Cybersecurity / Data / Funding / Hiring

How Sonatype plans to expand following its $80M funding round

The Fulton-based company sees opportunity to expand the global reach of its tools for software developers using open source code.

Sontaype team members with CEO Wayne Jackson, as he was awarded EY Entrepreneur of the Year in 2018. (Courtesy photo)

Following last week’s close of an $80 million funding round, Sonatype is looking to cement itself as a Maryland-based company that’s known around the world, said Bill Karpovich, the company’s SVP of strategy and corporate development.
It was already on its way before the funding round, and was among the companies we picked when considering the Columbia area’s top tech companies as part of the’s realLIST 2018. The 10-year-old company has grown to about 220 employees, with about one-third each at HQ, international offices and distributed around the U.S.
“We will continue to expand in each of those areas,” said Karpovich, who joined Sonatype last year from IBM.
Sonatype provides tools for software developers using open source code to build applications. It maintains a repository of open source libraries and uses data tools to automate processes to reliably use the building blocks within those libraries, Karpovich said. A big focus is on detecting potential security vulnerabilities within that code, and providing info about how to avoid it.
Karpovich said Sonatype initially worked with big banks and credit card issuers, as well as government clients. Now the company is expanding into other areas. While exact figures weren’t released, the company said it grew sales 80 percent year-over-year in the first half of 2018.
“Every company is running their company on software and every company is driven to be innovative,” Karpovich said. He used the example of car companies, which are increasingly focused on connectivity and the technology inside of the car along with mechanical parts. In turn, pieces of code obtained through open source libraries make up the supply chain for this form of assembly.
With software available for anyone to use, “you have to make sure that you know where it’s coming from,” Karpovich said.

Among the factors driving the company’s growth is a better understanding in the market of the potential for the vulnerabilities to lead to severe attacks, Karpovich said. As Wired reported, last year’s Equifax breach happened because a known issue with an open source software package wasn’t fixed.

“Equifax did not recognize that they had been exploited for about 100 days after there was a public disclosure that a library they were using had a vulnerability,” Karpovich said.
With the size of Sonatype’s funding round led by San Francisco–based private equity firm TPG (who took a minority stake), the company made the latest splash from a cybersecurity company in the Columbia area.
Tenable went public in July after raising a record-setting funding round. And Sourcefire, where Sonatype CEO Wayne Jackson was previously in the top job, was acquired by Cisco in 2014 after going public.
“We think we’re following in that same tradition,” Karpovich said. “The Maryland area is a phenomenal place to build a tech company.”
So is an IPO or exit in the future plans?
“With continued success, we will have all those opportunities available to us,” Karpovich said.

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

Our services Preferred partners The journalism fund

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!


Major state funding boost means more Maryland college students can get tech internships

He started at Neya as an intern. 10 years later, he’s director of robotics — and loving life

Entrepreneurs need housing more than tax policy

What technology puts on display and why

Technically Media