2 min read

Announcing Legit Security: The Story Behind Our Mission

Featured Image

I'm excited to share that Legit Security is officially launching out of stealth mode. While in stealth, we’ve been incredibly busy acquiring our current customers, building a platform for demanding enterprise environments, and securing funding from top tier investors. We’ve already grown significantly as a company, including new offices in the U.S. and Israel and a greatly expanded team, as well as connected with so many valued customers, partners, investors and advisors. But this is just the beginning, which is a realization that is both humbling and extremely exciting. 

Now that we’re out of stealth, I wanted to share why we created Legit Security and why we are so passionate about our mission. I’ll start by sharing a little about the co-founders and the extremely talented team we’ve assembled in a short period of time. 

Built for the DecSecOps Era

I’ve known co-founders Liav and Lior (pictured above) for many years beginning in the Israeli Defense Forces at Unit 8200. We gained invaluable experience there, but perhaps most important was learning that “anything is possible” in cybersecurity with the right talent, focus, and resources. 

After our military service, we worked in leading cyber security companies across Israel and recognized a growing gap between traditional AppSec tools and a new generation of rapidly evolving, modern software development environments. The gap was growing and traditional security tools and vendors were not catching up. 

Because of the adoption of agile development, cloud, and modern development pipelines, the approach needed to secure software releases was fundamentally changing. It's no longer just about “the code”. Software is now assembled in multiple steps across a supply chain leveraging many trusted contributors, pulling artifacts from countless repositories, built and assembled on underlying infrastructure that must be securely configured, and all the while providing speed, agility and efficiency. These modern supply chain environments created a sprawling new attack surface - one that is increasingly exploited by over 2x-6x a year, depending upon the analyst, government agency, or vendor report you read. 

Thinking Holistically to Secure the Broader SDLC Environment

We had spent years building security solutions that scan code, and we saw that was clearly no longer enough. The world doesn't need another code scanner. The only way to secure modern software supply chain environments required a new solution approach that holistically enforced secure development policies and guardrails across the SDLC environment itself.

We founded Legit Security to address just that. We spent over a year in stealth building a platform and assembling the strongest team of Software Security experts across the U.S. and Israel, all sharing the same vision - bringing trust back to modern software releases. 

During this time, we were thrilled to see it quickly adopted by many organizations - from Fortune 500 companies to fast moving software-driven businesses. What was common to all was using Legit to immediately get full visibility and control over what was actually going on across their software supply chain environments, spanning pipelines, infrastructure, code and people. As one of our customers said, "I can't protect what I don't know”, and Legit was now providing the visibility, security and continuous assurance they lacked. 

Our Vision Now Shared with Top-Tier VCs

During the last year we also partnered with some of the world's leading investors and VCs - including Bessemer, TCV and Cyberstarts. I’m thrilled they share the same vision for the future of software supply chain security, and that Legit is now so well positioned with the talent, focus, and resources for success. 

If you also share the same vision, or want to learn more about Legit Security - feel free to reach out.

Related Blogs

Software Supply Chain Risks: What Every CISO Needs to Know

As software technology evolves, it’s being continuously integrated into nearly every aspect of business processes. And while this has given many...

Read More

Why You Can Still Get Hacked Even After Signing Your Software Artifacts

Malicious actors are poisoning your artifacts in an attempt to infect your software supply chain so that you deploy those compromised (i.e. poisoned)...

Read More

New Software Supply Chain Attack Installs Trojans on Adobe's Magento E-Commerce Platform

A popular vendor of Magento-Wordpress plug-ins/integrations with over 200,000 downloads, has been hacked. This recent attack is a reminder that...

Read More