HeroDevs Acquires Xeol to Help Users of End-of-Life Open Source Software Secure Their Applications and Protect Their Data

HeroDevs Will Make Xeol’s Proprietary Data Publicly Available to Developer Communities and Businesses for Free

Salt Lake City – Feb. 4, 2025 – HeroDevs, a leading provider of security and compliance solutions for deprecated open-source software, today announced the acquisition of Xeol, a New York City startup providing businesses with end-of-life software detection intelligence for their technology stacks. Through the acquisition, HeroDevs will augment its Never-Ending Support (NES) solutions by giving businesses, organizations, and developers reliant on open source software visibility into packages that are deprecated and past their end-of-life. 

Xeol’s platform tracks end-of-life data for more than 100,000 open source software packages. The company uses this data to identify potential cybersecurity risks within companies’ software supply chains. Xeol had previously raised $3.2 million in funding from Shield Capital, Y Combinator, and 468 Capital. 

The acquisition builds on HeroDevs legacy as a security and software supply chain trailblazer in the open source community. HeroDevs’ services help developers and cybersecurity professionals make sure their end-of-life open source software stays patched and secured. This is especially valuable to businesses who must adhere to strict compliance standards that prohibit the use of unsupported software, such as FedRAMP, HIPAA, PCI DSS, and SOC 2.

“When it comes to securing your applications, the first step is knowing you have a problem and for many, that is the biggest challenge,” said Aaron Frost, HeroDevs Founder and CEO. “The Xeol team has built an extremely large, exhaustive database of open source software that has reached its end-of-life, and could therefore put organizations at risk. Our team is thrilled to continue the journey they’ve started and, in the spirit of open source, we will make this comprehensive database available to the public for free so developers, CISOs, and technology leaders can easily ensure their applications are secure and safeguarded against data breaches.”

When open source software packages reach their end-of-life and are no longer maintained by the organizations and developers building them, using that software can be a threat vector for hackers and data breaches. Most software security scanners track common vulnerabilities and exposures, but tracking threats for unsupported, deprecated open source software is more challenging, as developers overseeing those projects do not have resources to reproduce and validate the vulnerabilities. In addition, tracking end-of-life data for open source software packages has been extremely decentralized, until now. 

By maintaining this data repository and making it publicly available for free to companies and open source users, HeroDevs aims to empower open source software supply chain tools and companies with the data to better identify potential cybersecurity threats. 

 “Joining HeroDevs feels like the perfect opportunity for Xeol to really make a bigger impact on the open source community,” said ShiHan Wan, Cofounder and CEO at Xeol. “The kind of insights we can provide through our database could be game-changing for open source developers and cybersecurity pros alike. The fact that HeroDevs is making that data freely available says a lot about their commitment to open source values like collaboration and transparency.”

End-of-life data can also be incorporated into software composition analysis and vulnerability detection tools. HeroDevs recently partnered with Mend.io to help companies struggling with open source end-of-life challenges make remediation immediately available through Mend’s AppSec (application security) Platform. 

About HeroDevs:

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software. The company’s mission is to keep these critical technologies running smoothly, securely, and in compliance long after their official end-of-life. From AngularJS to .NET, HeroDevs Never-Ending Support (NES) solutions give businesses the freedom to plan migrations on their terms while staying protected against vulnerabilities and compliance risks.

‍

Serving industries where security and uptime are non-negotiable, including finance, healthcare, and government, HeroDevs has earned the trust of over 700 companies, including half of the Fortune 100. With a team of open-source experts, proactive vulnerability remediation, and enterprise-grade support, HeroDevs empowers organizations to keep moving forward without disruption.

‍

Media Contact:

• Dan Sorensen
• press@herodevs.com

‍