Josh Jennings had just left his first job out of college as an engineer at Winooski-based MyWebGrocer when he approached the company’s founders with an idea for a simpler way to make sure that the software businesses use is secure.
They decided to found SOOS, which offers software composition analysis. That enables companies to run scans of their software to detect vulnerabilities.
“It was really important that someone could come to our site and be up and running, scanning their software, within minutes,” Jennings said. He said he also wanted a company of any size to be able to run the software — so it had to be affordable.
“It’s for the millions and millions of companies worldwide who build software in-house,” said Eric Allard, SOOS’s chief technology officer.
“If you go to the store and you pick up a box of cake mix and you want to know what’s in it, you’re going to look at the side and there’s going to be an ingredients list,” Allard said. “That’s what we generate. We look at your software and we create an ingredients list.”
Allard said you may know you have a nut allergy, so you’re going to make sure there are no nuts in your cake mix.
SOOS detects security vulnerabilities in software and does this every time a customer changes source code. Software engineers frequently incorporate pre-written code into their own work, Allard said.
“So, if you were a carpenter, you’re not hand making the nails and you’re not felling trees and making the lumber yourself,” Allard said. “You’re going to buy all those things and then you’re going to build something out of it.”
Allard explained that software engineers build software the same way.
“They’re going to get all of these bits and pieces and fundamental units that have already been written and they’re going to smash them together to make some problem-solving solution out of those open-source packages,” he said.
The vast majority of projects use open-source software, Allard said. “Your smart TV, your smartphone, your computers, all of the web servers in the world — it runs on open-source software,” he said.
But open-source software brings security vulnerabilities.
“It’s nice to be able to take something that someone has written, but you also want to be wary that there might be something that you don’t see that could be wrong with it, and I think that is what SOOS is trying to provide,” said John Trono, chair of the computer science department at Saint Michael’s College.
SOOS also provides customers information on whether open-source software comes with legal limitations on its use. And the company’s website provides a free version of its software to people who make open-source software.
SOOS is located in Winooski’s Champlain Mill, but most of the company’s approximately 15 employees work remotely, Allard said. Its customers are in India, Ukraine, the United Kingdom and South America.
“We’re trying to build these tools so that anyone can use it,” Allard said.
“It seems like they’re looking at probably a niche that no one has tried to tackle yet,” Trono said. “This company could be providing something that is very valuable to those who are using other people’s software but can’t keep up with all the cybercrime that’s out there.”
Among SOOS’s clients is Union Street Media, a Burlington-based real estate website company.
“We’re a small business,” said Ted Adler, founder and president of Union Street Media. “We need to make sure that we can get value out of our resources and that our product is secure.”
SOOS costs up to $398 a month for unlimited use, Allard said, compared to thousands of dollars for the most basic scan that he said competitors charge.
Allard said SOOS is democratizing software security.
“Can you imagine a world where Mercedes was the only car manufacturer?” Allard asked. “Well, we just came out with a Honda Civic.”