The CodeLock Origin Story

Brian and I first met in November 2011, when he was working for the Technical Security Division of the US Secret Service, and I was building AI-enabled capabilities for the US Intelligence Community. The circumstances of our first encounter would make for a great Tom Clancy novel, but that’s another story for another time (preferably accompanied by an excellent single malt in a SCIF). We’ve been the best of friends ever since.

It took a few years, but in late 2019, just as the world was about to suffer through COVID, we decided to launch our own company (Yeah, great timing, I know). We had both spent much of our professional lives keeping our country, communities, and the companies we worked with safe – and the idea of “saving the world” from the rising threat hackers posed to global commerce… Well, neither of us felt like we could just sit by and do nothing. We had also had both been involved with startups before, and while knew it would be challenging, we felt compelled to help however we could.

Little did we know just how bad things would become.

We got off to a rough start (and ate a lot of Top Ramen), but by December 2020, the tides had turned and things were really going our way. My team and I just finished developing some very cool cutting-edge capabilities for the US Department of Defense. Brian was knocking down doors as he rapidly grew the business. We briefed a subcommittee of the United Nations Security Council on ideas for using technology to interdict illicit activities. Best of all, the CTO of the Department of Homeland Security – a retired Marine Corps General – invited us to discuss how we could develop a tech solution for DHS to help protect the global supply chain from attacks launched by foreign governments.

And that’s when everything changed.

We were set to meet with the DHS Top Brass on Wednesday, December 16th, 2020. On the preceding Sunday, the press reported that SolarWinds – an American company that provides IT infrastructure management software for businesses – had been hacked. By Monday, it was clear that this was going to become the biggest Software Supply Chain attack in history.

As you may already know, a software supply chain attack targets vulnerabilities in the software development process to insert malicious code into legitimate software. That malware is then transmitted to everyone who uses the infected software, and everyone downstream suffers. It is analogous to cancer that metastasizes or a global pandemic. It is the modern equivalent of poisoning the well – a tactic described by Herodotus (500 BCE) as the most insidious and unspeakable act of war.

By the time the final tally was taken, the SolarWinds hack had impacted over 18,000 organizations, including most government agencies, and the costs to clean up the damage it caused ultimately exceeded $100 billion (that’s not a typo; $100 billion with a ‘B’).

Suffice it to say we figured the people at DHS who were in charge of keeping our country cyber-safe might be a bit busy for the next few days. Or months. So, we called and told them we completely understood if they wanted to reschedule our meeting. Nope. They still wanted to meet on Wednesday. Great!  No pressure.

At the time, Brian and I were engaged in a contest we called The Founders Fat Off. Our wives had kindly pointed out that we had both become a bit fluffier than they found acceptable, so on Tuesday morning – the day before we were set to meet with DHS – I was in my home gym working out when I had an idea.

What if we could prevent attacks like the one that struck Solar Winds from happening? What if we could have helped them find that incursion within milliseconds of when it occurred – rather than months later, as they did?

The world runs on software – so why can’t we keep that software safe?

In a flash of insight, I figured out how to do just that. CodeLock would lock the code, continuously scan for vulnerabilities, and alert for known and (even more critically) unknown threats; the 99.5% of threats traditional ASTs miss.

While I was still sitting in the sauna (I hope that image doesn’t get stuck in your head), I called Brian. When I explained the mechanics of how it would work, he got even more excited than me. We batted the idea back and forth for a few hours, and when we were done, CodeLock was born.

But were we just impressing ourselves? The real test would come the following day.

When we met the DHS team on Wednesday morning, we told them that before we began, we wanted to run an idea past them. We did. And they loved it – not just a little, a lot. They asked us to commit to building a prototype so they could test and evaluate it – and they did.

The Science and Technology division of DHS tested the CodeLock prototype when it was completed a few months later. When they were done, Brian Murphy, the acting Under Secretary for the Office of Intelligence and Analysis at DHS, summed up their findings: "CodeLock appears to have the capability to stop the most sophisticated criminal malware. With respect to cyber-attacks from hostile nation-states, CodeLock would also be effective.”

This unprecedented endorsement validated our belief that we were on to something, a belief that has since been affirmed by numerous organizations and leaders, including:

· Alchemist Accelerator named CodeLock as having achieved First Place in its cohort
· The State of Virginia awarded CodeLock a generous grant to help secure the Nation’s Software Supply Chain
· Gartner highlighted CodeLock as a top DevSecOps tool for secure software delivery
· US Senator Mark Warner, co-founder of the Senate Cybersecurity Caucus (and co-founder of Nextel Communications), has congratulated CodeLock for “finding innovative solutions to today’s challenges”
· TechCrunch recognized CodeLock as one of the Top 200 Tech Startups in the World

After investing $3 million in R&D, we can proudly say that CodeLock is now the only comprehensive capability for keeping software safe. And as we continue to serve our corporate and government clients, we are committed to further evolving the capabilities of CodeLock so we can stay ahead of the crippling threats that come from cybercrime.

- Dr. JT Kostman
Chief Scientist
CodeLock

Latest articles

All
Events
All
CodeLock
All
Industry
All
Government
CodeLock Named #22 on F6S Top 100 Cyber Security Compliance Companies!

CodeLock Named #22 on F6S Top 100 Cyber Security Compliance Companies!

Dec 11, 2024
Learn more
Enhancing Data Integrity in AI Systems

Enhancing Data Integrity in AI Systems

Dec 10, 2024
Learn more
Army Seeks Industry Input to Strengthen Software Supply Chain Security Through SBOMs

Army Seeks Industry Input to Strengthen Software Supply Chain Security Through SBOMs

Sep 26, 2024
Learn more
Who Pays When Tech Fails? Lessons from the CrowdStrike Outage

Who Pays When Tech Fails? Lessons from the CrowdStrike Outage

Aug 26, 2024
Learn more
Could CodeLock Stop North Korean Hackers?

Could CodeLock Stop North Korean Hackers?

Jul 29, 2024
Learn more
Unraveling the Mystery of The Unprecedented CrowdStrike Outage

Unraveling the Mystery of The Unprecedented CrowdStrike Outage

Jul 22, 2024
Learn more

Subscribe to our Newsletter

Join now to receive valuable updates and exclusive content directly to your inbox