Old friends, new beginnings
There’s a unique kind of magic that happens when you build something with an old friend. We’re Resolved Security, and we’re thrilled to launch our next chapter: advancing autonomous open-source security.
Some of the best ventures start over coffee, frustration, and a shared vision - and that’s exactly how Resolved Security began. I’ve known Motti, my co-founder and CTO, for a very long time. Our friendship began years ago, back when we were both cutting our teeth on code and building things that mattered. Over the years, we both kept running into the same pain: open source security is noisy, slow, and expensive. Fixing vulnerabilities often meant breaking the app, introducing new risks, or sinking days into upgrades that were too costly. The tools were maturing, but the outcomes weren’t. Eventually, we stopped asking why no one had solved it - and decided to do it ourselves.
Now, we’re on a new mission: to make the use of open-source practical and secure.
Why Open Source? Why now?
Modern software IS open source. It powers nearly everything we build. And yet, the way we manage open source hasn’t kept up. Open-source is the raw material we build our software with, but too often we find ourselves buried in alerts, stuck between upgrading or ignoring issues.
GenAI is accelerating this problem of “unmanaged code”. We’re in the middle of a new coding boom, where LLMs bring in far more open-source dependencies, including many developers are not even aware of. We’re not ready for this GenAI era app influx and dependencies sprawl.
Every developer knows the thrill of pulling in a new library to solve a problem that “someone else already solved”. But we also know the anxiety that comes with tracking vulnerabilities, upgrading dependencies, and trying to keep everything secure without breaking the build or blowing up the roadmap.
We’ve felt this tension firsthand. In our last startup, we built on open source from day one. It gave us speed and flexibility, but we were always one dependency update away from a broken feature or a new security fire. We saw how easily security could become a bottleneck, or worse - or worse, an afterthought.
That’s why we’re so passionate about transforming how we consume open source - not as an opaque package of raw material; but as a secured building block for our business.
A new approach to a long-lasting problem: Stability meets security
If there’s one lesson we’ve learned (sometimes the hard way), it’s that chasing the latest version isn’t always the answer. In the open-source world, the pressure to “just upgrade” is real. After all, the latest release has all the bug fixes, right?
But in reality, this endless chase of upgrading dependencies doesn’t work at scale. It can take days or even weeks per dependency. Not to mention the risk of breaking production.
Truth is that today there is no way to consume security fixes without being forced through disruptive upgrades.
We’re building Resolved around the idea that open-source should be stable and secure - no matter what version of the library you’re on. Our platform gives you secure twin versions of the open source libraries you already use - so you can trust that your dependencies are as safe as they are stable. That’s where backporting comes in. Backporting means taking security fixes from newer versions and applying them to older, stable releases.
Here’s the paradigm shift: instead of identifying vulnerabilities, triaging, prioritizing, and upgrading - only to end up with poor results - Resolved delivers secure, production-ready open-source packages from the start. We’re not just improving the open-source supply chain; we’re rethinking it from the ground up.
Practicing what we preach
One of our core values is authenticity. We don’t just talk about open source security-we live it. From day one, our startup has relied on open source. We track them, we patch them, and yes, we occasionally curse them. But most importantly, we use our own tools and processes to manage them.
Why does this matter? Because too many security tools are built in a vacuum, disconnected from the realities of day-to-day development. By “eating our own dog food”, we stay grounded in real-world needs. If something is painful for us, it’s probably painful for you too. If we find a better way, we know it’s worth sharing.
Lessons from the trenches
We’ve built startups from 0 to exist. Those journeys change your perspective.
We are still obsessed with speed-shipping features, landing customers, and scaling quickly. But we’re also more thoughtful now:
- Building for real developers: Our tools are designed to fit into your workflow, not disrupt it. If it doesn’t make our lives easier, we won’t ship it.
- Modern culture and secure development: Shortcuts come back to bite you. Culture matters as much as code. The best products are built by teams who use their own tools and listen to the market’s pain points.
- Transparency, trust and community: We’re not just building a product - we’re building a community. We want to learn from you, share what we know, and grow together.
What’s next: Join us on our journey
This is just the beginning. In the coming weeks, we’ll be sharing more about our approach to open source security, deep dives into our product, and practical tips for teams of all sizes.
We want this blog to be a conversation, not a monologue. If you have questions, challenges, or stories about open source security, we want to hear from you. If you’re passionate about making software safer without slowing down innovation, you’re in the right place.
We’re excited to build something meaningful together - with you, for you, and alongside the incredible open-source and cybersecurity communities.
Stay tuned, and stay secure!
Gil
