Minimus Secures $51 Million to Combat Software Vulnerabilities
An application security startup, Minimus, has successfully raised $51 million in seed funding, aiming to address the complexities and volume of software vulnerabilities. Helmed by Ben Bernstein, the former CEO of Twistlock, Minimus is poised to revolutionize the approach to application security by reducing the burden of vulnerabilities for developers.
Minimus, based in Baton Rouge, Louisiana, aims to intervene before vulnerabilities reach developers. According to Bernstein, the company intends to replace conventional alert-based scanning methods with a proactive architecture that better integrates development and security teams. Bernstein emphasizes that the primary challenge is maximizing developers’ time by significantly decreasing the volume of vulnerabilities they encounter, suggesting that Minimus could eliminate up to 95% of these issues.
Since its inception in 2022, Minimus has grown to a team of 35 and attracted investments from YL Ventures and Mayfield. Bernstein’s background includes founding Twistlock in 2015, which was later acquired by Palo Alto Networks for over $378 million. Following that acquisition, he managed product and engineering at Palo Alto before launching Minimus.
Traditional methods of application security have struggled to keep pace with the rapid evolution of threats. Developers and security teams are often inundated with alerts originating from outdated packages and complex dependencies. Bernstein notes that these traditional systems rely heavily on manual triage, compounding operational burdens without providing effective visibility. Minimus aims to change this dynamic by offering pre-secured software components that maintain compliance from the outset, ensuring that developers use securely constructed packages.
The startup’s strategy involves re-engineering thousands of open-source packages and maintaining a robust dependency framework. Bernstein asserts that the goal is to ensure that all components are consistently updated, providing developers with the option to incorporate these patches without facing overwhelming alerts. This focus on delivering secure building blocks positions Minimus distinctively against competitors such as Checkmarx, Black Duck, and Snyk, which often concentrate on static analysis and inherited vulnerabilities.
Bernstein points out that while current tools like Snyk are innovative, their reliance on scanning and alert mechanisms is not scalable. He believes that the overwhelming number of alerts leads to alert fatigue among security teams. Minimus seeks to differentiate itself by focusing on delivering an automated, proactive solution rather than merely increasing alert volume.
Minimus is not chasing immediate revenue growth but is instead focusing on building a solid customer base. Bernstein emphasizes the importance of satisfying individual developer needs before expanding the footprint within organizations. This approach mirrors his strategies at Twistlock, where building trust with developer champions proved crucial to success.
As Minimus embarks on its mission, it enters a landscape rife with persistent vulnerabilities and outdated software dependencies. Leveraging the MITRE ATT&CK framework, potential tactics such as initial access and persistence can be anticipated in the evolving threat landscape. By addressing these vulnerabilities proactively, Minimus aims to not only secure development practices but also restore valuable time back to developers.
In summary, Minimus’ innovative approach could have significant implications for the future of software development and security, prioritizing streamlined operations while tackling the ever-increasing challenge of vulnerabilities in software systems. The success of this endeavor will depend on its ability to gain trust and deliver real solutions to an industry under chronic threat.
