Aikido Security acquires Root for $70M to patch open-source vulnerabilities in place
Aikido Security announced on June 30 that it has acquired Root, a company specializing in patching open-source vulnerabilities directly into existing dependency versions without requiring a full upgrade. The deal is valued at $70 million, and Root's technology will be integrated into a new Aikido product targeting software development pipelines. The approach addresses a common problem where upstream security fixes are only available in newer versions that introduce breaking changes, leaving many teams unable to remediate known CVEs. However, the method raises supply chain trust concerns, as the patched artifacts no longer match what upstream registries originally published, complicating provenance tracking and SBOM accuracy. Security experts advise teams to demand clear answers on artifact signing, attestation, and auditability before adopting the technology.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in