GitHub
Auto Added by WPeMatico
Auto Added by WPeMatico
Adaptive Shield, a Tel Aviv-based security startup, is coming out of stealth today and announcing its $4 million seed round led by Vertex Ventures Israel. The company’s platform helps businesses protect their SaaS applications by regularly scanning their various setting for security issues.
The company’s co-founders met in the Israeli Defense Forces, where they were trained on cybersecurity, and then worked at a number of other security companies before starting their own venture. Adaptive Shield CEO Maor Bin, who previously led cloud research at Proofpoint, told me the team decided to look at SaaS security because they believe this is an urgent problem few other companies are addressing.
Pictured is a representative sample of nine apps being monitored by the Adaptive Shield platform, including the total score of each application, affected categories and affected security frameworks and standards. (Image Credits: Adaptive Shield)
“When you look at the problems that are out there — you want to solve something that is critical, that is urgent,” he said. “And what’s more critical than business applications? All the information is out there and every day, we see people moving their on-prem infrastructure into the cloud.”
Bin argues that as companies adopt a large variety of SaaS applications, all with their own security settings and user privileges, security teams are often either overwhelmed or simply not focused on these SaaS tools because they aren’t the system owners and may not even have access to them.
“Every enterprise today is heavily using SaaS services without addressing the associated and ever-changing security risks,” says Emanuel Timor, general partner at Vertex Ventures Israel . “We are impressed by the vision Adaptive Shield has to elegantly solve this complex problem and by the level of interest and fast adoption of its solution by customers.”
Onboarding is pretty easy, as Bin showed me, and typically involves setting up a user in the SaaS app and then logging into a given service through Adaptive Shield. Currently, the company supports most of the standard SaaS enterprise applications you would expect, including GitHub, Office 365, Salesforce, Slack, SuccessFactors and Zoom.
“I think that one of the most important differentiators for us is the amount of applications that we support,” Bin noted.
The company already has paying customers, including some Fortune 500 companies across a number of verticals, and it has already invested some of the new funding round, which closed before the global COVID-19 pandemic hit, into building out more integrations for these customers. Bin tells me that Adaptive Shield immediately started hiring once the round closed and is now also in the process of hiring its first employee in the U.S. to help with sales.
Powered by WPeMatico
Conduct an online search and you’ll find close to one million websites offering their own definition of DevSecOps.
Why is it that domain experts and practitioners alike continue to iterate on analogous definitions? Likely, it’s because they’re all correct. DevSecOps is a union between culture, practice and tools providing continuous delivery to the end user. It’s an attitude; a commitment to baking security into the engineering process. It’s a practice; one that prioritizes processes that deliver functionality and speed without sacrificing security or test rigor. Finally, it’s a combination of automation tools; correctly pieced together, they increase business agility.
The goal of DevSecOps is to reach a future state where software defines everything. To get to this state, businesses must realize the DevSecOps mindset across every tech team, implement work processes that encourage cross-organizational collaboration, and leverage automation tools, such as for infrastructure, configuration management and security. To make the process repeatable and scalable, businesses must plug their solution into CI/CD pipelines, which remove manual errors, standardize deployments and accelerate product iterations. Completing this process, everything becomes code. I refer to this destination as “IT-as-code.”
Whichever way you cut it, DevSecOps, as a culture, practice or combination of tools, is of increasing importance. Particularly these days, with more consumers and businesses leaning on digital, enterprises find themselves in the irrefutable position of delivering with speed and scale. Digital transformation that would’ve taken years, or at the very least would’ve undergone a period of premeditation, is now urgent and compressed into a matter of months.
Security and operations are a part of this new shift to IT, not just software delivery: A DevSecOps program succeeds when everyone, from security, to operations, to development, is not only part of the technical team but able to share information for repeatable use. Security, often seen as a blocker, will uphold the “secure by design” principle by automating security code testing and reviews, and educating engineers on secure design best practices. Operations, typically reactive to development, can troubleshoot incongruent merges between engineering and production proactively. However, currently, businesses are only familiar with utilizing automation for software delivery. They don’t know what automation means for security or operations. Figuring out how to apply the same methodology throughout the whole program and therefore the whole business is critical for success.
Powered by WPeMatico
Last Thursday, Mark Zuckerberg told Facebook’s 48,000 employees that he expects upwards of 50% of the company will be working remotely within 10 years. After outlining many of the advantages that remote work confers — including to “potentially spread more economic opportunity around the country and potentially around the world” — he added that those who choose to move to other places in the U.S. or elsewhere will be paid based on where they live.
“We’ll localize everybody’s comp on January 1,” Zuckerberg said. “They can do whatever they want through the rest of the year, but by the end of the year they should either come back to the Bay Area or they need to tell us where they are.”
Facebook isn’t pioneering something entirely new. The concept of localized compensation has been around for some time, and it’s used by tech companies like GitHub that have primarily distributed workforces. Still, questions about whether it’s fair to pay employees based on their location are sure to grow as more outfits adopt remote-work policies.
Despite Facebook’s uncharacteristic transparency about its thinking, not everyone thinks the tactic makes sense.
One longtime Bay Area recruiter who typically focuses on executive searches calls “disparate pay for the same work” a “dangerous place to be.” Explains the recruiter, Jon Holman, “Even if you invoke the geographic disparity arithmetic based almost entirely on housing costs, what if a new openness to telecommuting means that more women or people of color can aspire to some of these jobs? Are you going to pay them less than the mostly white and Asian-American engineers in the Bay Area? I doubt it.”
Powered by WPeMatico
Under different circumstances, GitHub would be hosting its Satellite conference in Paris this week. Like so many other events, GitHub decided to switch Satellite to a virtual event, but that isn’t stopping the Microsoft-owned company from announcing quite a bit of news this week.
The highlight of GitHub’s announcement is surely the launch of GitHub Codespaces, which gives developers a full cloud-hosted development environment in the cloud, based on Microsoft’s VS Code editor. If that name sounds familiar, that’s likely because Microsoft itself rebranded Visual Studio Code Online to Visual Studio Codespaces a week ago — and GitHub is essentially taking the same concepts and technology and is now integrating it directly inside its service. If you’ve seen VS Online/Codespaces before, the GitHub environment will look very similar.
“Contributing code to a community can be hard. Every repository has its own way of configuring a dev environment, which often requires dozens of steps before you can write any code,” writes Shanku Niyogi, GitHub’s SVP of Product, in today’s announcement. “Even worse, sometimes the environment of two projects you are working on conflict with one another. GitHub Codespaces gives you a fully-featured cloud-hosted dev environment that spins up in seconds, directly within GitHub, so you can start contributing to a project right away.”
Currently, GitHub Codespaces is in beta and available for free. The company hasn’t set any pricing for the service once it goes live, but Niyogi says the pricing will look similar to that of GitHub Actions, where it charges for computationally intensive tasks like builds. Microsoft currently charges VS Codespaces users by the hour and depending on the kind of virtual machine they are using.
The other major new feature the company is announcing today is GitHub Discussions. These are essentially discussion forums for a given project. While GitHub already allowed for some degree of conversation around code through issues and pull requests, Discussions are meant to enable unstructured threaded conversations. They also lend themselves to Q&As, and GitHub notes that they can be a good place for maintaining FAQs and other documents.
Currently, Discussions are in beta for open-source communities and will be available for other projects soon.
On the security front, GitHub is also announcing two new features: code scanning and secret scanning. Code scanning checks your code for potential security vulnerabilities. It’s powered by CodeQL and free for open-source projects. Secret scanning is now available for private repositories (a similar feature has been available for public projects since 2018). Both of these features are part of GitHub Advanced Security.
As for GitHub’s enterprise customers, the company today announced the launch of Private Instances, a new fully managed service for enterprise customers that want to use GitHub in the cloud but know that their code is fully isolated from the rest of the company’s users. “Private Instances provides enhanced security, compliance, and policy features including bring-your-own-key encryption, backup archiving, and compliance with regional data sovereignty requirements,” GitHub explains in today’s announcement.
Powered by WPeMatico
Most developers think of Stack Overflow as a question and answer site for their programming questions. But over the last few years, the company has also built a successful business in its Stack Overflow for Teams product, which essentially offers companies a private version of its Q&A product. Indeed, the Teams product now brings in a significant amount of revenue for the company and the new executive team at Stack Overflow is betting that it can help the company grow rapidly in the years to come.
To make Teams even more attractive to businesses, the company today launched a number of new integrations with Jira (Enterprise and Business), GitHub (Enterprise and Business) and Microsoft Teams (Enterprise). These join existing integrations with Slack, Okta and the Business tier of Microsoft Teams.
“I think the integrations that we have been building are reflective of that developer workflow and all of the number of tools that someone who is building and leveraging technology has to interact with,” Stack Overflow Chief Product Officer Teresa Dietrich told me. “When we think about integrations, we think about the vertical right, and I think that ‘developer workflow’ is one of those industry verticals that we’re thinking about. ChatOps is obviously another one, as you can see from our Slack and Teams integration. And the JIRA and GitHub [integrations] that we’re building are really at the core of a developer workflow.”
Current Stack Overflow for Teams customers include the likes of Microsoft, Expensify and Wix. As the company noted, 65 percent of its existing Teams customers use GitHub, so it’s no surprise that it is building out this integration.
Powered by WPeMatico
The “Sent via Superhuman iOS” email signature has become one of the strangest flexes in the tech industry, but its influence is enduring, as the $30 per month invite-only email app continues to shape how a wave of personal productivity startups are building their business and product strategies.
I had a chance to chat with Superhuman CEO and founder Rahul Vohra earlier this month during an oddly busy time for him. He had just announced a dedicated $7 million angel fund with his friend Todd Goldberg (which I wrote up here) and we also noted that LinkedIn is killing off Sales Navigator, a feature driven by Rapportive, which Vohra founded and later sold in 2012. All the while, his buzzy email company is plugging along, amassing more interested users. Vohra tells me there are now more than 275,000 people on the waitlist for Superhuman.
Below is a chunk of my conversation with Vohra, which has been edited for length and clarity.
TechCrunch: When you go out to raise funding and a chunk of your theoretical user base is sitting on a waitlist, is it a little tougher to determine the total market for your product?
Rahul Vohra: That’s a good question. When we were doing our Series B, it was very easily answered because we’re one of a cohort of companies, that includes Notion and Airtable and Figma, where the addressable market — assuming you can build a product that’s good enough — is utterly enormous.
With my last company, Rapportive, there was a lot of conversation around, “oh, what’s the business model? What’s the market? How many people need this?” This almost never came up in any fundraising conversation. People were more like, “well, if this thing works, obviously the market is basically all of prosumer productivity and that is, no matter how you define it, absolutely huge.”
Powered by WPeMatico
This week, LaunchDarkly announced that it has raised another $54 million. Led by Bessemer Venture Partners and backed by the company’s existing investors, it brings the company’s total funding up to $130 million.
For the unfamiliar, LaunchDarkly builds a platform that allows companies to easily roll out new features to only certain customers, providing a dashboard for things like “canary launches” (pushing new stuff to a small group of users to make sure nothing breaks) or launching a feature only in select countries or territories. By productizing an increasingly popular development concept (“feature flagging”) and making it easier to toggle new stuff across different platforms and languages, the company is quickly finding customers in companies that would rather not spend time rolling their own solutions.
I spoke with CEO and co-founder Edith Harbaugh, who filled me in on where the idea for LaunchDarkly came from, how their product is being embraced by product managers and marketing teams and the company’s plans to expand with offices around the world. Here’s our chat, edited lightly for brevity and clarity.
Powered by WPeMatico
Ten years ago, the vast majority of designers were working in Adobe Photoshop, a powerful tool with fine-tuned controls for almost every kind of image manipulation one could imagine. But it was a tool built for an analog world focused on photos, flyers and print magazines; there were no collaborative features, and much more importantly for designers, there were no other options.
Since then, a handful of major players have stepped up to dominate the market alongside the behemoth, including InVision, Sketch, Figma and Canva.
And with the shift in the way designers fit into organizations and the way design fits into business overall, the design ecosystem is following the same path blazed by enterprise SaaS companies in recent years. Undoubtedly, investors are ready to place their bets in design.
Seed stage design tools, low code/no code software, and/or collaboration tools are getting $10 on $40m term sheets.
Not an isolated case.
Shows their bullishness on these spaces. And some FOMO.
— Bilal Zuberi (@bznotes) August 21, 2019
But the question still remains over whether the design industry will follow in the footprints of the sales stack — with Salesforce reigning as king and hundreds of much smaller startup subjects serving at its pleasure — or if it will go the way of the marketing stack, where a lively ecosystem of smaller niche players exist under the umbrella of a handful of major, general-use players.
“Deca-billion-dollar SaaS categories aren’t born everyday,” said InVision CEO Clark Valberg . “From my perspective, the majority of investors are still trying to understand the ontology of the space, while remaining sufficiently aware of its current and future economic impact so as to eagerly secure their foothold. The space is new and important enough to create gold-rush momentum, but evolving at a speed to produce the illusion of micro-categorization, which, in many cases, will ultimately fail to pass the test of time and avoid inevitable consolidation.”
I spoke to several notable players in the design space — Sketch CEO Pieter Omvlee, InVision CEO Clark Valberg, Figma CEO Dylan Field, Adobe Product Director Mark Webster, InVision VP and former VP of Design at Twitter Mike Davidson, Sequoia General Partner Andrew Reed and FirstMark Capital General Partner Amish Jani — and asked them what the fierce competition means for the future of the ecosystem.
But let’s first back up.
Sketch launched in 2010, offering the first viable alternative to Photoshop. Made for design and not photo-editing with a specific focus on UI and UX design, Sketch arrived just as the app craze was picking up serious steam.
A year later, InVision landed in the mix. Rather than focus on the tools designers used, it concentrated on the evolution of design within organizations. With designers consolidating from many specialties to overarching positions like product and user experience designers, and with the screen becoming a primary point of contact between every company and its customers, InVision filled the gap of collaboration with its focus on prototypes.
If designs could look and feel like the real thing — without the resources spent by engineering — to allow executives, product leads and others to weigh in, the time it takes to bring a product to market could be cut significantly, and InVision capitalized on this new efficiency.
In 2012, came Canva, a product that focused primarily on non-designers and folks who need to ‘design’ without all the bells and whistles professionals use. The thesis: no matter which department you work in, you still need design, whether it’s for an internal meeting, an external sales deck, or simply a side project you’re working on in your personal time. Canva, like many tech firms these days, has taken its top-of-funnel approach to the enterprise, giving businesses an opportunity to unify non-designers within the org for their various decks and materials.
In 2016, the industry felt two more big shifts. In the first, Adobe woke up, realized it still had to compete and launched Adobe XD, which allowed designers to collaborate amongst themselves and within the organization, not unlike InVision, complete with prototyping capabilities. The second shift was the introduction of a little company called Figma.
Where Sketch innovated on price, focus and usability, and where InVision helped evolve design’s position within an organization, Figma changed the game with straight-up technology. If Github is Google Drive, Figma is Google Docs. Not only does Figma allow organizations to store and share design files, it actually allows multiple designers to work in the same file at one time. Oh, and it’s all on the web.
In 2018, InVision started to move up stream with the launch of Studio, a design tool meant to take on the likes of Adobe and Sketch and, yes, Figma.
When it comes to design tools in 2019, we have an embarrassment of riches, but the success of these players can’t be fully credited to the products themselves.
A shift in the way businesses think about digital presence has been underway since the early 2000s. In the not-too-distant past, not every company had a website and many that did offered a very basic site without much utility.
In short, designers were needed and valued at digital-first businesses and consumer-facing companies moving toward e-commerce, but very early-stage digital products, or incumbents in traditional industries had a free pass to focus on issues other than design. Remember the original MySpace? Here’s what Amazon looked like when it launched.
In the not-too-distant past, the aesthetic bar for internet design was very, very low. That’s no longer the case.
Powered by WPeMatico
Data breaches that could cause millions of dollars in potential damages have been the bane of the life of many a company. What’s required is a great deal of real-time monitoring. The problem is that this world has become incredibly complex. A SANS Institute survey found half of company data breaches were the result of account or credential hacking.
GitGuardian has attempted to address this with a highly developer-centric cybersecurity solution.
It’s now attracted the attention of major investors, to the tune of $12 million in Series A funding, led by Balderton Capital . Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker, also participated in the round.
The startup plans to use the investment from Balderton Capital to expand its customer base, predominantly in the U.S. Around 75% of its clients are currently based in the U.S., with the remainder being based in Europe, and the funding will continue to drive this expansion.
Built to uncover sensitive company information hiding in online repositories, GitGuardian says its real-time monitoring platform can address the data leaks issues. Modern enterprise software developers have to integrate multiple internal and third-party services. That means they need incredibly sensitive “secrets,” such as login details, API keys and private cryptographic keys used to protect confidential systems and data.
GitGuardian’s systems detect thousands of credential leaks per day. The team originally built its launch platform with public GitHub in mind; however, GitGuardian is built as a private solution to monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.
Solomon Hykes, founder of Docker and investor at GitGuardian, said: “Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization.”
Do they have any competitors?
Co-founder Jérémy Thomas told me: “We currently don’t have any direct competitors. This generally means that there’s no market, or the market is too small to be interesting. In our case, our fundraise proves we’ve put our hands on something huge. So the reason we don’t have competitors is because the problem we’re solving is counterintuitive at first sight. Ask any developer, they will say they would never hardcode any secret in public source code. However, humans make mistakes and when that happens, they can be extremely serious: it can take a single leaked credential to jeopardize an entire organization. To conclude, I’d say our real competitors so far are black hat hackers. Black hat activity is real on GitHub. For two years, we’ve been monitoring organized groups of hackers that exchange sensitive information they find on the platform. We are competing with them on speed of detection and scope of vulnerabilities covered.”
Powered by WPeMatico
Work tools startup Notion, which recently reached a reported $800 million valuation, isn’t on the verge of a big SoftBank round. In fact, COO Akshay Kothari says the startup has “never felt like if we had more money we could grow faster.”
The company, centered around an app that helps non-developers build collaboration tools, has more than one million users and has scaled its product quickly despite having a team of just 27.
I wrote about the company’s partnership with some of tech’s top accelerators and venture capital firms last month. People are very curious about this small company and how it is run, so here’s more from my recent interview with COO Akshay Kothari in which we discussed the hyped startup’s philosophy of staying small and some of the challenges it may have ahead with this brand of thinking as competitors are raising massive sums.
This interview has been edited for length and clarity.
Notion COO Akshay Kothari (Photo: Notion)
Where does your story begin with Notion? Give me a snapshot of where the team is now.
Akshay Kothari: [Notion co-founders Ivan Zhao and Simon Last] started Notion six years ago and that’s when I invested. I had sold my previous company and I had this newfound money that I didn’t know what to do with. I invested in Notion, so that’s my connection.
We were kind of in research mode for many years trying to uncover what the market needs were. We launched about two years ago; 1.0 was just notes that you could take and a wiki so that you could collaborate with people. And then last year we launched databases and that was the 2.0 version, which kind of seemed like an inflection point, where now you could not only have your notes and your wiki, but also manage your tasks, manage your projects, manage candidates and recruiting, all in a single tool.
Over the last year and a half, the company has grown extremely fast. I joined about a year ago, there were about 10 people at the beginning of this year and now we’re close to 30. It’s still a really small engineering team. We’re 9 engineers, we don’t have any product managers, and we’re 2 designers. So there are about 10 people that are building the product, and 10 people on community and support teams, something that we’ve invested very heavily in. We’re starting to have a sales and marketing team. We have 2 people in marketing and 2 people in sales. That all rounds up to about 27 which is where we are now.
Since you joined do you think the idea has shifted at all?
In terms of the original idea, we were thinking about how people who didn’t know how to code could build things like tools and software that were really useful. I guess the only realization has been that not everyone wakes up wanting to build software, but everyone wakes to solve problems. That was the pivot to focusing on notes, wikis and tasks, because that’s actually something that every team needs.
Are those needs universal for big and small teams?
For the first 100 people you can actually do a lot with Notion. With 30 people, we pretty much run the entire company, except for using Slack for internal communication and Intercom for external communication like talking to customers. Everything else is actually on Notion, like our application tracking system for recruiting inside Notion, our sales CRM is in Notion, our wiki obviously is, our project management as well — no, we don’t use Jira.
For sub-100 businesses, you actually don’t need another tool. When you get to hundreds of people what tends to happens is that some person or some team tends to have a preference for a specific tool. In those situations, Notion plays well with other tools. You can embed things easily. So let’s say Excel or Google Sheets is something that you want to use, you can just embed that inside Notion. So Notion becomes this kind of central nervous system for all of the work that people are doing.
Building on that, one of the things we haven’t done is we don’t do synchronous communication so we’ve stayed away from that because I feel like people like using Slack. On Slack, you can’t actually collaborate on a project… Notion has become a place where you can actually do a lot of your work alongside the synchronous communication.
So, no interest in building a chat or video chat product?
Not in the near term. I think Slack is one of those enterprise tools that people at companies actually like. For a lot of these other tools, we just have to use it, not because we love it but because that that’s what exists.
Notion’s headquarters (Photo: Notion)
What are the barriers for satisfying the customers with 100+ employees?
Powered by WPeMatico