Estonian startup Patchstack has raised $5 million in a Series A funding round, aiming to transform the open-source cybersecurity landscape. This investment follows a €2.7M R&D grant received in 2022.
Tallinn-based Karma Ventures led Patchstack’s latest funding round. G+D Ventures and Emilia Capital, the investment firm of Yoast founders Marieke van de Rakt and Joost de Valk, also participated in the round. Notably, Joost de Valk, co-founder of the popular Yoast SEO plugin, used by 5M active WordPress sites, has joined Patchstack’s board.
From Reddit to millions of users
Founded by Estonian entrepreneur Oliver Sild and Dutch developer Dave Jong, the company has an unusual history. Its two founders met on a PHP Security subreddit in 2016. Since then, Patchstack has quickly established itself as a leader in open-source security intelligence. The company’s unique approach combines vulnerability intelligence with application vPatching technology, allowing for real-time protection without requiring user interaction or code changes.
For website owners and developers, particularly those using WordPress, Patchstack offers a range of solutions. Their free plugin provides vulnerability detection, while paid plans start at $5 per website monthly for real-time protection. The company scans over five million websites through its vulnerability intelligence system and prevents millions of vulnerability attacks. Its client roster includes industry giants such as GoDaddy, Digital Ocean, Plesk, and cPanel.
One of Patchstack’s key strengths lies in its access to vulnerability data. The company has launched a gamified bug bounty program and manages the Vulnerability Disclosure Program (VDP) for WordPress plugins, attracting thousands of ethical hackers. This initiative has made Patchstack the largest CVE (Common Vulnerabilities and Exposures) Naming Authority by volume in 2023, publishing 76% of all known WordPress-related security vulnerabilities last year.
The timing of this funding round is particularly significant, given the imminent implementation of the European Union’s Cyber Resilience Act. This regulation, expected to become law later this year, will require companies to have robust vulnerability management and software supply chain oversight. Patchstack is now ready to help businesses comply with these new requirements, offering a free tool for open-source software vendors to prepare for the upcoming regulations.
Looking ahead, Patchstack aims to become the leading open-source software security company. The fresh capital will accelerate product development and build a top-tier sales and marketing team. “With the data and technology we possess, we believe we could potentially hyper-automate the entire open-source software security process,” says Sild.
Interested in investing in Estonia? Read more about the opportunities Estonia has to offer in cyber security and use our free e-consulting service to get started with your business in Estonia.