2 min read

Announcing Legit Security: The Story Behind Our Mission

Featured Image

I'm excited to share that Legit Security is officially launching out of stealth mode. While in stealth, we’ve been incredibly busy acquiring our current customers, building a platform for demanding enterprise environments, and securing funding from top tier investors. We’ve already grown significantly as a company, including new offices in the U.S. and Israel and a greatly expanded team, as well as connected with so many valued customers, partners, investors and advisors. But this is just the beginning, which is a realization that is both humbling and extremely exciting. 

Now that we’re out of stealth, I wanted to share why we created Legit Security and why we are so passionate about our mission. I’ll start by sharing a little about the co-founders and the extremely talented team we’ve assembled in a short period of time. 

Built for the DecSecOps Era

I’ve known co-founders Liav and Lior (pictured above) for many years beginning in the Israeli Defense Forces at Unit 8200. We gained invaluable experience there, but perhaps most important was learning that “anything is possible” in cybersecurity with the right talent, focus, and resources. 

After our military service, we worked in leading cyber security companies across Israel and recognized a growing gap between traditional AppSec tools and a new generation of rapidly evolving, modern software development environments. The gap was growing and traditional security tools and vendors were not catching up. 

Because of the adoption of agile development, cloud, and modern development pipelines, the approach needed to secure software releases was fundamentally changing. It's no longer just about “the code”. Software is now assembled in multiple steps across a supply chain leveraging many trusted contributors, pulling artifacts from countless repositories, built and assembled on underlying infrastructure that must be securely configured, and all the while providing speed, agility and efficiency. These modern supply chain environments created a sprawling new attack surface - one that is increasingly exploited by over 2x-6x a year, depending upon the analyst, government agency, or vendor report you read. 

Thinking Holistically to Secure the Broader SDLC Environment

We had spent years building security solutions that scan code, and we saw that was clearly no longer enough. The world doesn't need another code scanner. The only way to secure modern software supply chain environments required a new solution approach that holistically enforced secure development policies and guardrails across the SDLC environment itself.

We founded Legit Security to address just that. We spent over a year in stealth building a platform and assembling the strongest team of Software Security experts across the U.S. and Israel, all sharing the same vision - bringing trust back to modern software releases. 

During this time, we were thrilled to see it quickly adopted by many organizations - from Fortune 500 companies to fast moving software-driven businesses. What was common to all was using Legit to immediately get full visibility and control over what was actually going on across their software supply chain environments, spanning pipelines, infrastructure, code and people. As one of our customers said, "I can't protect what I don't know”, and Legit was now providing the visibility, security and continuous assurance they lacked. 

Our Vision Now Shared with Top-Tier VCs

During the last year we also partnered with some of the world's leading investors and VCs - including Bessemer, TCV and Cyberstarts. I’m thrilled they share the same vision for the future of software supply chain security, and that Legit is now so well positioned with the talent, focus, and resources for success. 

If you also share the same vision, or want to learn more about Legit Security - feel free to reach out.

Related Blogs

Forget Everything You Thought You Knew About DevOps and Security

DevOps isn’t a new concept. It was first coined around 2009 by Patrick Debois as a way to describe not only technology and standards, but also an...

Read More

What Are Immutable Tags And Can They Protect You From Supply Chain Attacks?

Artifacts, such as container images, are referenced during the development lifecycle using tags – a readable short name (usually a version like...

Read More

Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...

Read More