The U.S. Securities and Exchange Commission has fined several brokerage firms a total of $750,000 for exposing the sensitive personally identifiable information of thousands of customers and clients after hackers took over employee email accounts.
A total of eight entities belonging to three companies have been sanctioned by the SEC, including Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors) and KMS Financial Services.
In a press release, the SEC announced that it had sanctioned the firms for failures in their cybersecurity policies and procedures that allowed hackers to gain unauthorized access to cloud-based email accounts, exposing the personal information of thousands of customers and clients at each firm.
In the case of Cetera, the SEC said that cloud-based email accounts of more than 60 employees were infiltrated by unauthorized third parties for more than three years, exposing at least 4,388 clients’ personal information.
The order states that none of the accounts featured the protections required by Cetera’s policies, and the SEC also charged two of the Cetera entities with sending breach notifications to clients containing “misleading language suggesting that the notifications were issued much sooner than they actually were after discovery of the incidents.”
The SEC’s order against Cambridge concludes that the personal information exposure of at least 2,177 Cambridge customers and clients was the result of lax cybersecurity practices at the firm.
“Although Cambridge discovered the first email account takeover in January 2018, it failed to adopt and implement firm-wide enhanced security measures for cloud-based email accounts of its representatives until 2021, resulting in the exposure and potential exposure of additional customer and client records and information,” the SEC said.
The order against KMS is similar; the SEC’s order states that the data of almost 5,000 customers and clients were exposed as a result of the company’s failure to adopt written policies and procedures requiring additional firm-wide security measures until May 2020.
“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”
All of the parties agreed to resolve the charges and to not commit future violations of the charged provisions, without admitting or denying the SEC’s findings. As part of the settlements, Cetera will pay a penalty of $300,000, while Cambridge and KMS will pay fines of $250,000 and $200,000 respectively.
Cambridge told TechCrunch that it does not comment on regulatory matters, but said it has and does maintain a comprehensive information security group and procedures to ensure clients’ accounts are fully protected. Cetera and KMS have yet to respond.
This latest action by the SEC comes just weeks after the Commission ordered London-based publishing and education giant Pearson to pay a $1 million fine for misleading investors about a 2018 data breach at the company.
A cybersecurity company says a popular smart home security system has a pair of vulnerabilities that can be exploited to disarm the system altogether.
Rapid7 found the vulnerabilities in the Fortress S03, a home security system that relies on Wi-Fi to connect cameras, motion sensors and sirens to the internet, allowing owners to remotely monitor their home anywhere with a mobile app. The security system also uses a radio-controlled key fob to let homeowners arm or disarm their house from outside their front door.
But the cybersecurity company said the vulnerabilities include an unauthenticated API and an unencrypted radio signal that can be easily intercepted.
Rapid7 revealed details of the two vulnerabilities on Tuesday after not hearing from Fortress in three months, the standard window of time that security researchers give companies to fix bugs before details are made public. Rapid7 said its only acknowledgment of its email was when Fortress closed its support ticket a week later without commenting.
Fortress owner Michael Hofeditz opened but did not respond to several emails sent by TechCrunch with an email open tracker. An email from Bottone Reiling, a Massachusetts law firm representing Fortress, called the claims “false, purposely misleading and defamatory,” but did not provide specifics that it claims are false, or if Fortress has mitigated the vulnerabilities.
Rapid7 said that Fortress’ unauthenticated API can be remotely queried over the internet without the server checking if the request is legitimate. The researchers said by knowing a homeowner’s email address, the server would return the device’s unique IMEI, which in turn could be used to remotely disarm the system.
The other flaw takes advantage of the unencrypted radio signals sent between the security system and the homeowner’s key fob. That allowed Rapid7 to capture and replay the signals for “arm” and “disarm” because the radio waves weren’t scrambled properly.
Arvind Vishwakarma from Rapid7 said homeowners could add a plus-tagged email address with a long, unique string of letters and numbers in place of a password as a stand-in for a password. But there was little for homeowners to do for the radio signal bug until Fortress addresses it.
Fortress has not said if it has fixed or plans to fix the vulnerabilities. It’s not clear if Fortress is able to fix the vulnerabilities without replacing the hardware. It’s not known if Fortress builds the device itself or buys the hardware from another manufacturer.
The meeting, which also included attendees from the financial and education sectors, was held following months of high-profile cyberattacks against critical infrastructure and several U.S. government agencies, along with a glaring cybersecurity skills gap; according to data from CyberSeek, there are currently almost 500,000 cybersecurity jobs across the U.S that remain unfilled.
“Most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said at the start of the meeting. “I’ve invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”
In order to help the U.S. in its fight against a growing number of cyberattacks, Big Tech pledged to invest billions of dollars to strengthen cybersecurity defenses and to train skilled cybersecurity workers.
Apple has vowed to work with its 9,000-plus suppliers in the U.S. to drive “mass adoption” of multi-factor authentication and security training, according to the White House, as well as to establish a new program to drive continuous security improvements throughout the technology supply chain.
Google said it will invest more than $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain and enhance open-source security. The search and ads giant has also pledged to train 100,000 Americans in fields like IT support and data analytics, learning in-demand skills including data privacy and security.
“Robust cybersecurity ultimately depends on having the people to implement it,” said Kent Walker, Google’s global affairs chief. “That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population.”
And, Microsoft said it’s committing $20 billion to integrate cybersecurity by design and deliver “advanced security solutions.” It also announced that it will immediately make available $150 million in technical services to help federal, state and local governments with upgrading security protection, and will expand partnerships with community colleges and nonprofits for cybersecurity training.
Other attendees included Amazon Web Services (AWS), Amazon’s cloud computing arm, and IBM. The former has said it will make its security awareness training available to the public and equip all AWS customers with hardware multi-factor authentication devices, while IBM said it will help to train more than 150,000 people in cybersecurity skills over the next five years.
While many have welcomed Big Tech’s commitments, David Carroll, managing director at Nominet Cyber, told TechCrunch that these latest initiatives set a “powerful precedent” and show “the gloves are well and truly off” — but some within the cybersecurity industry remain skeptical.
“So 500,000 open cybersecurity jobs and almost that same amount or more looking for jobs,” said Khalilah Scott, founder of TechSecChix, a foundation for supporting women in technology, in a tweet. “Make it make sense.”
Cloud security startup Monad, which offers a platform for extracting and connecting data from various security tools, has launched from stealth with $17 million in Series A funding led by Index Ventures.
Monad was founded on the belief that enterprise cybersecurity is a growing data management challenge, as organizations try to understand and interpret the masses of information that’s siloed within disconnected logs and databases. Once an organization has extracted data from their security tools, Monad’s Security Data Platform enables them to centralize that data within a data warehouse of choice, and normalize and enrich the data so that security teams have the insights they need to secure their systems and data effectively.
“Security is fundamentally a big data problem,” said Christian Almenar, CEO and co-founder of Monad. “Customers are often unable to access their security data in the streamlined manner that DevOps and cloud engineering teams need to build their apps quickly while also addressing their most pressing security and compliance challenges. We founded Monad to solve this security data challenge and liberate customers’ security data from siloed tools to make it accessible via any data warehouse of choice.”
The startup’s Series A funding round, which was also backed by Sequoia Capital, brings its total amount of investment raised to $19 million and comes 12 months after its Sequoia-led seed round. The funds will enable Monad to scale its development efforts for its security data cloud platform, the startup said.
Monad was founded in May 2020 by security veterans Christian Almenar and Jacolon Walker. Almenar previously co-founded serverless security startup Intrinsic which was acquired by VMware in 2019, while Walker served as CISO and security engineer at OpenDoor, Collective Health, and Palantir.
The pandemic completely upended the threat landscape as we know it. Ransomware accounted for an estimated 2.9 million attacks so far in 2021, and supply-chain attacks that targeted Kaseya and SolarWinds have increased fourfold over 2020, according to the European Union’s cybersecurity agency, ENISA, which recently warned that the more traditional cybersecurity protections are no longer effective in defending against these types of attacks.
This has created an unprecedented need for emerging technologies, attracting both organizations and investors to look closer at newer cybersecurity technologies.
“We are seeing a perfect storm of factors coming together to create the most aggressive threat landscape in history for commercial and government organizations around the world,” said Dave DeWalt, founder and managing director of NightDragon, which recently invested in multi-cloud security startup vArmour. “As an investor and advisor, I feel we have a responsibility to help these organizations better prepare themselves to mitigate this growing risk.”
According to Momentum Cyber’s latest cybersecurity market review out Wednesday, investors poured $11.5 billion in total venture capital financing into cybersecurity startups in the first half of 2021, up from $4.7 billion during the same period a year earlier.
More than 36 of the 430 total transactions surpassed the $100 million mark, according to Momentum, which includes the $543 million Series A raised by passwordless authentication company Transmit Security and the $525 million round closed by cloud-based security company Lacework.
“As an investor in the cyber market for over fifteen years, I can say that this market climate is unlike anything we’ve seen to date,” said Bob Ackerman, founder and managing director of AllegisCyber Capital, which recently led a $26.5 million investment in cybersecurity startup Panaseer. “It is encouraging to finally see CEOs, boards of directors, investors and more paying serious attention to this space and putting the resources and capital in place to fund the innovations that address the cybersecurity challenges of today and tomorrow.”
Unsurprisingly, M&A volume also saw a massive increase during the first six months of the year, with significant deals for companies in cloud security, security consulting, and risk and compliance. Total M&A volume reached a record-breaking $39.5 billion across 163 transactions, according to Momentum, more than four-times the $9.8 billion spent in the first half of 2020 across 93 transactions.
Nine M&A deals in 2021 so far have been valued at greater than $1 billion, including Proofpoint’s $12.3 billion acquisition by Thoma Bravo, Auth0’s $6.4 billion acquisition by Okta, and McAfee’s $4 billion acquisition by TG.
“Through the first half of 2021, we have witnessed unprecedented strategic activity with both M&A and financing volumes at all-time highs,” said Eric McAlpine and Michael Tedesco, managing partners at Momentum Cyber. “We fully expect this trend to continue through the rest of the year and into 2022.”
Read more on Extra Crunch:
BreachQuest, an early-stage startup with a founding team of cybersecurity experts building a modern incident response platform, has emerged from stealth with $4.4 million in seed funding.
The investment was raised from Slow Ventures, Lookout founder Kevin Mahaffey, and Tinder co-founders Sean Rad and Justin Mateen, who described BreachQuest as having a “disruptive vision and a world-class team.”
The latter is certainly true. BreachQuest is made up of former U.S. Cyber Command, National Security Agency, and Department of Defense employees that it sees as its biggest competitive advantage. The second is its Priori platform, which the Texas-based company believes will re-engineer the incident response process and move incident preparedness into the future.
Currently, it takes most organizations thereabouts 280 days to detect a breach, the startup says, and the slow recovery process that typically follows means this largely manual process costs the average U.S. business just shy of $4 million. The startup’s Priori platform uses aims to improve on what the team sees as “unacceptable industry standards,” enabling organizations to detect intrusions and compromises far faster. That allows companies to near-instantly respond and contain the compromise, the startup says.
BreachQuest’s co-founder and CTO is Jake Williams, a former NSA hacker and founder of Rendition Infosec, an Augusta, Ga.-based cybersecurity company that was acquired by BreachQuest. Williams told TechCrunch that while most other incident response firms are focused on preventing incidents, BreachQuest is focusing on preparing for the inevitable.
“It’s a reality that determined adversaries will get into your network regardless of what tools you put in place to keep them out,” he says. “That’s not [fear, uncertainty and doubt], it’s just a reality that if you’re targeted you’re going to be compromised. That’s what our mission is all about: preparation to facilitate response.”
BreachQuest, which will also assess the cybersecurity risks posed to an organization by potential mergers and acquisitions, believes it has little competition in the market right now because incident preparation is a tough market.
“We continuously see statistics about how IT managers think their security controls will prevent them from being breached, so selling incident response preparation tools and services to those organizations is a hard sell,” Williams said. “But given the landscape of ransomware and other cybersecurity threats being regular front-page news, we think the market is ready.”
BreachQuest will use its $4.4 million seed investment to accelerate the rollout and development of its Priori platform, with future plans to speed up its forensic evidence collection processes and improve response coordination across its disparate team members.
“Incident response is chaotic and it’s hard for people who infrequently work in these situations to address all the issues identified throughout the investigation,” Williams said. “Fundamentally, the problem is a combination of the difficulties getting the right evidence in a timely manner and understanding the status of the response.”
It hasn’t even been a week since Tesla hosted its AI Day, a livestreamed event full of technical jargon meant to snare the choicest of AI and vision engineers to come work for Tesla and help the company achieve autonomous greatness, and already CEO Elon Musk is coming in with some hot takes about the “Full Self-Driving” (FSD) tech.
Just drove FSD Beta 9.3 from Pasadena to LAX. Much improved!
— Elon Musk (@elonmusk) August 24, 2021
In a tweet on Tuesday, Musk said: “FSD Beta 9.2 is actually not great imo, but Autopilot/AI team is rallying to improve as fast as possible. We’re trying to have a single tech stack for both highway & city streets, but it requires massive [neural network] retraining.”
This is an important point. Many others in the autonomous space have mirrored this sentiment. Don Burnette, co-founder and CEO of Kodiak Robotics, says his company is exclusively focused on trucking for the moment because it’s a much easier problem to solve. In a recent Extra Crunch interview, Burnette said:
One of the unique aspects of our tech is that it’s highly customized for a specific goal. We don’t have this constant requirement that we maintain really high truck highway performance while at the same time really high dense urban passenger car performance, all within the same stack and system. Theoretically it’s certainly possible to create a generic solution for all driving in all conditions under all form factors, but it’s certainly a much harder problem.
Because Tesla is only using optical cameras, scorning lidar and radar, “massive” neural network training as a requirement is not an understatement at all.
Despite the sympathy we all feel for the AI and vision team that may undoubtedly be feeling a bit butthurt by Musk’s tweet, this is a singular moment of clarity and honesty for Musk. Usually, we have to filter Tesla news about its autonomy with a fine-tuned BS meter, one that beeps wildly with every mention of its “Full Self-Driving” technology. Which, for the record, is not at all full self-driving; it’s just advanced driver assistance that could, we grant, lay the groundwork for better autonomy in the future.
Musk followed up the tweet by saying that he just drove the FSD Beta 9.3 from Pasadena to LAX, a ride that was “much improved!” Do we buy it? Musk is ever the optimist. At the start of the month, Musk said Tesla would be releasing new versions of its FSD every two weeks at midnight California time. Then he promised that Beta 9.2 would be “tight,” saying that radar was holding the company back and now that it’s fully accepted pure vision, progress will go much faster.
There is always a lot of cleanup after a major code release. Beta 9.2 will be tight.
Still some fundamentals to solve for Beta 10, but now that we’re pure vision, progress is much faster. Radar was holding us back.
— Elon Musk (@elonmusk) July 31, 2021
Perhaps Musk is just trying to deflect against the flurry of bad press about the FSD system. Last week, U.S. auto regulators opened a preliminary investigation into Tesla’s Autopilot, citing 11 incidents in which vehicles crashed into parked first responder vehicles. Why first responder vehicles in particular, we don’t know. But according to investigation documents posted on the National Highway Traffic and Safety Administration’s website, most of the incidents took place after dark. Poor night vision is definitely a thing with many human drivers, but those kinds of incidents just won’t fly in the world of autonomous driving.
Elon Musk wants Tesla to be seen as “much more than an electric car company.” On Thursday’s Tesla AI Day, the CEO described Tesla as a company with “deep AI activity in hardware on the inference level and on the training level” that can be used down the line for applications beyond self-driving cars, including a humanoid robot that Tesla is apparently building.
Tesla AI Day, which started after a rousing 45 minutes of industrial music pulled straight from “The Matrix” soundtrack, featured a series of Tesla engineers explaining various Tesla tech with the clear goal of recruiting the best and brightest to join Tesla’s vision and AI team and help the company go to autonomy and beyond.
“There’s a tremendous amount of work to make it work and that’s why we need talented people to join and solve the problem,” said Musk.
Like both “Battery Day” and “Autonomy Day,” the event on Thursday was streamed live on Tesla’s YouTube channel. There was a lot of super technical jargon, but here are the top four highlights of the day.
This bit of news was the last update to come out of AI Day before audience questions began, but it’s certainly the most interesting. After the Tesla engineers and executives talked about computer vision, the Dojo supercomputer and the Tesla chip (all of which we’ll get to in a moment), there was a brief interlude where what appeared to be an alien go-go dancer appeared on the stage, dressed in a white body suit with a shiny black mask as a face. Turns out, this wasn’t just a Tesla stunt, but rather an intro to the Tesla Bot, a humanoid robot that Tesla is actually building.
Image Credits: Tesla
When Tesla talks about using its advanced technology in applications outside of cars, we didn’t think he was talking about robot slaves. That’s not an exaggeration. CEO Elon Musk envisions a world in which the human drudgery like grocery shopping, “the work that people least like to do,” can be taken over by humanoid robots like the Tesla Bot. The bot is 5’8″, 125 pounds, can deadlift 150 pounds, walk at 5 miles per hour and has a screen for a head that displays important information.
“It’s intended to be friendly, of course, and navigate a world built for humans,” said Musk. “We’re setting it such that at a mechanical and physical level, you can run away from it and most likely overpower it.”
Because everyone is definitely afraid of getting beat up by a robot that’s truly had enough, right?
The bot, a prototype of which is expected for next year, is being proposed as a non-automotive robotic use case for the company’s work on neural networks and its Dojo advanced supercomputer. Musk did not share whether the Tesla Bot would be able to dance.
Image Credits: Tesla
Tesla director Ganesh Venkataramanan unveiled Tesla’s computer chip, designed and built entirely in-house, that the company is using to run its supercomputer, Dojo. Much of Tesla’s AI architecture is dependent on Dojo, the neural network training computer that Musk says will be able to process vast amounts of camera imaging data four times faster than other computing systems. The idea is that the Dojo-trained AI software will be pushed out to Tesla customers via over-the-air updates.
The chip that Tesla revealed on Thursday is called “D1,” and it contains a 7 nm technology. Venkataramanan proudly held up the chip that he said has GPU-level compute with CPU connectivity and twice the I/O bandwidth of “the state of the art networking switch chips that are out there today and are supposed to be the gold standards.” He walked through the technicalities of the chip, explaining that Tesla wanted to own as much of its tech stack as possible to avoid any bottlenecks. Tesla introduced a next-gen computer chip last year, produced by Samsung, but it has not quite been able to escape the global chip shortage that has rocked the auto industry for months. To survive the shortage, Musk said during an earnings call this summer that the company had been forced to rewrite some vehicle software after having to substitute in alternate chips.
Aside from limited availability, the overall goal of taking the chip production in-house is to increase bandwidth and decrease latencies for better AI performance.
“We can do compute and data transfers simultaneously, and our custom ISA, which is the instruction set architecture, is fully optimized for machine learning workloads,” said Venkataramanan at AI Day. “This is a pure machine learning machine.”
Venkataramanan also revealed a “training tile” that integrates multiple chips to get higher bandwidth and an incredible computing power of 9 petaflops per tile and 36 terabytes per second of bandwidth. Together, the training tiles compose the Dojo supercomputer.
Many of the speakers at the AI Day event noted that Dojo will not just be a tech for Tesla’s “Full Self-Driving” (FSD) system, it’s definitely impressive advanced driver assistance system that’s also definitely not yet fully self-driving or autonomous. The powerful supercomputer is built with multiple aspects, such as the simulation architecture, that the company hopes to expand to be universal and even open up to other automakers and tech companies.
“This is not intended to be just limited to Tesla cars,” said Musk. “Those of you who’ve seen the full self-driving beta can appreciate the rate at which the Tesla neural net is learning to drive. And this is a particular application of AI, but I think there’s more applications down the road that will make sense.”
Musk said Dojo is expected to be operational next year, at which point we can expect talk about how this tech can be applied to many other use cases.
During AI Day, Tesla backed its vision-based approach to autonomy yet again, an approach that uses neural networks to ideally allow the car to function anywhere on earth via its “Autopilot” system. Tesla’s head of AI, Andrej Karpathy, described Tesla’s architecture as “building an animal from the ground up” that moves around, senses its environment and acts intelligently and autonomously based on what it sees.
Andrej Karpathy, head of AI at Tesla, explaining how Tesla manages data to achieve computer vision-based semi-autonomous driving. Image Credits: Tesla
“So we are building of course all of the mechanical components of the body, the nervous system, which has all the electrical components, and for our purposes, the brain of the autopilot, and specifically for this section the synthetic visual cortex,” he said.
Karpathy illustrated how Tesla’s neural networks have developed over time, and how now, the visual cortex of the car, which is essentially the first part of the car’s “brain” that processes visual information, is designed in tandem with the broader neural network architecture so that information flows into the system more intelligently.
The two main problems that Tesla is working on solving with its computer vision architecture are temporary occlusions (like cars at a busy intersection blocking Autopilot’s view of the road beyond) and signs or markings that appear earlier in the road (like if a sign 100 meters back says the lanes will merge, the computer once upon a time had trouble remembering that by the time it made it to the merge lanes).
To solve for this, Tesla engineers fell back on a spatial recurring network video module, wherein different aspects of the module keep track of different aspects of the road and form a space-based and time-based queue, both of which create a cache of data that the model can refer back to when trying to make predictions about the road.
The company flexed its over 1,000-person manual data labeling team and walked the audience through how Tesla auto-labels certain clips, many of which are pulled from Tesla’s fleet on the road, in order to be able to label at scale. With all of this real-world info, the AI team then uses incredible simulation, creating “a video game with Autopilot as the player.” The simulations help particularly with data that’s difficult to source or label, or if it’s in a closed loop.
At around minute forty in the waiting room, the dubstep music was joined by a video loop showing Tesla’s FSD system with the hand of a seemingly alert driver just grazing the steering wheel, no doubt a legal requirement for the video after investigations into Tesla’s claims about the capabilities of its definitely not autonomous advanced driver assistance system, Autopilot. The National Highway Transportation and Safety Administration earlier this week said they would open a preliminary investigation into Autopilot following 11 incidents in which a Tesla crashed into parked emergency vehicles.
A few days later, two U.S. Democratic senators called on the Federal Trade Commission to investigate Tesla’s marketing and communication claims around Autopilot and the “Full Self-Driving” capabilities.
Tesla released the beta 9 version of Full Self-Driving to much fanfare in July, rolling out the full suite of features to a few thousand drivers. But if Tesla wants to keep this feature in its cars, it’ll need to get its tech up to a higher standard. That’s where Tesla AI Day comes in.
“We basically want to encourage anyone who is interested in solving real-world AI problems at either the hardware or the software level to join Tesla, or consider joining Tesla,” said Musk.
And with technical nuggets as in-depth as the ones featured on Thursday plus a bumping electronic soundtrack, what red-blooded AI engineer wouldn’t be frothing at the mouth to join the Tesla crew?
You can watch the whole thing here:
Today, the release of OpenAI Codex, a new Al system that translates natural language to code, marks the beginning of a shift in how computer software is written.
Over the past few years, there’s been growing talk about “no code” platforms, but this is no new phenomenon. The reality is, ever since the first programmable devices, computer scientists have regularly developed breakthroughs in how we “code” computer software.
The first computers were programmed with switches or punch cards, until the keyboard was invented. Coding became a matter of typing numbers or machine language, until Grace Hopper invented the modern compiler and the COBOL language, ushering in decades of innovation in programming languages and platforms. Languages like Fortran, Pascal, C, Java and Python evolved in a progression, where the newest language (built using an older language) enabled programmers to “code” using increasingly more human language.
Alongside languages, we’ve seen the evolution of “no-code” platforms — including Microsoft Excel, the 1980s granddaddy of no-code — that empower people to program computers in a visual interface, whether in school or in the workplace. Anytime you write a formula in a spreadsheet, or when you drag a block of code on Code.org or Scratch, you’re programming, or “coding,” a computer. “No code” is code. Every decade, a breakthrough innovation makes it easier to write code so that the old way of coding is replaced by the new.
Does this mean coding is dead? No! It doesn’t replace the need for a programmer to understand code. It means coding just got much easier, higher impact and thus more important.
This brings us to today’s announcement. Today, OpenAl announced OpenAI Codex, an entirely new way to “write code” in the natural English language. A computer programmer can now use English to describe what they want their software to do, and OpenAl’s generative Al model will automatically generate the corresponding computer code, in your choice of programming language. This is what we’ve always wanted — for computers to understand what we want them to do, and then do it, without having to go through a complex intermediary like a programming language.
But this is not an end, it is a beginning. With Al-generated code, one can imagine an evolution in every programming tool, in every programming class, and a Cambrian explosion of new software. Does this mean coding is dead? No! It doesn’t replace the need for a programmer to understand code. It means coding just got much easier, higher impact and thus more important, just as when punch cards were replaced by keyboards, or when Grace Hopper invented the compiler.
In fact, the demand for software today is greater than ever and will only continue to grow. As this technology evolves, Al will play a greater role in generating code, which will multiply the productivity and impact of computer scientists, and will make this field accessible to more and more computer programmers.
There are already tools that let you program using only drag-and-drop, or to write code using your voice. Improvements in these technologies and new tools, like OpenAI Codex, will increasingly democratize the ability to create software. As a result, the amount of code — and the number of coders — in the world will increase.
This also means that learning how to program — in a new way — is more important than ever. Learning to code can unlock doors to opportunity and also help solve global problems. As it becomes easier and more accessible to create software, we should give every student in every school the fundamental knowledge to not only be a user of technology but also a creator.
The agreement, which comes just weeks after both companies confirmed they were in advanced discussions regarding a possible combination of the two brands, will see Avast stockholders receive cash and shares that value the deal at $8.1 billion to $8.6 billion. That makes this merger the third-largest cybersecurity acquisition of all time, following Thoma Bravo‘s $12.3 billion takeover of Proofpoint and Broadcom’s $10.7 billion acquisition of Symantec’s enterprise business.
NortonLifeLock, formed in 2019 as a spin-off from Symantec following the latter, says the deal will create an industry-leading consumer cyber safety business, unlock approximately $280 million of annual gross cost synergies, and dramatically expand its user numbers thanks to Avast’s 435 million-strong customer base.
“With this combination, we can strengthen our cyber safety platform and make it available to more than 500 million users,” NortonLifeLock CEO Vincent Pilette said in a statement. “This transaction is a huge step forward for consumer cyber safety and will ultimately enable us to achieve our vision to protect and empower people to live their digital lives safely.”
Avast, founded in 1988, focuses on cybersecurity software for consumers and small and medium-sized businesses and describes itself as one of the largest security companies. However, the company has not been without controversy during its near-25-year history; Avast was forced to shut down its marketing technology subsidiary Jumpshot last year after it was found to be peddling web browsing data that could be linked to individual users.
Once NortonLifeLock’s acquisition of the company is complete, Pilette will remain CEO of the new business, while Avast CEO Ondrej Vlcek will become president and join the board, the companies said.
“Our talented teams will have better opportunities to innovate and develop enhanced solutions and services, with improved capabilities from access to superior data insights,” Vlcek said. “Through our well-established brands, greater geographic diversification and access to a larger global user base, the combined businesses will be poised to access the significant growth opportunity that exists worldwide.”
The final name of the merged company has yet to be determined, but NortonLifeLock has confirmed it will be dual headquartered in the Czech Republic and Tempe, Arizona, and will seek to cut its number of employees from 5,000 workers to around 4,000 over the next two years. The combined company will be listed on the Nasdaq, rather than Avast’s current London Stock Exchange home.
The deal, which has been confirmed just weeks after NortonLifeLock bought free antivirus provider Avira for £360 million, is expected to close in mid-2022.
Columbus, Ohio-based Finite State, a startup that provides supply chain security for connected devices and critical infrastructure, has raised $30M in Series B funding.
The funding lands amid increased focus on the less-secure elements in an organizations’ supply chain, such as Internet of Things devices and embedded systems. The problem, Finite State says, is largely fueled by device firmware, the foundational software that often includes components sourced from third-party vendors or open-source software. This means if a security flaw is baked into the finished product, it’s often without the device manufacturers’ knowledge.
“Cyber attackers see firmware as a weak link to gain unauthorized access to critical systems and infrastructure,” Matt Wyckhouse, CEO of Finite State, tells TechCrunch. “The number of known cyberattacks targeting firmware has quintupled in just the last four years.”
The Finite State platform brings visibility to the supply chains that create connected devices and embedded systems. After unpacking and analyzing every file and configuration in a firmware build, the platform generates a complete bill of materials for software components, identifies known and possible zero-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software.
“By looking at every piece of their supply chain and every detail of their firmware — something no other product on the market offers — we enable manufacturers to ship more secure products, so that users can trust their connected devices more,” Wyckhouse says.
The company’s latest funding round was led by Energize Ventures, with participation from Schneider Electric Ventures and Merlin Ventures, and comes a year after Finite State raised a $12.5 million Series A round. It brings the total amount of funds raised by the firm to just shy of $50 million.
The startup says it plans to use the funds to scale to meet the demands of the market. It plans to increase its headcount too; Finite State currently has 50 employees, a figure that’s expected to grow to more than 80 by the end of 2021.
“We also want to use this fundraising round to help us get out the message: firmware isn’t safe unless it’s safe by design,” Wyckhouse added. “It’s not enough to analyze the code your engineers built when other parts of your supply chain could expose you to major security issues.”
Finite State was founded in 2017 by Matt Wyckhouse, founder and former CTO of Battelle’s Cyber Business Unit. The company showcased its capabilities in June 2019, when its widely-cited Huawei Supply Chain Assessment revealed numerous backdoors and major security vulnerabilities in the Chinese technology company’s networking devices that could be used in 5G networks.