Where Industry Meets Innovation

  • Contact Us
  • sign in Sign In
  • Sign in with certificate
mit campus


Search News

  • View All
  • ILP News
  • MIT Research News
  • MIT Sloan Management Review
  • Technology Review
  • Startup Exchange

August 7, 2017

Lexumo Helps BT Probe Software Security

Innovative collaboration identifies and fixes vulnerabilities in open source code for the internet of things.

Eric Bender

Steve Roge
CRO & VP Customer Success

“Any organization that is developing software is probably using open source code,” says Jonathan Tate, a solution architecture lead for BT Global Services. “Our internal development projects use a lot of open source products and libraries because their quality is very high, they are well established in the industry, and there's no point in reinventing the wheel.”

However, open source code can open up security vulnerabilities, not just for traditional computing systems but the vast wave of the Internet of Things (IoT) devices now flooding into the market. Applications running on these embedded products are getting increased attention from the “black hat” hackers who capitalize on gaps in security. “The black hats innovate very quickly, and we want to make sure that the development of our security offerings is equally rapid,” Tate says.

That’s the role targeted by Lexumo Inc., an MIT STEX25 company, which has begun a proof-of-concept collaboration with BT to spot and correct open source code bugs in IoT devices.

Lexumo’s services continuously monitor the world of open source code for vulnerabilities and help developers to fix these vulnerabilities in their own software. “We can help to secure many types of applications, but our current focus is primarily on the IoT and embedded systems,” says Steve Roge, chief revenue officer.

The partnership was fostered through the MIT Startup Exchange, a program from the Institute’s Office of Corporate Relations that works in close cooperation with the Industrial Liaison Program (ILP).

ILP has worked closely with BT for decades, notes Steve Whittaker, the global telecommunication firm’s head of strategic U.S. university research partnerships.

The BT/Lexumo project began with a December 2016 MIT Startup Exchange showcase hosted at BT headquarters in London that drew a number of European companies and universities. “This event helped to expose our people to some of the innovations and the thinking that are coming from MIT through startups, and it was viewed as being very valuable,” says Whittaker.

Lexumo has begun a
proof-of-concept collaboration
with BT to spot and correct
open source code bugs in IoT devices.

Nathan Shnidman, Lexumo co-founder and chief scientist, presented at the event, and the startup was introduced to the BT security group soon afterwards.

Kicked off this May, the project analysis will test Lexumo’s offering on applications that are in use or in development at BT. “This should give us a feel not only for how useful the Lexumo service is, and how easy it is to use, but will also tell us something about our own product source code,” says Tate. If the service makes it through BT’s extensive vendor onboarding process, it potentially could prove useful both in monitoring a broad range of products and in BT’s managed security service portfolio.

“The big players in the security industry have very comprehensive portfolios of products, but we also find it very useful to work with startups,” Tate says. “Some of the new techniques coming out of universities can come very quickly into startups, which helps us to keep up with the rapid progress in the black hat world.”

Tate also appreciates the chance to have direct access to developers at Lexumo who performed the research underlying the software’s capabilities. “It’s easy to get a view of how the software is actually working,” he says.

This early cooperation highlights the value that MIT Startup Exchange and ILP bring to corporations such as BT, Whittaker says.

“MIT's increased focus on the larger innovation ecosystem helps us to understand the emerging patterns of the innovation economy look, the roles we want to play in it, and our opportunities,” he comments. “We’ve been very supportive of MIT Startup Exchange from the beginning. When MIT decides to do something like this, it does it properly, with a supported professional framework for doing it at scale and over the long term.”

On the startup side, Lexumo enjoys major benefits from being selected as a STEX25 firm. “We get high access to ILP members and events,” says Roge. “We’ve been exposed to many great relationships and premiere accounts, including some of the biggest companies in the world.”

About Lexumo
Lexumo enables developers to securely adopt the best open source available — so they can ship great products faster. Based in Burlington, Massachusetts, the company was formed by a team of computer scientists who developed the company's core technology for the Defense Advanced Research Projects Agency. Lexumo saves time and reduces risk by helping developers quickly eliminate open source vulnerabilities in their code, while also ensuring they're in compliance with licensing requirements. Built on a massively-scalable cloud stack, the service uses patent-pending graph analytics and machine learning technology to precisely identify vulnerable code. The company is privately held and funded by leading cyber-security investors .406 Ventures and Accomplice. Lexumo’s platform is being used by leading Global 2000 brands including global service providers and industrial IoT manufacturers

About BT
BT is one of the world’s leading communications services companies, serving the needs of customers in the UK and across the world, where it provides fixed-line services, broadband, mobile and TV products and services as well as networked IT services. In the UK BT is a leading communications services provider, selling products and services to consumers, small and medium sized enterprises and the public sector. The company also sells wholesale products and services to communications providers in the UK and around the world. Globally, BT supplies managed networked IT services to multinational corporations, domestic businesses and national and local government organizations.

About MIT Startup Exchange, STEX25, and MIT’s Industrial Liaison Program (ILP)
MIT Startup Exchange actively promotes collaboration and partnerships between MIT-connected startups and industry. Qualified startups are those founded and/or led by MIT faculty, staff, or alumni, or are based on MIT-licensed technology. Industry participants are principally members of MIT’s Industrial Liaison Program (ILP).

MIT Startup Exchange maintains a propriety database of over 1,500 MIT-connected startups with roots across MIT departments, labs and centers; it hosts a robust schedule of startup workshops and showcases, and facilitates networking and introductions between startups and corporate executives.

STEX25 is a startup accelerator within MIT Startup Exchange, featuring 25 “industry ready” startups that have proven to be exceptional with early use cases, clients, demos, or partnerships, and are poised for significant growth. STEX25 startups receive promotion, travel, and advisory support, and are prioritized for meetings with ILP’s 230 member companies.

MIT Startup Exchange and ILP are integrated programs of MIT Corporate Relations.