JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the liquid software company, today announced that it has entered into a definitive agreement to acquire Vdoo Connected Trust Ltd. (“Vdoo”) in a cash and stock-based deal valued at approximately $300 million.
JFrog has accelerated its efforts to provide an industry-leading security offering to support DevOps users as they respond to the disruption in the market for continuous software delivery. As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices.
Vdoo’s world-class security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers. With years of extensive experience in software architecture and vulnerability research, reverse engineering, and binary code analysis, Vdoo’s team and JFrog will seek to deliver a complete DevSecOps solution to secure the full software packages lifecycle.
Holistic Approach to Security Meets Market Demand, Providing Fast and Secure Software Updates
Many of today’s DevOps solutions are missing proper security capabilities that are fully integrated into the software lifecycle. Security tools are disparate, each with its own data set, which creates friction between development and security teams, slowing the releases of software updates – especially when continuously delivering to the edge or across a large fleet of devices. As a result, many of these security tools are not delivering on the promise of fast, automated, and secure releases.
The market demands a holistic process that secures software components all the way to the edge, consolidates security data for efficient decision-making, saves time and resources, and blesses an end-to-end delivery system with the highest integrity for security-certified releases — from any source to any endpoint.
“We are excited to have Vdoo join the JFrog family,” said Shlomi Ben Haim, co-founder and CEO of JFrog. “It is clear to us that the joint vision of changing the way software is being created, released, and updated to the edge will be our compass as we offer the market a binary-focused solution to secure their organization’s software assets. This move will amplify JFrog’s current success with our security solution, JFrog Xray, and create the expectation that ‘fearless releases’ will be the experience for both Security and Development teams.”
“This proposed acquisition is a great fit for both our companies,” said Netanel (Nati) Davidi, co-founder and CEO of Vdoo. “We share a vision around DevOps and security: if any DevOps company isn’t also a security company, it is solving only a small piece of the puzzle. We’re proud that our team has focused on being hybrid and holistic, and integrated across all dimensions throughout the software delivery life cycle. We look forward to continuing to power this Liquid Software mission as part of JFrog, and anticipate industry-changing innovations from the joint team.”
The DevSecOps Value, Delivered
Vdoo’s technology for analyzing and securing software packages will fuel JFrog’s security and runtime technology expansion, with the anticipated following benefits to JFrog customers, security engineers and the developer community:
- Saving resources with improved efficiency and high accuracy: Contextual threat analysis with advanced algorithmic applicability scanning that prioritizes critical security gaps across multiple vectors
- Zero-Day detection: Ability to automatically detect zero-day new vulnerabilities, malware, exploits, backdoors, supply chain risks, and other threats before they become public
- Accelerated mitigation: Actionable mitigation recommendations across multiple attack vectors cut to the bottom line, avoiding teams’ “alert-fatigue” and noise when having to sift through thousands of possible vulnerabilities
- IoT and Embedded device security: Extending security to embedded software on devices/IoT, along with firmware scanning and uniquely identifying vulnerabilities in compiled C/C++ application components
- Configuration security: Detecting configuration risks and implementation gaps (over 400 types of tests)
- Runtime protection for embedded devices: Alerting and blocking exploitation attempts in real-time
- Deeper, research-based coverage: Identify known and unknown security risks and improved prioritization and mitigation capabilities
- Standards compliance: Matching any security risk found to more than 40 (to date) different security standards and regulations.