The views and opinions expressed in the interviews published on Made in CA are those of the interviewees and do not reflect the official policy or position of Made in CA.

The information provided through these interviews is for informational purposes only and does not constitute an endorsement or recommendation of any products, services, or individuals featured. We strongly encourage readers to consult with appropriate professionals or authorities in the relevant fields for accurate information and advice.

Oscar van der Meer

MergeBase’s mission is to secure the software supply chain, which is critical for the digital world we live in. We provide a powerful Software Composition Analysis (SCA) tool designed to identify, manage, and secure the open-source components and third-party libraries utilized within software applications. It empowers companies and developers to make informed decisions, protect against cyber threats, and achieve a higher level of security and compliance.

Tell us about yourself?

Previously, I was an enterprise architect at a large organization that owns about 80 banks and insurance companies globally. I was involved in securing online banking and brokerage. After that, I became an executive running a software business that provided services to financial institutions for more than a decade.

If you could go back in time a year or two, what piece of advice would you give yourself?

Don’t be too focused on a specific industry, as everyone is facing these challenges.

What problem does your business solve?

The software industry heavily relies on third-party components, libraries, and frameworks to accelerate development and deliver products efficiently. However, this dependency introduces a significant challenge: the risk of security vulnerabilities and compliance issues within the software supply chain. Mergebase addresses this problem by providing a comprehensive solution that allows organizations to gain deep visibility into their software supply chain, enabling proactive vulnerability monitoring and alerts and empowering organizations to mitigate potential threats promptly.

What is the inspiration behind your business?

I ran into this problem myself. The organization that I was responsible for provided online and mobile banking solutions to financial institutions. Being at the perimeter of a financial institution, you experience continuous attacks, and you need to be very secure. Google notified us about vulnerabilities in libraries about 10 years ago. Those vulnerabilities are weaknesses that cybercriminals can use to breach the organization.

Through this experience, we got sensitized about the problem, and it became clear to us that this could grow into a large issue for most organizations in the future.

That has happened. Software supply chain attacks have increased tenfold in the last two years.

What is your magic sauce?

MergeBase is the only software supply chain security solution on the market that can actually reduce the number of vulnerabilities that software engineers have to fix because of our patented Dynamic Application Surveillance and Hardening technology.

What is the plan for the next 5 years? What do you want to achieve?

Software supply chain attacks are spiralling out of control. MergeBase believes that with our multipronged approach, which includes dynamic hardening, we can bring this huge problem under control.

What is the biggest challenge you’ve faced so far?

Cybersecurity is a very busy market with lots of solutions. Getting heard is one of our main challenges. And we really appreciate the opportunity with Made in CA to tell our story.

How can people get involved?

You can take a free trial on MergeBase to help get software supply chain risks under control.