Announcements
4 minutes

Out of Stealth, Into the Future of Open-Source Security

Open-source now powers a $9T ecosystem. It’s the backbone of the tools, systems, and platforms that shape our digital lives. But with that power comes risk. And with that risk, a growing sense of fatigue.

Published on
April 22, 2025
Written by
Roy Gottlieb

Marc Andreessen’s famous prediction that “software is eating the world” has proven true. But today, open-source is eating software. Over the last decade, open-source adoption has surged more than 100X. It has become the foundation of modern application development, fueling innovation across mobile, cloud, AI, blockchain, SaaS, and zero-trust architectures.

Open-source now powers a $9T ecosystem. It’s the backbone of the tools, systems, and platforms that shape our digital lives.  But with that power comes risk. And with that risk, a growing sense of fatigue.

Scaling Innovation, Sprawling Risk

The open nature of open-source has led to an explosion of vulnerabilities. Legacy security tools flood teams with alerts, most of which turn out to be irrelevant. As AI accelerates code generation and open-source adoption, it also increases exposure. It surfaces outdated or vulnerable dependencies and makes it easier than ever for attackers to weaponize CVEs.

Remediation is rarely straightforward, as patches often introduce breaking changes or lack backwards compatibility. Patches break things. Fixes don’t fit. Remediation requires back and forth between security and engineering teams.  Security is often stuck reacting to threats instead of getting ahead of them.

Open-source security is broken. We knew there had to be a better way.

Why We Founded Hopper

We founded Hopper because we’ve felt the pain of today’s broken security workflows.

  • Lack of function-level data in vulnerability databases
  • Endless alerts with no context
  • Remediation efforts that stall development
  • Tools that add noise instead of clarity

We believe security shouldn’t be a bottleneck. It should be an enabler.

That’s why we built Hopper: to cut through the noise, surface real risks, and empower teams to move faster and more securely. By combining function-level precision, immediate remediation guidance, and agentless onboarding in under five minutes, we’re redefining what open-source security should be.

Accurate. Actionable. Built for modern development.
The Hopper Team

A Smarter Approach to OSS Security

Here’s what makes Hopper different:

  • Function-Level Reachability: We don’t just detect vulnerabilities. We analyze whether they’re actually exploitable in your code. This eliminates over 93% of false positives and saves teams countless hours.
  • 5 Minute, Agentless Deployment: No CI/CD changes. No infrastructure overhead. Hopper connects with read-only Git access and gets to work in minutes.
  • Infrastructure-Agnostic Coverage: Identify vulnerabilities across containers, serverless, and client-side apps, regardless of your architecture or operating system.
  • Real-Time Asset Discovery: Hopper continuously discovers new codebases, projects, and dependencies as they appear. This gives you full visibility without manual effort.
  • Actionable Remediation Guidance: We don’t just tell you what the problem is. We show you exactly where, why, and how to fix it with minimal disruption, backed by call graphs and root cause analysis.
  • Modern Framework Support: From Spring to ASP.NET, Hopper understands how complex, dynamic applications actually run and secures them accordingly.

In short, Hopper helps you harness the power of open-source, safely.

A Name That Means Something

Grace Hopper

We named Hopper in honor of Rear Admiral Grace Hopper, a pioneer whose work helped define the future of software. She was a relentless innovator, a champion of clarity, and a fearless problem-solver. Her contributions to COBOL and computer science laid the groundwork for generations of developers.

There’s a famous myth that Grace coined the term “debugging” after her team removed an actual moth from a computer relay. Whether myth or fact, the story captures what Grace stood for: making the complex understandable and solvable.

Today, her legacy lives on through events like the annual Grace Hopper Open-Source Day, which brings developers together to contribute code that makes the world more secure and more inclusive.

We chose the name Hopper to honor that spirit. A fearless, principled approach to solving hard problems with clarity and purpose.

Out of Stealth. Into the Wild.

Today, we’re excited to announce that Hopper is officially out of stealth. We’re working with some of the world’s most forward-thinking security and engineering teams. We’re replacing outdated tools, eliminating alert fatigue, and helping organizations ship secure code faster than ever.

As AI reshapes how software is built, the future of security must evolve with it. It should be more intelligent, more precise, and radically easier to use.

Hopper is here to build that future. And we’ve just laid the foundation.

Read the press release here.

Roy Gottlieb
Co-founder & CEO

Roy is the CEO and co-founder of Hopper. With a background in cybersecurity, he’s spent his career focused on startups and cybersecurity strategy. Roy lives in New York with his wife and son Ben, and has traveled to over 40 countries in search of sunshine, stories, and strong espresso.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.