While dependency management may be something you have never thought about – and most software engineers you know would probably rather not have to think about – dependencies form the backbone of nearly all modern software. OS Software comprises 70-90% of any software solution today and each component requires regular updating for security, performance, and reliability. Yet 85% of codebases contain components that are more than four years out of date. Moreover, many dependencies rely on additional packages, resulting in transitive or chained dependencies. Updating one dependency can sometimes break the whole chain if not managed carefully. The technical term for this complex network of interconnections is “dependency hell.”
Faced with this problem, companies today must either invest in resources dedicated to research and update implementation or risk falling behind, exposing themselves to vulnerabilities and performance degradation. As a result, many large enterprises have entire teams dedicated to monitoring the company’s OS dependencies for updates. These teams research change-logs and scour Reddit and Stack Overflow threads to hopefully learn from the experience of developers who bravely upgraded before them. Only after validating safety – a work queue that can take weeks or even months – do these teams authorize upgrades. At the same time, engineers prefer to work on the latest OS versions and can grow frustrated by these cautious gatekeepers and slowed development velocity. It’s no wonder that some of the worst exploits in recent years have taken advantage of vulnerabilities in OS dependencies.
The idea for a better-way took root while Steve Pike, co-founder and CEO of Infield, was working as a consultant, helping to dig a handful of clients out of dependency management holes, while bootstrapping another startup with Infield co-founder and COO Allison Pike. Steve and Allison – who bring data company experience from their prior roles as CTO and COO at SevenFifty (acq. 2022), respectively – quickly observed some unexpectedly strong benefits of undertaking dependency management horizontally. Even across just a few clients, 80%+ of the OS dependency research to inform upgrade path design was overlapping. The intense pull from this side hustle made it clear to Allison and Steve that it warranted their full attention. Andrew Lenehan, with experience as a product leader at AppNexus and co-founder at Roster, rounds out the Infield founding team.
When we met Steve, Allison and Andrew, they saw the opportunity to offer support for this critical, but much maligned, task at scale and achieve even greater leverage via LLMs to analyze changelogs and identify potential issues in updates automatically. This approach, combined with the opportunity to build a robust and unique database of OS package metadata – through changelog ingestion & processing to synthesis of self-reported user experiences around updates and upgrades – enables Infield to support comprehensive and efficient dependency management across most any enterprise and with compounding benefits to scale.
What makes Infield plug-and-play is that it both identifies and manages the sequence and remediation of updates in concert with a company’s policies and code. This process transforms the daunting task of updating dependencies into a streamlined, and increasingly automated, workflow. The moment a company integrates with Infield, it gains the ability to swiftly navigate through a backlog of updates, a task that could otherwise consume months or even years of engineering hours.
Much has been written about how AI will write more and more software, but even today, only about 30% of a developer’s time is spent on writing or improving code. Most of a software engineer’s day is spent on maintenance, testing, and meetings. Infield uses AI to read software. By shouldering the burden of reading changelogs and conducting dependency updates, Infield empowers engineers, DevOps, and DevSecOps teams to concentrate on their core functions, ensuring smoother and more secure production systems and freeing up time for higher creativity activities.
At Foundation Capital, we’re fired up by the potential to transform the ordinary into the extraordinary and believe that the true value in software comes from solving real problems. Few things did more for the liberation of women than the washing machine. Infield similarly redefines an essential, yet often overlooked aspect of software development. By harnessing AI to streamline necessary everyday tasks, developers are empowered to focus on the world’s next great innovations. By the end of 2024, an anticipated two-thirds of businesses plan to integrate AI into their software development processes – the appetite to shift towards an AI-centric operational model is clear and engineers will increasingly demand it of their employers, but most are still figuring out how and where to start on this transformation. AI has the opportunity to raise the bar for every aspect of software development and we are excited to continue to partner with visionary founding teams, like Steve, Allison and Andrew to create that future.
We are happy to be joined by Y Combinator and Firsthand Alliance, along with seasoned engineering leaders like Adam Gross (former CEO of Heroku), Jonathan Siddarth (founder of Turing), and Austin Ogilvie (founder of Thoropass) who have lived and survived dependency hell, as investors in Infield. Congratulations to the Infield team on all you have accomplished and we look forward to the chapter ahead!
Published on 01.31.2023
Written by Foundation Capital