Taking Software Security to New Heights: Unifying AppSec and Vulnerability Management
Today, I am happy to announce that ArmorCode has closed our preemptive Series B funding of $40 million, taking our overall funding to $65 million. In this blog, I share how we got here and what the future holds.
I started writing software at Bell Labs with the father of Unix 25 years ago. At the time, there was no open source; we used monolithic architecture and waterfall methodologies with annual releases. Now, over 80% of software is open source, and in many companies, software is released multiple times a day, even in mission-critical applications. The world of software delivery has fundamentally changed. But software security has not kept pace.
This needs to change. And it must change now.
We founded ArmorCode with one core mission: to democratize and simplify software security. We founded the company during the height of the pandemic in July 2020, driven by two key trends:
- Digital transformation was accelerating. We have seen that happen over the past three years, and the pandemic pushed this into overdrive. Cashless payments, remote work, telehealth with virtual visits, etc., are all outcomes of this. Now, every company is a software company, and software has driven changes worldwide and in every industry.
- At the same time, securing all of this software was, and continues to be an unsolved problem. Vulnerabilities perpetually slip through the gaps between siloed tools, disjointed workflows, and disconnected teams. Significant challenges are standing in the way of democratizing software security and making it central to software delivery for every company of every size.
To validate the hypothesis, I spoke with over 200+ security leaders, and the common consensus was that we didn’t need “yet another security scanning tool.” We needed a unified platform approach that would work with any security scanner of any type and from any vendor. This platform needed to seamlessly integrate with any software delivery ecosystem to provide teams with a streamlined way to identify and remediate their most critical software risks. That’s why the ArmorCode approach has created a unified platform that empowers customers to manage business risk by bringing application security and infrastructure vulnerability management together.
This approach empowers our customers to manage business risk effectively. Brian Pitts, Senior Director, Product Security at Johnson Controls said “Johnson Controls has been pleased to work with ArmorCode to mature and scale our product security program. The ArmorCode platform gives us clear and unified visibility across applications and security tools - identifying the most business-critical vulnerabilities our teams should be focused on. ArmorCode’s risk-based prioritization and workflow automation are integral to our secure software development process. We look forward to our continued collaboration as these new investments accelerate ArmorCode’s innovation, which in turn strengthen Johnson Controls’ ability to securely accelerate software delivery.``
In a short span of three and half years, with several Fortune 500 customers, two out of four Big 4 consulting companies as partners, four billion+ findings processed by our platform, and 200+ integrations, I feel proud that the ArmorCode platform is now the industry’s leading Application Security Posture Management (ASPM) and Risk-Based Vulnerability Management (RBVM) platform.
What comes next for ArmorCode
Over the past three years, ArmorCode has seen incredible growth and traction in the market. We have kept ourselves laser-focused on supporting and working with our customers to meet their needs and shape the ArmorCode Platform to be the best possible platform for understanding and improving the state of their software risk.
We believe that addressing software risk requires unifying security posture and vulnerability management across applications, infrastructure, cloud, and the software supply chain, with an open platform that can work with any scanner that an organization uses now or in the future. This approach has resonated. ArmorCode grew 400% year-over-year in Annual Recurring Revenue (ARR) this past year, working with top brands in the Fortune 500 across several industries that manage trillions of dollars in assets. We have also realized a world-class Net Revenue Retention (NRR) rate of 130%.
Today, we are excited to announce that ArmorCode has raised a preemptive Series B round at $40 million, led by HighlandX. Nokia General Partners is joining us in this round, along with our seed and Series A investors: Ballistic Ventures, Cervin Ventures, and Sierra Ventures. This brings our total funding to $65 million.
As Corey Mulloy, Managing Partner of HighlandX, puts it, “ArmorCode is helping enterprises navigate the complexities of posture management that arise from engaging multiple security tools. Their approach is resonating with application, infrastructure, and product security teams alike in one of the fastest growing areas of security spend. Application security leaders are steadfast in their reliance on and trust in ArmorCode to identify and mitigate risk for their organizations. We believe the tremendous 4X growth at ArmorCode is evidence security teams are hungry for a single pane of glass to improve collaboration, prioritize threats, and consolidate the number of vendors they require. We are thrilled to back Nikhil and the ArmorCode team, as well as existing and new investors, in this next chapter of growth.”
While ArmorCode was not pursuing a funding round, the alignment with HighlandX and NGP and the opportunities the round unlocked were too good to pass up. With this infusion of funds, we will be focusing on three core outcomes:
- Growth: Growing our headcount by 30% over the next six months.
- Evolution: Further investing in the innovation and expansion of the ArmorCode Platform, weaving in the power of Artificial Intelligence and extending the Software Supply Chain Security capabilities of our unified platform.
- Expansion: Expanding our go-to-market capabilities with increased international presence across EMEA and deeper alignment with channel partners.
We look forward to delivering world-class results across these dimensions and taking software security to new heights.
Twenty-five years ago, I got an opportunity to write software alongside the best software engineers of those days, and today, I am proud to be serving a company that deeply cares about building a platform that helps the current generation of software engineers and security teams ship secure software and ship it fast.
A heartfelt note to #TeamArmorCode and our supporters
ArmorCode’s growth and momentum are driven by our fantastic customers, partners, team, and investors. You are at the heart of building ArmorCode, and we wouldn’t be here without you. I would like to offer heartfelt thanks for being part of this journey and for your continued partnership in the future. We are just getting started!