Technology

Computer reseller pilot fish gets a call one morning from the IT director at a nearby public school system. The problem: Every PC in one school's computer lab has gone silent.

"In the lab, the students could listen to a specific application," says fish. "All the desktop computers fed into external speakers. There was no sound coming from the speakers.

"I asked the IT director if he'd checked all the connections. He assured me he had.

"I made the 45-minute trip to the school, and he showed me the problem. I noticed that all of the external speakers were getting their power from some daisy-chained power strips. I also noticed that the first one was turned off.

Sonatype helps enterprises identify and remediate vulnerabilities in open source library dependencies and release more secure code. Today, they announced a free tool called DepShield that offers a basic level of protection for GitHub developers.

The product is actually two parts. For starters, Sonatype has a database of open source dependency vulnerabilities called OSS Index. The company gathers this information from a variety of public sources, says Sonatype CEO Wayne Jackson. While it isn&t as highly curated as the companycommercial offerings, it does offer a layer of protection that most individual developers or small shops wouldn&t normally have access to.

After a developer installs DepShield, it checks a code commit in GitHub against the known vulnerabilities in the OSS Index with recommendations on how to proceed. The companycommercial offerings includes a policy engine to automate remediation. The free version simply lets developers know if there are issues, and they can go back and fix them if need be.

&What DepShield and OSS Index are doing is allowing the developers at the front lines to be able to see whathappening inside their applications and fix the vulnerabilities directly,& Jackson said.

Vulnerability listed in OSS Index. Screenshot: Sonatype

As for the differences between the commercial and free products, Jackson say ita matter of scale. &The way you manage a single application or handful of applications as a developer is different than how you might approach it if you&re a CISO or a governance organization for thousands of applications,& he explained. The latter requires a higher level of automation than the former because of the sheer number of applications involved.

DepShield offers the 28 million developers using GitHub access to a baseline level of protection by identifying a set of known vulnerabilities in their applications before they make them public. Jackson says that GitHubrole is evolving. Today, itnot only a tool for committing your code, italso become a place to do issue tracking and code reviews, and he believes that as such, a product like DepShield is a natural fit.

Known issues list DepShield. Screenshot: Sonatype

DepShield is available starting today in the Security section of the GitHub Marketplace and developers can download and install it for free.

Sonatype, which is based in Maryland, launched in 2008 and has raised almost $75 million, according to data on Crunchbase. Its most recent funding round was in 2016 for $30 million. Microsoft acquired GitHub in June for $7.5 billion.

LittleBits is making its first acquisition. The New York-based educational hardware company has agreed to acquire DIY.co, an educational social network for kids. Co-founded in 2011 by VimeoZach Klein, the San Francisco-based software startup is behind the DIY.org online community and jam.com, a subscription-based STEAM educational platform.

&Over the years we&ve explored dozens of acquisitions, strategic deals, mergers,& littleBits founder and CEO Ayah Bdeir told TechCrunch. &We&re very actively looking at that stuff all the time. But DIY, Zach and his team stand out as a match made in heaven.&

DIYproduct will serve as the software foundation for littleBits& projects moving forward. For starters, the company will provide a kind of software instruction booklet for littleBits& kits, including a trio of new ones due out this fall. Those will follow the startuprecent Avengers kits, the second product to take advantage of its Disney accelerator connections.

From there, its seems pretty clear how the companysocial networking and hundreds of hours of online instructional videos will complement littleBits& long-standing goal of empowering children through STEM educational tools.

&We&re creating an environment where kids are teaching kids,& Klein tells TechCrunch. &That was our mission from day one, to create a space where kids can develop learning strategies for other kids, instead of a one-size-fits-all approach to education. We&re creating an environment where kids are forging the pathways that other kids can find and follow.&

DIY.co, will stay in its San Francisco office, allowing littleBits to expand its presence to the West Coast, where most of its investors are based. The company name and sub-brands like Jam will also remain intact, allowing littleBits to leverage the cachet the brand has built over the years, including some 1.5 million projects uploaded by 550,000 registered users.

DIYteam of 15 will also stay on, joining littleBitexisting staff of 100+ employees.

&The expertises are really complementary,& says Bdeir. &Zachteam, their skill set is in software product and community building and content creation. Those are things we don&t have a lot of expertise in. We wouldn&t be doing this if we weren&t bullish about the future. This is the beginning of us doing many more aggressive steps to becoming the leading learning-to-play company in the world.&

LittleBits is clearly starting to put to use some of the $65 million itraised, by growing the company through acquisitions and other means. In the case of DIY, the deal is certainly a complementary one.

&This combination isn&t just about merging two mission-aligned brands,& Jon Callaghan, co-founder of littleBits investor True Ventures, told TechCrunch. &Itreflective of a larger trend among consumer brands like Peloton and Netflix that recognize that quality content is, once again, king.&

Terms of the deal have not been disclosed.