We're excited to announce two big developments:
- ProjectDiscovery Cloud Platform is launching
- We have raised $25 million in Series A funding
We want to bring the best of what we offer our community to a broader ecosystem and at a larger scale. This funding will help us build our commercial offering on top of our open source stack and deliver on our mission to democratize security. We're excited for this opportunity this funding brings and are hopeful to use it to address what we believe is a serious issue in legacy security tools.
The problem with most proprietary security tools
Legacy security tools keep innovation in a black box. The attack surface of our products grows and gets more complex every day, but the tools most companies use don't offer visibility into or control over how much they're keeping up with innovation. There are multiple issues legacy tools present:
- They produce too many false positives, making it hard to prioritize vulnerabilities.
- They lack the ability to customize for your organization's architecture.
- They tend to overstate the criticality of many vulnerabilities.
- They make it hard to collaborate on remediation across teams and departments.
Like many security engineers, we used to piece together scripts from open source to make our day-to-day work easier. We eventually met in a GitHub repository where we collaborated and decided to work together and found ProjectDiscovery. We were all working at different companies, but we started working together to build tools that would allow us to do our jobs better, and we knew we wanted it to be open source.
Several open source security solutions later (including subfinder, dnsx, and more), we founded ProjectDiscovery. We never imagined it would be a true company, but after growing a sizable, active community of users and contributors, we started discussing going full time.
Building an open source security company
After two years of working on ProjectDiscovery as a side project, we went full time in January 2021. Having seen how fast ProjectDiscovery developed as an open source project (thanks to our active community), we wanted to continue building on top of that success. It might have been unusual for a security company to rely on open source, but we sought out investors who know the truth: open source speeds up innovation and makes security more accessible for everyone.
At the time, there really weren't many successful examples of open source security companies. However, we’ve seen this model work incredibly well in DevOps tooling with companies like GitLab, Hashicorp, and others building openly and collaboratively with each other.
We knew our model was working when engineers and engineering leaders from high-profile companies were contributing to ProjectDiscovery and showing how they were using our tools in their work. Our Series A funding will help us build out our team to bring reliable, open source security software to enterprise companies so that businesses can also benefit from the transparency and velocity of open source tooling.
Building ProjectDiscovery Cloud Platform for the enterprise
Hopefully, you already know about how Nuclei uses customizable templates to find security vulnerabilities across the entire attack surface of your organization. Whether you're using a web application, an API, or any third-party applications, you can use Nuclei to discover the risks you have across them, find those vulnerabilities, and then fix them. We're looking to take that tool and take it to the next level.
Nuclei Cloud (now called ProjectDiscovery Cloud Platform) is the first stage of building on and commercializing the open source stack ProjectDiscovery has built over the last 4 years. A key aim for ProjectDiscovery Cloud Platform is to be a viable choice for enterprises by ensuring that the tool is easy to use at scale and passes all security requirements. ProjectDiscovery Cloud Platform helps minimize the operational challenges of running your tools at scale, provides automation for connecting your modular open source tools efficiently, and provides enterprise requirements such as an easy-to-use UI, tool integrations, and reporting.
We know that the idea of using open source security tools is new to a lot of enterprise companies. But we realized that as long as the technology is open and transparent, and the community is actively policing what goes into the product, you have tight control over what gets shipped in that stack. With ProjectDiscovery Cloud Platform, enterprises can do more than ever before.
Respond faster to vulnerabilities
When you use a black box security tool, you rely heavily on the vendor to provide you with the requirements of different scans or checks that you need to secure your attack surface. In the event of a new vulnerability, you don't know how long you'll wait for this information. With open source, you can respond much, much faster to new security vulnerabilities. When the log4shell exploit dropped, ProjectDiscovery had our first templates within 24 hours. Within the week, we had over a dozen different templates for all the different products affected by log4j in our templates. And all of them were contributed by community members.
Unite your security scanners
It's difficult for a single scanner to cover all the different types of workloads an organization needs. Your attack surface might be composed of multiple applications, domains, networks, and ports. You might have seven or eight different kinds of scanners to cover all of those points. If all of those tools are black box legacy tools then merging them together into a pipeline is near impossible. With Nuclei, we built an open, flexible framework that allows any security engineer to create almost any kind of security vector they need to write. That open language allowed us to merge all the different categories and all the different scanners into a single framework. As a security engineer, you now have one language that you need to follow. The pipeline is transparent, and you have full control over it, which minimizes noise and false positives.
Make collaboration on remediation easy
Instead of security practitioners and developers manually writing vulnerability descriptions, verifying them, and passing the reports back and forth until the remediation is complete and verified, Nuclei works with templates that become the single source of truth for vulnerabilities in your company. The template contains everything about the vulnerability and its remediation, and can be rerun to validate that the vulnerability has been addressed. You can even add it to your CI/CD pipeline! The template automates a lot of tedious, manual tasks on both sides; now, developers don't have to constantly break their flow and security isn't treated as an afterthought.
Beyond ProjectDiscovery Cloud Platform: Making security more accessible
We've had customers sign up for ProjectDiscovery Cloud Platform because they were using our tools in their open source work, but they needed the same flexibility and velocity in their workflows for enterprise work. With the explosion in new technologies unlikely to slow down, black box security is no longer viable on its own. Being locked into a vendor that's slow to respond to new vulnerabilities or attack vectors just doesn't cut it for enterprise anymore; cybersecurity must constantly evolve to keep up with innovation.
At ProjectDiscovery, we want to make security open, and completely accessible so we can innovate together with all the different communities, engineers, and security researchers across industries. Our products are built on top of these ideals so we can democratize security together.