I met Max just before his YC interview. The fun fact there was that we both have the same firstname, came from the same region (Europe), and work on the same product family (Vulnerability Management).
AppCanary went to YC, and Cyberwatch went back to France.
However, for us that was for the best! Most of our customers indeed really liked the fact that we are a 100% French company.
We are now profitable and provide a complete Server Vulnerability Management + Patch Management solution.
Different paths to glory, but the world is small and I'm sure we'll meet again someday :)
True story: the first thing Phill told me when he got back is that they'd met some guy from France with an alarmingly similar business model that didn't get into the cohort. Life is funny and the world is small.
I really found AppCanary useful for linux packages. They had nice rollup emails for your servers' packages installed with fixes/patches and those with public vulnerabilities without patches. Is there a similar service that does that on the cheap? I'd rather not run/install my own.
Top comment in that thread is an expression of hesitation over the pricing. Looks like they kept largely the same scheme over their lifetime, except by replacing the next step up from the $99 tier -- $299 for 50 servers -- with a $499 for 75 servers:
I like the idea of smartly compiling and packaging vulnerabilities and building a business off of that. But was the pricing competitive to what a company devops employee would typically spend in monitoring this? It looks like they provided monitoring and reports with these plans but not anything else on top of sending the alerts.
I assume that's why they were acquired. At this point, they were a little bit more of a "feature" than a product. I suspect this tech is driving vuln alerts on repos:
I would hate to take credit for work I didn't do, so I would just like to quickly set the record straight:
We had nothing to do with that feature! We legit joined just now. But it certainly demonstrated a certain synergy between our skillset and GitHub's feature roadmap ;).
Congratulations Phill and Max! Really excited to see what you do with GitHub's security alerting. Seeing GitHub take ownership of the space feels like a great development.
Sometimes, an acquihire is just a hiring. if there's any cash for the founders, it's on the order of a generous signing bonus. The founders are expected to work real jobs in the acquiring company, and sometimes the payouts are tied to golden handcuffs.
There's nothing wrong with consenting adults agreeing to such a thing, but that would not, in my books, be a "successful exit" unless the founders had planned all along to use their startup as a job-seeking vehicle.
Of course, the other end of the scale is a substantial payout, much larger than any imaginary "hiring bonus." The founders get jobs or consulting gigs with the acquiring company, but that's mostly structured to prevent them from immediately quitting and sending a signal to the market that they hate the acquiring company.
They need only attend a few meetings over the next year of their contract, and can work on their next project in stealth mode. That's an "acquihire" and a successful exit at the same time.
Between those two extremes, there are varying degrees of "successful," and "exit." I don't think it's as simple as "equity is worth more than zero equals successful exit," especially if you don't have the freedom to do WTF you want the moment the ink dries on your signature.
Even if the equity ends up being worth $0, I'd still say it's a successful exit, since you're ending up working for a great company that you might otherwise not have been able to get in to. Think of it as an alternative to the standard "whiteboard hazing, recruiter ghosting" interview track.
EDIT: To clarify I'm talking about acquihires in general, not specifically this one, the details of which I'm obviously not aware.
I'm not sure that 900 days of labor resulting in an equity value of $0 and a job offer is worth skipping the whiteboard and other recruiting nonsense. (I have no idea if that's what did or didn't happen here, of course, and suspect it was better than that, but that scenario is not one of "success", IMO.)
An acquire can be a successful exit for the founder, but if Investors are not recouping their investment than it isn't really successful for the whole startup ecosystem.
The trend is integrating security into the DevOps lifecycle (DevSecOps). At GitLab we already do SAST and are working on SAST for containers with Claire and DAST. I looked today but couldn't find a good IAST solution that was open source.
I actually thought this was one of the more refreshingly candid "our incredible journey" announcements I've seen, complete with apology to inconvenienced customers and an admission the service was being sunsetted because it hadn't achieved its business goals as opposed to because $incompatiblenewservice was even better.
AppCanary went to YC, and Cyberwatch went back to France.
However, for us that was for the best! Most of our customers indeed really liked the fact that we are a 100% French company.
We are now profitable and provide a complete Server Vulnerability Management + Patch Management solution.
Different paths to glory, but the world is small and I'm sure we'll meet again someday :)
=> I wish you the best at GitHub!