Leaps in technology are enabled by developers tapping into open source software and they tend to rely heavily on external components rather than coding everything from scratch.

But this can also introduce vulnerabilities into the software that underpins the critical functionality of applications that businesses and customers rely on. These components often shapeshift rapidly as developers adapt and incorporate them, which introduces risks that could be exploited.



Meterian’s AI-powered invisible security platform secures software applications that depend on open source software.

After CEO Vivian Dufour’s data was leaked in breaches involving Yahoo, Equifax, and EasyJet, she joined forces with chief technology officer Bruno Bossola to help businesses secure the software at the heart of applications.

The startup is on a mission to make cybersecurity more affordable and accessible, and to make the lives of developers easier.

Meterian’s software is interoperable, agnostic to the source version control system and compatible with any critical infrastructure system.

The platform is designed to work invisibly in the background. Users can set it up in less than five minutes and integrate it into their infrastructure and workflows within an hour.

The software, which has been developed using an extensive database of information about vulnerabilities, is then able to continually scan for threats. It can automatically address threats and provide actionable insights to show developers where the vulnerabilities in their code could lie or which threats they should prioritise.

The company is:

• backed by investors from Amadeus Capital, CyLon, and SFC Capital

• a 2019 Digital Catapult Platinum Nominee

• one of techUK’s Cyber Innovation Den 2019 finalists


Meterian’s technology is used by IT professionals in the insurance, financial services and retail sectors. It now wants to enable any software developer, regardless of their preferred programming tools, to benefit from automated security that helps them comply with legislation and protect the end user. Ultimately, it wants to empower developers to become a proactive line of defence against cyber attacks.

To do this, Meterian is designing its solution to be even more accessible for developers and removing any friction. The startup wants to tap into the NCSC’s vulnerability management expertise to:

• iterate and further develop its technology

• experiment in a safe environment

It wants to embed best practice and industry standards into its solution at an early stage of the product development lifecycle and receive feedback.

“We’re keen to experiment in a safe environment, try things and allow for the possibility of failure in a way that’s not possible in the public space”

Bruno Bossola, chief technology officer, Meterian