Goldman Sachs Leads $30 Million Investment in Software Supply Chain Fixer
Imagine an auto assembly line in which each factory worker is allowed to make random supplier and part decisions.
That’s the way Wayne Jackson, CEO of Sonatype, describes the present state of software development. “You would have no consistency from car to car and it would be complete chaos,” he tells Fortune. “Sadly, that’s how people are making software in most places.”
Get Data Sheet, Fortune’s technology newsletter.
Jackson’s tech firm, founded in 2008 and based in Fulton, Md., manages the lifecycle of digital products. Since most developers draw on open source code to build their software, that leaves open the possibility for countless computer bugs, compatibility issues, and security gaps to creep in.
Sonatype aims to track and monitor all these coding components so as to prevent such lapses. Say someone used a defective software library—like, for instance, OpenSSL during the Heartbleed vulnerability fiasco of 2014—the firm’s technology should alert the developer, block the problem, and make recommendations to resolve the issue.
Think of the service as enabling orderly product recalls, except with software instead of cars, food, or pharmaceuticals.
For more on recalls, watch:
Sonatype said Thursday it raised $30 million in a round of financing led by the principal strategic investments group at Goldman Sachs (GS). All previous investors—including New Enterprise Associates, Accel, Bay Partners, Hummer Winblad Venture Partners, and Morgenthaler Ventures—participated in the round, and the firm has accumulated about $60 million in total funding to date.
Don Duet, who co-leads the tech division at Goldman, cited the growing importance of open source code at his company as justification for the deal. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm,” he said in a statement. “As we work to build, maintain and update these applications, we must also ensure that we are using the highest quality open source components at every stage of the development cycle. We are pleased to support Sonatype’s mission to deliver this important service to the marketplace and the company’s continued growth.”
Jackson, formerly CEO of Sourcefire, a cybersecurity firm now owned by Cisco (CSCO), says the company still had a substantial chunk of the $25 million it raised in 2012, and wasn’t looking to raise more money. The former CEO of Riverbed Technologies—a wireless infrastructure he founded and sold during the dot-com era—adds that the additional support will allow the venture to start pursuing business in the Asia-Pacific region.
That proposed expansion, in fact, represents something of a manifest destiny for Jackson, who references the lean manufacturing principles of the influential labor statistician Edward Deming as well as Japanese automakers as inspiration for Sonatype.
“We’re trying to basically bring the supply chain concepts built by Deming and others at Toyota to software manufacturing,” he says. “Even though for software that may seem impossible.”