JFrog acquires Vdoo to provide security from development to device

DevOps platform maker JFrog, the first company to develop a binary code management repository for developers, said June 29 that it is acquiring Tel Aviv-based Vdoo in a cash- and stock-based deal valued at about $300 million. Vdoo makes an integrated security platform for connected, IoT, and embedded devices.

JFrog founder and CEO Shlomi Ben Haim told ZDNet that adding Vdoo’s intellectual property was important to his company’s efforts to develop a next-generation security offering to support DevOps users as they respond to a disruption in the market for continuous software delivery. Both companies focus on protecting binary code in enterprise IT systems, a central target for hackers, Ben Haim said.

Sunnyvale, Calif.-based JFrog is expanding its end-to-end DevOps platform offering, which provides holistic security ranging from the development environment all the way to edge systems, IoT, and other devices. 

DevOps is a set of best practices that combines software development and IT operations, with its purpose to shorten a system’s development life cycle and provide continuous delivery with high software quality. Affiliated with DevOps is a relatively new segment called “liquid software,” which describes the flow of software packages from the moment they are created all the way to deployment. Whereas software companies years ago used to publish one or two updates per year, they now often produce updates and patches whenever they are needed–sometimes multiple times per day.

Because of these developments, namely all this new software filling the internet traffic lanes every second, new security processes are required, Ben Haim said.

Most current DevOps and liquid software solutions lack proper security capabilities that are fully integrated into the software lifecycle, Ben Haim said. These security tools are point products with their own data sets, which create friction between development and security teams and slow the release of software updates. This problem is especially acute when updates are continuously delivered to the edge or across a large fleet of devices. As a result, many of these security tools are not delivering on the promise of fast, automated, and secure releases, Ben Haim said.

“The main motivation behind this is that we want to provide the world with a real DevSecOps solution, all the way from the DevOps pipeline, to the edge, to whatever destination,” Ben Haim said. “What we built during the past four years is technology–and better software security–around focusing on binary. We identify binary as the highest priority.”

Vdoo’s product security platform automates software security tasks throughout the entire product lifecycle, ensuring that all findings are prioritized, communicated, and mitigated. The company’s security experts and vulnerability researchers will join the JFrog team to develop advanced security solutions for developers and security engineers, CEO and co-founder Nati Davidi told ZDNet.

JFrog said it will expand its JFrog Xray vulnerability detection product to include Vdoo’s data and improved scanning across multiple dimensions, including configuration and applicability scanning, by the end of this year. In addition, JFrog expects to fully integrate Vdoo’s technology into its DevOps platform to provide an all-in-one secured platform in 2022, Ben Haim said.