  • Determines dependencies/transitive dependencies in use


Patch Recommendations:


Policy Enforcement:


Integration with CI/CD pipelines:

  • real-time scanning


Risk Assessment:


Version Tracking:

  • Keeps track of the versions of all open-source components used in a project.


Bill of Materials (BoM) Reporting/Recommendation:

  • Generates detailed reports listing all open-source components used, their licenses, and their vulnerabilities.


Integration with SCM and IDEs:

  • Can be integrated with Source Code Management systems and Integrated Development Environments for easier use.


Historical Tracking:


Open-Source Governance:


Tel: 202-431-0558

27734 Ave Scott, Suite 120

Santa Clarita 91355

SUBSCRIBE

Sign up to receive GTM Catalyst news and updates.

Thanks for submitting!

© 2023 by GTM Catalyst

  • LinkedIn
  • Twitter
bottom of page