DEVOPSdigest

JFrog entered into a definitive agreement to acquire Vdoo in a cash and stock-based deal valued at approximately $300 million.

JFrog has accelerated its efforts to provide security offering to support DevOps users as they respond to the disruption in the market for continuous software delivery. As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices.

Vdoo’s security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers. With years of extensive experience in software architecture and vulnerability research, reverse engineering, and binary code analysis, Vdoo’s team and JFrog will seek to deliver a complete DevSecOps solution to secure the full software packages lifecycle.

“It is clear to us that the joint vision of changing the way software is being created, released, and updated to the edge will be our compass as we offer the market a binary-focused solution to secure their organization’s software assets. This move will amplify JFrog's current success with our security solution, JFrog Xray, and create the expectation that ‘fearless releases’ will be the experience for both Security and Development teams.” said Shlomi Ben Haim, Co-Founder and CEO of JFrog.

"This proposed acquisition is a great fit for both our companies,” said Netanel (Nati) Davidi, Co-Founder and CEO of Vdoo. “We share a vision around DevOps and security: if any DevOps company isn’t also a security company, it is solving only a small piece of the puzzle...our team has focused on being hybrid and holistic, and integrated across all dimensions throughout the software delivery life cycle."

Vdoo’s technology for analyzing and securing software packages will fuel JFrog’s security and runtime technology expansion, with the anticipated following benefits to JFrog customers, security engineers and the developer community:

- Saving resources with improved efficiency and high accuracy: Contextual threat analysis with advanced algorithmic applicability scanning that prioritizes critical security gaps across multiple vectors

- Zero-Day detection: Ability to automatically detect zero-day new vulnerabilities, malware, exploits, backdoors, supply chain risks, and other threats before they become public

- Accelerated mitigation: Actionable mitigation recommendations across multiple attack vectors cut to the bottom line, avoiding teams’ “alert-fatigue” and noise when having to sift through thousands of possible vulnerabilities

- IoT and Embedded device security: Extending security to embedded software on devices/IoT, along with firmware scanning and uniquely identifying vulnerabilities in compiled C/C++ application components

- Configuration security: Detecting configuration risks and implementation gaps (over 400 types of tests)

- Runtime protection for embedded devices: Alerting and blocking exploitation attempts in real-time

- Deeper, research-based coverage: Identify known and unknown security risks and improved prioritization and mitigation capabilities

- Standards compliance: Matching any security risk found to more than 40 (to date) different security standards and regulations

As part of the integration process, JFrog will triple the size of its security experts team - including engineering, marketing, and sales - with employees that will be located in Israel, Germany, Japan and North America.

In 2021, JFrog will expand JFrog Xray vulnerability detection to include Vdoo’s extensive data and improved scanning across multiple dimensions, including configuration and applicability scanning. In addition, JFrog expects to fully integrate Vdoo’s technology into its DevOps platform to provide an all-in-one, continuous, holistic secured platform in 2022.

In the immediate term, Vdoo’s SaaS product will remain in operation, with new development of features and functions focusing on the JFrog Platform solution. Following the completion of the acquisition, JFrog and Vdoo will work with customers to ensure business continuity and streamlined migration to the joint offering.