Kodem employs runtime intelligence to assess application risk for AppSec teams

Kodem has launched from stealth and announced $25M in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team.

The modern software supply chain is viral. Every software component a developer imports includes all the functionality — and the vulnerabilities — it contains. Traditional SCA and cloud security posture management (CSPM) tools are noisy. They alert on every vulnerability scanned, regardless of whether it is exploitable.

Kodem is redefining application security by using runtime intelligence to gain deep application understanding and determine actual application risk. This reduces the time it takes to remediate issues and brings the number of alerts down by more than 90 percent, improving efficiency, saving organizations real time and money, and making applications safer.

“We started Kodem in response to the inefficiency of the application security process. With traditional tools, it’s difficult for developers to see whether vulnerabilities are exploitable. After years of researching the problem, we found that the key to clarifying actual risk is to observe application behavior during runtime,” said Aviv Mussinger, CEO of Kodem.

“By analyzing a running application, we can understand its context to know exactly which components are in use, how data moves between them, and the risk that is created. We based the Kodem solution on these findings, and we look forward to helping additional security teams build safer applications more efficiently,” Mussinger continued.

Kodem was founded by Aviv Mussinger (CEO), Pavel Furman (CTO), and Idan Bartura (Head of Engineering), cybersecurity veterans with decades of experience in cybersecurity, research, and innovation. The founders’ deep cybersecurity expertise and unique background in operating systems allowed them to develop a solution that addresses critical vulnerabilities while eliminating false positives.

“As enterprises continue to move their workloads to the cloud, application security is growing in importance and priority for IT cybersecurity teams,” said Asheem Chandna, Partner at Greylock.

“Kodem has assembled an exceptional product team that is developing the next generation of application security – one that is cloud-native, deploys seamlessly, and provides the highest levels of accuracy with strong growing coverage,” Chandna added.

The core patented technology underlying the Kodem platform enables the ability to monitor the application in a non-intrusive way and to analyze its behavior and risks in real time. Early customer data shows just over 10 percent of software code is used in runtime and that less than 5 percent of runtime software is actually vulnerable.

“We met the Kodem team in the very first days of their journey. What became very clear — very early on — is the team’s quality, the strong bond between the partners, their deep-rooted understanding of AppSec, and the profound technical expertise they brought to this new venture,” noted Guy Yamen, Managing Partner at TPY Capital.

“It is not surprising then that in the time passed since our investment, the founders and amazing team they’ve recruited have managed to clearly demonstrate how well they eliminate noise and make remediation easy for AppSec teams,” Yamen concluded.