Socket acquires Coana
By SSN Staff
Updated 2:15 PM CDT, Fri April 25, 2025
SAN FRANCISCO – Socket, the market leader in software supply chain security, today announced it has acquired Coana, a static analysis and reachability engine built by leading security researchers from Aarhus University.
Coana brings static control-flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase. Key to managing this workload is reachability analysis, which enables security teams to prioritize vulnerabilities that need to be addressed rapidly above those which cannot be practically exploited. Coana’s reachability analysis engine solves this problem, eliminating up to 80% of false positives.
“For every team buried under thousands of vulnerability alerts, Coana’s reachability analysis offers a better way forward,” said Feross Aboukhadijeh, CEO and Founder of Socket. “They’ve built the most scalable and accurate reachability engine we’ve seen, and we’re excited to bring it into Socket to give developers precise, actionable vulnerability insights — without the noise. Joining forces with Coana turbocharges our ability to deliver actionable, noise-free security alerts. This is a big win for our customers.”
The team behind Coana have now joined Socket.
Anders Søndergaard, CEO at Coana said: “Joining Socket means we can scale our impact immediately. Together, we'll help organizations drastically reduce their vulnerability management burden.”
Comments