Scantist's tool scans for open-source components and related vulnerabilities in software apps: Rohan Sood

Scantist's tool scans for open-source components and related vulnerabilities in software apps, as per Rohan Sood

Pradeep Chakraborty
New Update
data security

Scantist is built upon an extensive research base and deep scientific expertise. It has created an automated platform for you to manage open source usage and help use open source freely and confidently, while staying legally compliant.


Scantist had graduated from the CYLON Accelerator Program (2020) organized by ICE71, in a joint venture with Singtel and the National University of Singapore.

Rohan Sood, Head of Operations at Scantist, tells un more. Excerpts from an interview:

DQ: When and how did you come up with the idea of Scantist?


Rohan Sood: The idea of Scantist cropped up at the Cyber Security Lab in NTU Singapore, when a team of researchers were working on finding zero-day (previously unknown) vulnerabilities in popular software like Adobe Reader and the iOS eco-system. Co-founder and CEO, Liu Yang and his research team, were awarded over USD 100,000 in bug bounties and rewards by Adobe, Apple, and others for finding these vulnerabilities. This experience illustrated the need for software scanning solutions that uncover these issues before they are released publicly. It led to officially setting up Scantist in 2017.

DQ: What is the growth rate of Scantist in 2022-2023, and what are the expectations for 2023-24?

Rohan Sood: In 2022, we doubled our customer base from. Ever since the inception of Scantist in 2017, we have registered steady growth across business operations. In 2023, on the back of our advanced products and services, we are planning further double our user base.


DQ: How do you plan to grow your market size, and what are your business strategies for 2023?

Rohan Sood: We are planning to expand both our product offering as well as our market presence. From a product standpoint, Scantist will launch an extensive DevSecOps platform that would allow users to integrate multiple commercial and open-source scanning tools to have comprehensive security coverage for their software development lifecycle. We will also launch scanning capabilities targeted at the web3 development eco-system to help software teams secure the next generation of the internet.

From a market standpoint, Scantist already has customers in five countries in APAC (including India). We will be expanding operations to 10 countries by the end of the year. Grow our business development and engineering team in Mumbai is also on the cards.


DQ: What are the challenges faced by your sector?

Rohan Sood: The fast-evolving cyber security landscape makes security a continuous journey where solution providers and end-users must keep updating their capabilities. To do this effectively, especially considering the skill and budget constraints within the industry, is always a challenge.

DQ: What are the products and platform businesses that Scantist offers?


Rohan Sood: Scantist's core product is a software composition analysis tool that scans for the use of open-source components and related vulnerabilities in software applications. Given that open-source components make up as much as 90% of the average application, this helps extensively secure the software against the most common and publicly known security risks. Scantist also offers its clients DevSecOps-related training, education, and auditing services.

DQ: What has been the biggest achievement till now?

Rohan Sood: Scantist's biggest achievements include the Cyber Innovation Award from the Cyber Security Agency of Singapore. We have also won some key government accounts in the region, including defense and Infocomm agencies.


DQ: What is the outlook of the market?

Rohan Sood: There is increasing regulation in application security and especially in the open-source space. The US government is currently debating the 'Securing Open Source Software Act', while the EU is proposing the 'Cyber Resilience Act'.

So far, application security has been a recommended practice that most security-mature organizations have invested in. But, these regulations will necessitate a timely industry-wide shift from recommended to required, unlocking massive opportunities and growth potential.