Sequoia backs Coana to help companies manage security vulnerabilities in open source dependencies

Danish startup Coana raises $1.6 million in pre-seed round led by Sequoia Capital. Their unique approach to software security, reduces irrelevant alerts, improving focus on key vulnerabilities.
Sequoia backs Coana to help companies manage security vulnerabilities in open source dependencies

Coana, a Danish application security startup, and recent alum of Sequoia’s preseed and seed-stage catalyst Arc, has today announced the raise of $1.6 million in a pre-seed round. 

Sequoia Captial led the round with additional financial support provided by Seattle-based Essence VC. Further validation of Coana’s efforts is supported by angel investors including former Amazon and current Google exec Taylor Lehmann, former RedHat VP, Cloud Platforms Kamal Shah, former VP of sales at GitHub Paul St. John, and Semgrep CTO and co-founder Drew Dennison.

Sifting through the haystack

False positives. We all know them, we all loath them. No matter what your focus is, superfluous distractions are just that — time spent away from what truly matters. 

While each industry and job role has its fair share of irrelevant alerts, for software development teams that rely heavily on open-source software, up to 95 per cent of security alerts generated by traditional vulnerability scanning tools, a.k.a SCA (software composition analysis) tools are deemed irrelevant, leaving security teams sifting through the haystack to find the actual needles.

Reachability analysis

Based on five years of academic research conducted at Denmark’s Aarhus University, the team behind Coana is taking a radically different approach to SCA all revolving around the concept of ‘reachability analysis’. 

As opposed to traditional methods that flag every possible vulnerability in open-source dependencies, Coana determines which functionalities are actually in play and separates the wheat from the chaff.

Coana co-founder and CEO Anders Søndergaard elaborates:

"Keeping software applications secure has become an overwhelming chore for engineering teams, and they long for solutions that allow them to focus their efforts and resources on the most important issues.

“With Coana’s new approach to SCA, engineering teams can focus on what matters without compromising security.”

Finding initial success with JavaScript, Coana is now porting its reachability analysis method to additional programming languages and as part of a beta launch in October 2023, has demonstrated significant impacts for early adopters including GAN Integrity and Maze.

On the investment, Sequoia partner Bogomil Balkansky shared:

"Software Supply Chain Security is experiencing the perfect storm: increasing regulatory requirements, growing stakeholder expectations, and a rising number of new vulnerabilities and security incidents. These factors make Coana, which makes it easier to navigate this complexity, a must-have for modern application security stacks.

"The technical achievements of the Coana team, which greatly improve the signal-to-noise ratio, provide a glimpse into the security practices of tomorrow.”

Lead image: Source photo via Matt Martin Photography.

Follow the developments in the technology world. What would you like us to deliver to you?
Your subscription registration has been successfully created.