SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Application Security
#
Cybersecurity
#
Security vulnerabilities

Socket acquires Coana to cut false positive security alerts

Today
Author image
By Jed Nykolle Harme, Editor

Socket has acquired Coana, a cybersecurity startup specialising in reachability analysis, to enhance its software supply chain security platform.

The acquisition introduces Coana's static control-flow and call graph analysis to Socket's platform, providing security teams with the ability to prioritise vulnerabilities based on their actual exploitability within specific codebases.

This move aims to address the challenge of "alert fatigue" faced by development and security teams, who are often overwhelmed by large volumes of security alerts, many of which are not actionable threats.

According to Socket, integrating Coana's technology will allow it to eliminate up to 80% of false positives, enabling application security teams to focus on vulnerabilities that can be exploited. Customers such as Anthropic, Figma, OpenAI and Vercel have already adopted Socket's platform to improve the efficiency of their security processes.

"For every team buried under thousands of vulnerability alerts, Coana's reachability analysis offers a better way forward. They've built the most scalable and accurate reachability engine we've seen, and we're excited to bring it into Socket to give developers precise, actionable vulnerability insights — without the noise. Joining forces with Coana turbocharges our ability to deliver actionable, noise-free security alerts. This is a big win for our customers," Feross Aboukhadijeh, Chief Executive Officer and Founder of Socket, said.

The Coana team, including founders Professor Anders Møller, Martin Torp, Benjamin Barslev, and Chief Executive Officer Anders Søndergaard, will join Socket following the acquisition; Møller is known for his research in JavaScript analysis, while Coana's leadership team has focused on advancing static and control-flow analysis.

"Joining Socket means we can scale our impact immediately. Together, we'll help organizations drastically reduce their vulnerability management burden," Anders Søndergaard, Chief Executive Officer at Coana, said.

"We founded Coana to give developers a tool that finds 100 critical issues, not 10,000 trivial ones. Joining Socket enables us to take that vision to the next level. Socket has led the charge on supply chain security, and now together we'll deliver reachability analysis at a scale and impact that we could only dream of as a standalone product," Martin Torp, Chief Product Officer at Coana, stated.

Furthermore, organisations using Coana's reachability analysis tool reportedly experience up to ten times faster remediation of critical security vulnerabilities. Socket currently protects more than 8,500 organisations and 750,000 code repositories by scanning each commit in real-time, with claims of intercepting and blocking in excess of 500 software supply chain attacks per week and having uncovered over 100,000 malicious artefacts across open source package ecosystems, including npm, PyPI, Maven, and Go.

Socket's annual recurring revenue growth has exceeded 300% year-over-year for 2024, and the company has raised USD $65 million in funding to date, including investments from Andreessen Horowitz. The most recent round was a USD $40 million Series B involving Abstract Ventures, Elad Gil, and a16z.

"Socket's approach to open source security is simply better — it's proactive, precise, and built for how modern teams work. We believe that the combination of Socket and Coana will set a new standard for application security and marks the industry's shift away from legacy SCA," Zane Lackey, General Partner at a16z, said.

The acquisition further expands Socket's reach in the software supply chain security market, positioning its Software Composition Analysis platform as a comprehensive solution for modern development teams. Teams at several high-profile technology companies have migrated from legacy tools to Socket's platform in recent months.

"Great people build great technology. The Coana team shares our values and brings world-class engineering talent to Socket. Together, we're going to redefine what secure software development looks like," Feross Aboukhadijeh added.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Lineaje launches AI-powered self-healing for software security
Proofpoint unveils unified platforms to combat data & cyber risks
CrowdStrike launches Falcon Privileged Access to block threats
Most firms overestimate data resilience, risking USD $400 billion
Nine in ten IT leaders faced cyberattacks as threats intensify
Top stories
Titan of Tech - Jayme Fishman of Avalara
Imprivata appoints Joel Burleson-Davis as new chief technology officer
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint unveils unified AI data security platform for enterprises
Cookie theft bypasses MFA and grants cloud access