In 2017, unemployed and sitting on the couch of my future co-founder Dustin Decker, I wrote and open sourced a tool called TruffleHog, which was originally intended to find API keys in Git source code that would help me more easily submit bug bounties.
Below is a real key that I found and reported on one of Netflix’s public repositories (Netflix later hired me to do security work for them)
Giving back to the community, and helping everyone raise the security bar through open source technology has always been at the heart of TruffleHog. In the beginning of 2021, my co-founders, Dustin Decker and Julian Dunning, and I decided to leave our full time jobs and focus 100% of our time on giving back to the community that helped make our career, specifically focus on continuing to build out TruffleHog to prevent credential leakage.
Fast forward to today, having recently been honored on Forbes’ annual 30 Under 30 list and having recently pushed out two awesome new releases to the open source community, we are so happy to have found venture partners who understand our mission and enable us to continue on this journey.
We’re thrilled to be able to work full time on open source technology that improves the state of security. We’re even happier to have found amazing VC partners that believe in this mission and have empowered us to empower developers everywhere with open source, easy-to-use, security tooling. Andreessen Horowitz led our Series A this year, followed by Expa, Lytical, Harpoon, HNVR, Essence, Abstract, and many amazing, helpful angel investors.
Secrets are leaking out more places than ever and we are assembling a team to tackle the problem through the power of community and open source.
Look out for additional new and exciting tools we plan to release in the coming months and check out our careers page to learn about opportunities to help us on our mission to open source security tooling.
Truffle Security Co-founders Julian, Dustin and Dylan