Company Profile: Xeol (Acquired by HeroDevs)

Background

Xeol was a New York City-based cybersecurity startup founded in 2023, specializing in securing software supply chains by identifying and managing end-of-life (EOL) software components. The company's mission was to enhance software security throughout its lifecycle, from code repository to customer delivery, by addressing vulnerabilities associated with outdated and unsupported software. In February 2025, Xeol was acquired by HeroDevs, a leading provider of security and compliance solutions for deprecated open-source software.

Key Strategic Focus

Xeol's strategic focus centered on mitigating risks in software supply chains by:

End-of-Life Software Management: Identifying and managing EOL software components to reduce vulnerabilities.

Software Lifecycle Security: Ensuring security from code development to deployment.

Adherence to Industry Standards: Implementing standards like Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) to enhance risk assessment accuracy.

Financials and Funding

In December 2023, Xeol raised $3.2 million in seed funding led by Shield Capital, with participation from Y Combinator and 468 Capital. The funding aimed to expand operations and development efforts, focusing on securing software supply chains and managing EOL software risks.

Technological Platform and Innovation

Xeol developed a platform that tracked EOL data for over 100,000 open-source software packages, providing businesses with intelligence to identify potential cybersecurity risks within their software supply chains. The platform utilized data enrichment and graph analytics to visualize and manage software dependencies effectively.

Leadership Team

ShiHan Wan: Co-founder and CEO. Previously, he contributed to building startups Ada and Electric from early stages to unicorn status. At Electric, he served as Director of Platform Engineering, overseeing application security and infrastructure.

Benji: Co-founder and CTO. Served as the first infrastructure and security engineer at Ada, responsible for security, compliance, and infrastructure. Later, he contributed to SRE practices at Datadog and developed their service catalog product.

Leadership Changes

In February 2025, following the acquisition by HeroDevs, Xeol's leadership integrated into HeroDevs' organizational structure. Specific roles and titles post-acquisition have not been publicly disclosed.

Competitor Profile

Market Insights and Dynamics

The cybersecurity market, particularly in software supply chain security, has experienced significant growth due to increasing cyber threats targeting software vulnerabilities. The rise in open-source software usage has expanded attack surfaces, emphasizing the need for robust security solutions.

Competitor Analysis

Key competitors in the software supply chain security sector include:

Snyk: Focuses on developer-first security, offering tools to find and fix vulnerabilities in code, dependencies, containers, and infrastructure.

Veracode: Provides application security solutions, including static analysis, dynamic analysis, and software composition analysis.

Black Duck by Synopsys: Specializes in open-source security and license compliance management.

These companies offer comprehensive security solutions, emphasizing the importance of managing vulnerabilities in software components, including EOL software.

Strategic Collaborations and Partnerships

Xeol became a corporate supporter of the OWASP Foundation, aligning with initiatives like CycloneDX and the Software Component Verification Standard (SCVS) to enhance software security standards.

Post-acquisition, HeroDevs partnered with Mend.io to address open-source EOL challenges, integrating Xeol's capabilities to provide remediation solutions through Mend's application security platform.

Operational Insights

Xeol's integration into HeroDevs has strengthened the combined entity's position in the software supply chain security market. The acquisition has expanded HeroDevs' capabilities, allowing for a more comprehensive approach to managing deprecated and EOL software, thereby enhancing their competitive advantage.