Applications provide the means for people and systems to interact, making them critical to all aspects of business. App development teams are under pressure to speed up delivery while tackling the ever-growing list of potential threats and vulnerabilities.

Security and development teams are already working together to ‘shift left’ and embed cybersecurity earlier in the build process to reduce the cost and inefficiency of fixing security errors later. But are they doing enough at the earliest point in the development lifecycle – the ‘design’ stage? Given that an estimated 50% of software security issues come from flaws in design, the statistics suggest otherwise.

Secure design in application security has been a manual, time consuming, inefficient and specialised process for many years. We’re predicting that organisations will not be able to sustain the status quo of manual threat modelling, particularly in today’s environment with security and developer teams working remotely. The modeling of threats and vulnerabilities based on application design – ‘threat modeling’ for short – hasn’t been able to scale to the thousands of applications that large enterprises create and maintain every year. That’s why we’ve invested in IriusRisk.

IriusRisk’s software automates and manages the threat modeling process collaboratively, bringing security architect and developer teams together. It has built the software tools needed to secure software by design, integrating within existing workflows. The company now has a customer base of 40 enterprises including some of the world’s largest banks, payment providers and industrial companies. Security teams at these companies see IriusRisk’s products as a “source of truth” for identifying and understanding potential vulnerabilities, enabling scalability, and increasing integration between security and development teams.

This $6.7m Series A investment, with 360 Capital Partners, Swanlaab, JME Ventures and Sonae Investment Management, will enable IriusRisk to enhance its product set and accelerate growth in the US and Europe. We firmly believe IriusRisk’s team has the product vision and execution capability to be the leader in secure design software tools and are looking forward to working with a team of very impressive entrepreneurs and domain experts.

E. Kenneth Pentimonti

Principal, Europe