HeroDevs Raises $125 Million to Secure Legacy Open-Source Software

Key Takeaways:

HeroDevs has raised $125 million in strategic growth funding led by PSG, bringing its total capital raised to approximately $133 million.
The company offers Never-Ending Support (NES) for deprecated open-source software (OSS), helping enterprises stay secure without rewriting legacy code.
Over 900 organizations—including Microsoft, Google, GE, and Capital One—rely on HeroDevs to maintain compliance and patch vulnerabilities in EoL software.
The company has also launched a $20 million Open Source Sustainability Fund to support maintainers that follow end-of-life best practices.
The funding will be used to expand NES coverage, invest in open-source security infrastructure, and scale internal operations.

HeroDevs, a Utah-based software firm, has announced a $125 million strategic growth investment to scale its mission of securing deprecated open-source software (OSS) widely used in enterprise environments. The round, led by growth equity firm PSG, positions HeroDevs to accelerate its Never-Ending Support (NES) model, which delivers security patches and ongoing compliance updates for OSS components that have reached their official end-of-life.

The announcement comes at a pivotal moment. The increasing pace of AI adoption, rising dependency on open-source components, and a widening security gap for legacy systems have all converged to create urgent demand for sustainable solutions that extend the life of critical software.

HeroDevs, founded in 2018, is attempting to close that gap by offering enterprises an alternative to disruptive code rewrites and costly migrations. Through NES, HeroDevs provides secure, drop-in replacements for widely used but deprecated frameworks and libraries, including AngularJS, .NET, Node.js, Spring, and Apache Struts. These maintained versions are patched for emerging vulnerabilities and tested for compatibility with modern infrastructure.

Addressing the Unseen Risk in Legacy Code

Open-source software powers an overwhelming share of digital infrastructure, from internal tooling to external-facing applications. However, many widely adopted projects are sunset by maintainers, leaving users without security updates. According to Black Duck, the average commercial codebase contains more than 900 OSS components, and over 86% of these include at least one outdated or vulnerable dependency.

The real-world risk is significant. Qualys estimates that nearly half of all OSS-related vulnerabilities stem from components that are no longer maintained upstream. For enterprise security teams, this translates into blind spots—systems running mission-critical workloads on code that no longer receives updates, bug fixes, or security patches.

HeroDevs steps in to fill this void. Its NES service offers active support beyond a project’s end-of-life, ensuring continuity for enterprises that cannot afford to migrate immediately or risk falling out of compliance.

Never-Ending Support in Practice

Rather than forking projects and breaking compatibility, HeroDevs uses a drop-in replacement strategy. Customers can substitute HeroDevs-supported versions of end-of-life software for the original libraries with minimal disruption. The platform maintains behavioral consistency, enabling enterprises to continue using the software while benefiting from newly released patches and threat mitigations.

For developers and DevOps teams, this means avoiding long and expensive refactoring cycles. For CISOs and compliance officers, it means reducing regulatory exposure, especially in highly sensitive verticals like finance, healthcare, and government.

To date, HeroDevs supports more than 900 customers, including large-scale adopters such as Microsoft, Google, GE, and Capital One. These organizations rely on NES to maintain the security posture of legacy applications while planning more controlled transitions to modern frameworks.

$20 Million for Sustainability and the Open Source Community

As part of its broader mission, HeroDevs has also committed $20 million to the newly established Open Source Sustainability Fund. The initiative offers grants ranging from $2,500 to $250,000 to maintainers who follow best practices in ending support for their projects. That includes publishing end-of-life timelines, offering migration guidance, and ensuring critical patches are communicated to downstream users.

HeroDevs has already contributed $4 million in revenue to the open-source ecosystem, including $2 million in 2024 alone. The new fund formalizes that support and helps ensure that OSS maintainers are compensated for their foundational work—a growing issue as open-source infrastructure becomes more critical and under-resourced.

This dual focus—on customer support and community enablement—distinguishes HeroDevs from other commercial software vendors that rely on OSS but offer little back to the ecosystem. According to CEO Aaron Frost, “What we provide saves our customers thousands of hours and hundreds of millions of dollars, not to mention avoidance of reputational harm from breaches.”

AI, OSS Complexity, and the Timing for HeroDevs

As organizations adopt AI at scale, the dependency on open-source software continues to grow. Whether it’s libraries for model orchestration, data transformation, or API integration, the underlying stack is often maintained by unpaid contributors working in their spare time.

This creates systemic fragility. When projects are abandoned, users are left scrambling. Migration options may not exist or may require costly re-architecture. HeroDevs gives security teams a pragmatic option—maintain current workflows while eliminating unsupported risks.

This approach aligns with enterprise needs in an era where resilience and continuity are critical. It also echoes growing sentiment among regulators and security researchers that software lifecycles must include end-of-life planning as a security and compliance imperative.

What Comes Next

HeroDevs plans to use the new capital infusion to:

Expand NES coverage to additional OSS projects, particularly in areas like JavaScript, Python, and cloud infrastructure.
Invest in security research and patching automation to reduce time-to-fix for newly disclosed vulnerabilities.
Grow its engineering and customer success teams to serve a rapidly expanding enterprise customer base.
Scale the Open Source Sustainability Fund in tandem with growth, encouraging best practices across the OSS maintainer community.

The firm is also evaluating additional tools and services to help organizations inventory their OSS dependencies, evaluate end-of-life risks, and implement NES-supported components automatically.

Conclusion

With $125 million in new funding and growing demand for long-term OSS support, HeroDevs is positioned to become a cornerstone of the modern software supply chain. Its Never-Ending Support model solves a pressing problem—how to keep legacy code secure in a world moving at AI-driven speed.

Beyond protecting enterprises from vulnerabilities and compliance failure, HeroDevs’ approach supports the broader health of the open-source ecosystem. By investing in maintainers and aligning with responsible software stewardship, the company offers a compelling blend of commercial service and community commitment.

As more organizations grapple with aging codebases and growing regulatory scrutiny, HeroDevs delivers both a safety net and a path forward.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event in Sept 29-30, 2025 in DC.

Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.