Snyk, from first check to leader in dev-friendly open source security

We are thrilled to announce our investment in Snyk, which is a developer-first security solution that helps companies use open source code and stay secure. We couldn’t be more excited to be leading this new round of capital again with Canaan Partners and including Heavybit, FundFire, and Peter Mckay (Co-CEO of Veeam) (see Techcrunch for more coverage).

Our initial journey goes way back as we were investors in Guy Podjarny’s previous company,, which sold to Akamai in 2012. For the next few years we collaborated on several co-investments and what ultimately attracted us to Guy’s new company (along with co-founders Danny Grander and Assaf Hefetz), was their bold vision to create a new platform for securing open source components with a dev-first focus. At the time we seeded Snyk in late 2015, open source library usage was growing significantly and solutions were either security first which slowed down dev or dev first but not with enough security built in. With the movement towards continuous integration and deployment, it was clear a new solution was needed.

In a little over two years, Snyk has gone from “founder market fit” to “product market fit” and this new round will allow the company to build out is product offering and expand its Fortune 500 customer base.

With over 120,000 developers using the platform, 100,000 projects protected, 350,000 downloads per month, and notable partnerships with Heroku, JFrog and Microsoft Sonar, Snyk has proven it can get developers to fully adopt a security solution, and the importance of having the strongest database of known vulnerabilities in open source

Funding rounds are always a great opportunity to look back and see how the company’s initial thesis has held up and what has improved or changed. See below for Snyk’s initial vision from late 2015, much of which remains the same today; developer velocity increasing, security isn’t dev-friendly, how do you bridge the gap, esp. in open source world where much of it is third party code.

There have clearly been some tweaks to the model since then, but what is most exciting for us is watching Snyk go from idea and vision in a non-existent market to one where the question of how developers are securing open source components is becoming mainstream. And given some high profile security breaches like Equifax in Sept. 2017 where it was due to unpatched open source vulnerabilities, you can see why the interest in solutions like Snyk’s are gaining rapid adoption.

While the need for dev-friendly open source security may seem obvious today, especially with the stats above, how did we frame our initial investment? Here‘s what got us excited back then, much of which has come to fruition in the 2 years since:

  1. Solving a huge pain point in an emerging but potentially massive market — we were witnessing the move to continuous integration and deployment spreading to the enterprise combined with the growth of open source and third party components; the thinking was that if you could make it dev-friendly then it could be a massive business
  2. Dev first business model with budget from security — we love bottom up, organic models but always question where the bigger budgets are coming from, and what we saw in Snyk was an opportunity to go bottom up with developers and then access the security budget for bigger dollars.
  3. Founder-market fit — GuyPod previously was Chief Architect at Sanctum/Watchfire Security, developers of one of the first web-app firewalls, ultimately sold to IBM. Danny Grander had significant security engineering experience starting in the IDF where he met Guy and into Skybox Security and as CTO of Gita Technologies. Assaf had a Sr Research role at Skycure which Symantec bought last year. This team had the technical and product skills and understanding to go after this opportunity.
  4. Repeat founders — we are always thrilled when founders we backed previously give us thefirst shot to invest in their new company. In this case, we had backed Guy before when he co-founded which was sold to Akamai. He eventually became CTO of the Web Experience Unit at Akamai.
  5. We like to work with founders well before they leave their current roleand start a new company. In Guy’s case we had regular dialogue over a couple year timeframe to both brainstorm and also vet the idea with our Fortune 500 relationships. We also introduced Guy to fellow founders like Tom Preston-Werner from Github (see blog post on Snyk) to help refine the story.
  6. Time to value — incredibly easy to get up and running, authenticate via github, bitbucket and Snyk starts scanning, monitoring, and suggesting fixes
  7. We love being able to help accelerate time from “founder-market fit” to “product-market fit” to which we accomplished by helping Snyk secure some of their early on-prem Fortune 500 customers.
  8. We are purpose built to double and triple-down in our portfolio as they hit milestones and scale their GTM team.

Once again, we couldn’t be more excited about leading this new round of funding and look forward to continued success for the team.

Also on Medium

Developer love vs revenue Going from Seed to Series A

Great blog post by CockroachDB on open source business models and their plans to make money:

If you’re serious about building a company around open source software, you must walk a narrow path: introduce paid features too soon, and risk curtailing adoption. Introduce paid features too late, and risk encouraging economic free riders. Stray too far in either direction, and your efforts will ultimately continue only as unpaid open source contributions.

I would say same goes for any developer-focused company whether OSS or some other hybrid free/premium model. It is truly an art form when it comes to striking that steady balance between developer and community love versus generating revenue and potentially alienating those who supported you.

This is also an important question as it relates to fundraising for dev-focused startups. Introduce your pricing page too soon and that is the metric that Series A investors will track religiously. Bet the farm on developer love and metrics only and you may never get enough traction to get to that next round.

From what I have seen in our portfolio, goal #1 is always to build an amazing community, focus on developer love and track the metrics and tweak. Without the developers, you have no customers.

Read More

EMC buys portfolio company Greenplum – more behind the story

Congratulations to Greenplum and Scott Yara, Bill Cook, and Luke Lonergan in particular! It has been quite a roller coaster ride over the last 10 years and there were a number of times we stared at the abyss only to come back stronger.  This is a story of great people and incredible perseverance.  The great news is that we leveraged two strong trends early on – the era of big data and the need for cheaper and better solutions and the fact that hardware is a commodity and the value is in the software.  We also leveraged the open source database platform PostgreSQL as the initial foundation for our technology. After all these years, I am glad to see that EMC and others have caught on to both of these facts.

Read More

Hybrid clouds are coming

Amazon has taken off with its cloud compute infrastructure but there still have been some limitations from an enterprise perspective.  Mainly, some enterprises are concerned about keeping their data private, about reliability, and storage costs over time.  Any enterprise looking at potentially leveraging the cloud would love to have a hybrid solution which allows them to manage their own internal cloud and then burst over to a public cloud for either automated failover, extra storage, or to port an application over after using an internal platform for development.  Sun seems to get it as evidenced by their announcement today to offer their own cloud computing platform.  Key here is that it will be interoperable with Amazon S3 and its platform.

"Sun anticipates that the cloud scene will feature many clouds, both public and private, that are interoperable and driven by different application types. Applications eyed for deployment on Sun Cloud include Web 2.0 applications, social networking systems, gaming applications, and anything that needs the scale of the Web, said Tucker. Departmental applications are envisioned as well.

"What we're introducing in New York here is we're talking about our public cloud," for developers, Tucker said. Sun has seen a lot of interest in cloud computing from enterprises, he said. "It’s getting very rapid uptake at least in the large enterprises today," said Tucker.

What is interesting is that their is a little known startup with great open source technology called Eucalyptus which is helping drive some of this initiative. Eucalyptus will be the software that will allow the Sun cloud to interoperate with other platforms and services.  With this open source platform, companies can now deploy apps on their own cloud and use Amazon or other cloud services for high availabilty or extra storage without vendor lockin.  Congratulations to Rich Wolski and team as they have made tremendous strides during the last 6 months.  I was just with them in New York yesterday and believe they are on to something big.

Greenplum closes on $27million round of financing

Congratulations to Bill, Scott and team on our new $27mm round of funding led by Meritech and including Sun Microsystems and SAP Ventures.  You guys have been pushing the envelope since I have known you and delivering some spectacular results to boot.  It is nice to see our team and product get validated with a significant round of funding so we can continue our battle to bring our customers a better, faster, and cheaper way to access and analyze massive volumes of data.  When we made our first investment years ago, our fundamental bet was that a new approach was needed to deal with exponential data growth driven by network computing and internet applications.  We certainly had some fits and starts tackling this data problem by utilizing a software-only approach built on top of open source software and delivered on commodity machines, but with this funding and our continued customer momentum, we are certainly on the right track.  For more on this investment, read the following quotes from Jonathan Schwartz, CEO of Sun Microsystems, and Nina Markovic, head of SAP Ventures:

"Alongside Sun’s acquisition of MySQL, our investment in Greenplum is further evidence of our commitment to the open source database community and marketplace," said Jonathan Schwartz, CEO and president, Sun Microsystems. "Postgres has been a critical part of our support offering to customers, and Greenplum’s leverage of Postgres to disrupt the proprietary vendors with breakthrough business intelligence solutions creates opportunity for their investors, and more importantly, our mutual customers."

"We invested in Greenplum because we’re seeing a growing demand for scalable database technologies to support analytical and data-driven applications," said Nino Marakovic, head of SAP Ventures. "From a technology perspective, the Greenplum database is very strong and complementary to our offerings. We share the vision of enterprises harnessing ever-growing data repositories to make optimal business decisions in real time."

The trend is your friend – leveraging the power of commoditization and the efficiency of the web

I always like to say that the "trend is your friend," and it is pretty clear that one of the most powerful trends in the technology industry is the commoditization of existing markets which are currently served by high-priced, proprietary vendors.  In addition, it is also quite clear that companies that can leverage the web for sales, marketing, and even product delivery (downloads or SAAS) can have some significant advantages.  When I look at the enterprise landscape, I am not necessarily looking for the cheap solution, but rather a disruptive one that will allow a company to offer orders of magnitude improvement in performance, price, and delivery.  In addition, there are a few must-have characteristics companies should possess in order to get me interested:

1. large projected market-new emerging markets are welcome as long as we can see the opportunity ahead.
2. capital efficient business models – leverage frictionless sales and the web (try before you buy model, low barrier to usage, downloads, etc.) to create a more efficient and less costly sales and marketing machine.  Also leverage the commoditization trend to deliver products faster, cheaper and better.
3. disruptive technology – orders of magnitude improvement in price, performance, and delivery

A great example of a company meeting a number of those characteristics is portfolio company Greenplum (yes, full disclosure, I am on the board and may be biased in my opinion 🙂 ).  Greenplum is leveraging the power of commoditization to turn the data warehousing market, traditionally led by proprietary vendors like Teradata, upside down.  Rather than rave about Greenplum, I thought I would share a recent article from Bill Inmon, a well known data warehousing analyst who some view as the father of data warehousing:

And with that explosion of data comes a corresponding increase in the costs of data warehousing. In particular, storage costs and the cost of the infrastructure required to support the storage needs are rising. The hardware vendors love to say that storage costs are going down all the time. This appeases the manager who has to pay large sums for the storage infrastructure. Storage costs may be decreasing at a factor of X, but the demand for storage is increasing at a rate of Y, and Y is a lot bigger than X.

It is reputed that one hardware vendor is selling storage for data warehouses at the rate of approximately $750,000 for a terabyte of storage.

So along comes Sun Microsystems and Greenplum with an offer you cannot ignore. How about $35,000 for a terabyte of data up to 24 terabytes?

If you are planning for a data warehouse in your future, you should take a close look at the Sun/Greenplum offering. No, let me say that a little bit more strongly – you cannot afford to not take a look at the Sun/Greenplum offer – not unless you enjoy throwing your corporate resources away.

It is about time that someone lowered the dreadful cost of data warehousing. Some of the leading vendors have been shameful in their gouging of customers. So the Sun/Greenplum offer comes as a godsend.

The offer is so good that in fact, you can afford to buy and install Sun/Greenplum, try it out, and if it doesn’t work, for whatever reason, use the gear for some other purpose. At the price ratio of $750,000 for one terabyte versus $35,000 for a terabyte of data up to 24 terabytes – you simply have to try this offer.

So you may ask yourself how we are able to offer that kind of pricing, 20x cheaper than some competitors, and still get profitable?  Well first, we are leveraging a hybrid sales model where partners like Sun help drive the high end opportunities and our open source street cred and our creation of helps fuel the download model.  In addition, rather than build expensive proprietary hardware solutions, we are leveraging the power of commodity boxes and clusters to deliver better performance at a fraction of the cost of existing competitors.  In addition, rather than start from scratch we have built some proprietary extensions on top of PostgreSQL, a leading open source database, to make it BI ready.  So combine lower costs to build with a highly leveraged sales model and you can quickly see why we can offer the pricing that we do and build a great business from it.  There is nothing like leveraging a powerful trend, so if you are an entrepreneur building a company with many of the characteristics outlined above, I would love to hear from you.

Greenplum’s first reference customer

Congratulations to Greenplum (full disclosure: portfolio company) as it announced its first referenceable customer, Frontier Airlines, last week.  To refresh your memory, Greenplum develops software that allows customers to deploy terabyte scale datawarehouses leveraging PostgreSQL at significant price/performance advantages over exsiting solutions.  Building credibility is an important step for startups and getting referenceable customers and hiring industry talent are two surefire ways to do that.  Here is a quote from Robert Rapp, CIO of Frontier and former CIO of Southwest Airlines, from a Charles Babcock Information Week article:

Frontier CIO Robert Rapp says the airline’s yield management process runs on Bizgres MPP. The system predicts the yield or profit that Frontier will receive on various flight combinations and ticket prices. The system helps Frontier determine where to offer seats at bargain prices and where to avoid what might turn out to be a competitive bloodletting, with no one profiting, says Rapp, the former CIO of Southwest Airlines, a pioneer of low-priced flights.

"Greenplum allowed us a very economical solution for a mid-sized airline. There are large amounts of parallelism in the system," says Rapp. A comparable but higher end commercial system used by retailers such as Wal-Mart comes from Teradata, a unit of NCR Corp. "Greenplum was available at 20-30 times less" than such a system."It was available at a very nice price point for us," adds Rapp.

Congrats to the Greenplum team on reaching this significant milestone and I am sure that this Frontier Airlines story is one that the company and I will be hearing about for a long time, in every sales presentation and pitch.  As I have said before, it is important to make sure your first 5 customers are highly referenceable (extremely happy with your solution and influential in the community to get the market’s attention) so you can significantly leverage those first relationships to establish market credibility and even help close some of your sales prospects.

Red Boss – will it truly be open?

It seems that the open source business model has been top of mind for many in the technology industry as of late.  First comes Checkpoint’s attempted purchase of Sourcefire and now comes Red Hat’s announcement that it will acquire JBoss.  The acquisition price of $350mm is pretty sweet validation for the open source model considering that the multiples are about 20x trailing revenue ($20mm estimated revenue in 2005) and 6-7x forward ($50-60mm estimate for 2006).  And on top of that the company only raised $10mm which means it was incredibly capital efficient.  That being said, we have to remember that this is not going to change the corporate IT landscape overnight.  First Red Hat may end up competing with many of its partners like IBM who have helped validate Red Hat by offering the muscle and handholding of the IBM brand and employees.  Secondly, just because Red Hat’s name is on it does not mean that CIOs will immediately change their buying decisions.  As I mention in an earlier post in 2004, Red Hat has needed to find more avenues for growth and what better way to do that than moving up the stack from the OS.  Here is an excerpt from my post in 2004:

It seems that many of the bigger open source players are building out their own stacks ala Microsoft and others in the pursuit of growth and profits like traditional closed-sourced software companies.  Isn’t this the antithesis of what open source stands for?  Rick Sherlund, Goldman’s software analyst, says that it makes sense from a financial perspective since it allows vendors to cross-sell and lock-in the customer – customer retention is a good thing after all, isn’t it? While all of the open source players did their best to dodge this question and claim that they are really open, MySQl was the only company that really seemed credible here as its goal was to be part of everyone’s stack, including the Microsoft .NET one.  JBoss and RHAT clearly seemed to be building their own middleware and open source stacks while at the same time claiming an open architecture.

Fast forward 18 months later and you have the first move in that model – Red Boss.  Sounds like Microsoft?  I thought part of the reason technologists bought open source was to not be locked in to any one vendor.  This will be interesting to see as the need for revenue, growth, and profits drives some of the larger open source players and to see if they continue to remain 100% truly open.  Should I tweak the JBoss app server just a tad to make it work better on Red Hate vs. Suse or .NET?  Let’s watch how Red Boss balances the need to meet Wall Street expectations for quarterly numbers with the need to make its customers happy by helping them avoid proprietary vendor lock-in.

The next generation web, scaling and data mining will matter

We are all enjoying the benefits that come with the commoditization of existing hardware and software infrastructure.  It is true that it costs exponentially less to launch a business today versus five years ago.  We are all smarter, broadband penetration is reaching critical mass, and open source and commodity hardware have become reliable alternatives to proprietary architectures and closed systems.  As we all move forward with our web-based operations, it is clear that scaling the back-end infrastructure still remains a formidable challenge.  There have been many an instance of popular services going down – remember Typepad,, and as a few examples.  With scaling the backend also comes a need to learn more about your users and their interactions.  Data mining and analysis is becoming a big thing to not only help companies create better services but also to generate more revenue per user.  In addition, for many web companies extreme data driven applications are the core of their services.  Think about Zillow, Technorati, and services like Indeed which are dynamically driven services based on aggregating, crawling, and filtering millions of pieces of data.  However, the fast growth of many a web-based operations combined with the need to mine the data leaves a big hole in the revolution of the cheap.  Web-based operations need an open source way and cheaper option to scale their database needs, move to a data warehousing architecture without breaking the bank, and scale with user growth leveraging commodity infrastructure.  Enter Greenplum (full disclosure-Greenplum is a portfolio company and I am on the board) which just released its GA product Bizgres MPP for data warehousing leveraging the best of the open source PostgreSQL database.  We have been working on the code for the past 18 months, and I am quite proud of the team for having delivered the release.  Greenplum is taking the best of the open source database PostgreSQL and rebuilding some of the core functions like the query optimization, execution, and interconnect.  We are allowing anyone to build a shared nothing architecture ala Google to scale their backend to multiterabyte sized systems leveraging cheap hardware. It is free to run on a single machine but if you want to run a massively parallel option we charge a fee per CPU.

Dana Blankenhorn from ZDNet gets it:

This is a problem a lot of Web 2.0 start-ups like Technorati, Bloglines and Flickr are facing, and projects like Drupal will face soon. They were built with open source tools, but then find they need to "graduate" to something like a data warehouse.  And there’s old Oracle, telling them there’s nothing from an open source supplier that can deliver what they need. Share with us, they say, you don’t have any choice.

Well, now there is a choice. Greenplum CTO Luke Lonergan said that O’Reilly Media, one of Greenplum’s early customers, graduated from mySQL to PostgreSQL with Greenplum and got a 100% 100 times improvement in database access speed across a 500 Gigabyte database. Other Web 2.0 start-ups, and projects, can do the same thing.

"The price of conversion is where the pain is," said Yara, "but look at how fast some of these projects grow."  While mySQL was smart in building on a lightweight Web base, more and more users and projects will find the need to graduate, and face proprietary FUD from major vendors saying they have to pay the "monopoly tax" in order to grow.

I truly believe the next battleground will be based on scaling the back end and more importantly mining all of that clickstream data to offer a better service to users.  Those that can do it cheaply and effectively will win.  The tools are getting more sophisticated, the data sizes are growing exponentially, and companies don’t want to break the bank nor wait for Godot to deliver results.  Given these trends, I suggest downloading Greenplum’s Bizgres MPP and let me know what you think.

Welcome GreenPlum and Bizgres

I have looked at a number of open source projects over the last year and mostly agree with Bill Burnham’s comments that many of these open source plays are "marketing gimmics for startup companies."  Many of these companies are trying to start a new project from scratch, hoping to build a community brick by brick.  In addition, without the ability to create a community, it is hard to build a real sustainable revenue model.  Finally, open source does not matter if there is no customer need for the solution.  That being said, I am quite excited about the relaunch of one of my portfolio companies, GreenPlum, which is bringing the power of open source to enterprise business intelligence.  (Stop reading if you are not interested in a pitch for a portfolio company)

Quite simply, Greenplum is using an open source database optimized with supercomputing architecture to bring terabyte scale datawarehousing to enterprises.  Leveraging this architecture, Greenplum will be able to offer significant price performance benefits over existing BIG IRON solutions.  In addition, Greenplum is working with Josh Berkus and the PostgreSQL community to launch a new project, Bizgres, whose goal is to build a complete database system for BI exclusively from free software.  From a business perspective, what I like about our strategy is that we are building off an already existing and strong community of PostgreSQL developers.  Secondly, rather than pursue a broad platform play for all databases, we are focusing on a large but focused market in BI.  We believe this is a great way for open source to enter the enterprise as the market is riddled with expensive solutions, BI is a top 3 initiative in most enterprises, data is growing like a weed in most places, and because we are not asking CIOs to bet their transaction systems on open source.  Finally, our revenue model is not based fully on a support/service play.  The open source DeepGreen product will target small-medium sized businesses or anyone with data marts and reporting apps in the 10-300 gigabyte range.  GreenPlum will sell licenses for any company that wants to to deploy the DeepGreen MPP product to scale to multi-terabyte environments.  While it is yet another spin on open source, I am quite excited about what GreenPlum is doing and truly hope that by leveraging the success of PostgreSQL, staying focused on a targeted market, and employing a dual license model that the company will be able to rise above the noise.  As I have mentioned in a previous post, one of the clear benefits of open source, especially if you leverage an existing community, is to reduce the friction in the sales and marketing process.