Digital Security
Digital Security A man holding a symbol of a digital lock, symbolizing security or protection in the digital space..

Whether in the realms of IoT connectivity, identity technology, or digital infrastructures: we are the trusted partner for digital security of governments, public authorities and enterprises worldwide.

Overview
Connectivity & IoT
Connectivity & IoT
Mobile Network Operator
IoT
Automotive
Transport & Logistics
Identity Technology
Identity Technology
Enterprise Security
Product and Brand Protection
Health Solutions
Veridos
Digital Infrastructures
Digital Infrastructures
Post-quantum cryptography
secunet
Financial Platforms
Financial Platforms A man holding a smartphone in one hand and a payment card in the other, ready to make a digital transaction.

We create holistic customer journeys from onboarding and authentication over card issuance to a frictionless checkout in eCommerce – taking the complexity out of financial services.

Overview
Trusted Software
Trusted Software
Digital Payments and Wallets
Authentication Solutions
Digital Commerce
Wearable Payment Enablement
Mobile Ticketing
G+D Netcetera
Payment Technology
Payment Technology
Smart Cards
Card Issuance Services
Digital First
Currency Technology
Currency Technology A highspeed G+D banknote processing machine accurately counting and sorting 10 euro notes.

As a market leader and reliable partner for currency technology, we provide highly secure and efficient solutions at all stages of the currency cycle – both in physical and digital ecosystems.

Overview
Digital Currency Ecosystem
Digital Currency Ecosystem
Retail CBDC
Wholesale CBDC
Offline Digital Payment
Token Management
Currency Management
Currency Management
Scalable Cash Cycle Solutions
Intelligent Automation Solutions
Digital Solutions
Innovative Service Solutions
Banknote Solutions
Banknote Solutions
Banknote Design
Banknote Security Technology
Banknote Production
G+D Magazine
Spotlight

Spotlight, the G+D magazine, explores the big topics of our time, offering expert opinion and insights into technological innovation, security and efficiency.

Read More
Unlocked iPhone showing the Wallet app, which can be used to manage credit cards or digital assets

Beyond Apple Pay: navigating the NFC shift

Read more
Holographic security stickers on transparent foil with maritime motifs and the number 25.

Hitting the right note: the vital role of R&D

Read more
Two young women looking at a white smartphone with futuristic building in the background.

Sustainable SIM cards for the future

Read more
Spotlight
G+D Group
G+D Group

Giesecke+Devrient (G+D) is a global SecurityTech company headquartered in Munich. As a trusted partner to customers with the highest demands, G+D makes the lives of billions of people more secure with its solutions.

READ MORE
Company
Company
Management
Annual Report
History
Associations
Supply Chain
Sustainability
Sustainability
Environment
Social
Governance
Press
Press
Press Releases
Press Contact
Events
Careers
Careers

Our employees are at the heart of everything we do. We pride ourselves on our diversity, human values and our daily work. Join us and be part of an international team that’s both inspiring and inspired. Contribute to making the lives of billions of people around the world more secure.

READ MORE
Jobs
What we offer
What we offer
Functional areas
Locations
Who we are
Who we are
Our story
Our innovations in daily life
Our DNA
More Companies
More Companies
secunet
Veridos
EN
A large group of people, including children, wearing casual clothes and standing in front of a vineyard.

Why we invested in Patchstack

Open-source software powers the web, but its flexibility comes with security risks. Patchstack takes a proactive approach, offering real-time vulnerability intelligence and virtual patching to protect WordPress and beyond. As open-source adoption grows, solutions like Patchstack are critical to securing the digital ecosystem.

Investing in the Future of Open-Source Security

The open-source software movement has revolutionized the way digital solutions are developed. However, the open nature of these systems also exposes them to a myriad of security threats, making robust open-source security a critical need in today’s digital landscape. Enter Patchstack, the Estonian cybersecurity company that is transforming the landscape of open-source software security, beginning with content management systems such as WordPress. Here’s why we decided to invest in Patchstack and why we believe it’s a game-changer for the future of open-source security.

Balancing Flexibility with Security: The Hidden Risks of Open-Source Tools

43% of all active websites are powered by WordPress (Source: WPZoom), the internet’s favorite content management system (CMS). That’s a whopping 80 million websites enjoying the benefits the open-source platform provides – website builders can create all kinds of custom websites using WordPress’ extensive plugin and theme ecosystem. WordPress offers a user-friendly and intuitive interface, responsive design, scalability, strong community support, and is very cost-effective. So, where’s the catch?

Despite all their benefits, those third-party open-source plugins and themes are a hacker’s paradise. They often lack thorough security audits, making them susceptible to vulnerabilities. In fact, 97% of WordPress vulnerabilities can be attributed to a plugin or theme vulnerability (Source: HubSpot). Additionally, the popularity and widespread use of these plugins mean that any discovered vulnerability can potentially affect millions of websites, providing a lucrative target for cybercriminals​ to exploit, leading to severe financial and reputational damage. With an average website using 20–30 plugins (Source: WPBeginner), it’s easy to fall behind on updates, especially when website performance, design, and SEO are prioritized over security. This lag in applying updates leaves websites exposed to potential attacks.

Because WordPress is very user-friendly, many of its users lack technical skills and are not aware of the importance of security and best practices. After hearing about a plugin vulnerability, a website owner might be tempted to just remove the plugin from their site. If done on time, this action prevents the vulnerability being exploited, but it might have other unwanted effects – the website might malfunction, show wrong information or even go down. But let’s not put all the blame on the one-time website owner running a site for their flower shop. The fact that security is not a top priority for most website creators, designers and developers is far more alarming. In fact, only 27% of WordPress web creators rank security as their number one concern (Source: UXtweak).

Why Standard Website Security Tools Fall Short in Addressing Modern Threats

Despite an obvious gap in the market, website security remains an underserved area within the broader cybersecurity industry, often relying on manual patching or generic solutions like web application firewalls (WAFs) and malware scanners, which are not always effective.

  • WAFs, while effective at blocking specific traffic, do not provide actual remediation of vulnerabilities nor do they offer application-specific insights or real-time web application analysis. They also require manual updates, which can be a burden for website owners.
  • Malware scanners are often reactive, employing generic malware checks that do not address the specific needs of web applications and offer no real patching solutions.
  • CMS security plugins typically focus on integrating WAF capabilities and performing malware scanning and removal, which as noted, are inherently reactive and do not provide solutions to patch vulnerabilities. These plugins often target SMEs and are not equipped to handle the sophisticated nature of many web attacks today.

Patchstack: Proactive Security Redefined for the Open-Source Web

Patchstack emerges as a game-changer in open-source security, starting with a robust and proactive security solution tailored for WordPress websites. Recognized as the global leader in open-source vulnerability intelligence, Patchstack offers a comprehensive suite of tools designed to identify, prioritize, and mitigate vulnerabilities in real time.

Patchstack addresses the critical gap in website security with the following approach:

  • Vulnerability Intelligence: Leveraging a community of thousands of ethical hackers, internal research and other data sources, Patchstack identifies and categorizes vulnerabilities based on severity.
  • Virtual Patch: Patchstack scans the third-party plugins and themes installed on a website, matching them against the vulnerability feed to generate alerts. Its signature feature, the virtual patch, mitigates vulnerabilities in real-time without altering the website’s code, providing immediate protection until official patches are available.

Websites hosted on GoDaddy, Hostinger, Cloudways and an array of other web hosting services are already connected to Patchstack’s vulnerability feed. That means that the website owners or managers are notified as soon as a vulnerability is detected on their website and are given the option to purchase real-time protection. Alternatively, Patchstack’s vPatching can be purchased directly on the company’s website. Head over to Patchstack to find out more.

Investing in Patchstack: Championing the Next Frontier of Open-Source Security

G+D Ventures invests in European companies whose innovations enhance security and foster trust in digital ecosystems. We collectively call these technologies TrustTech. Check out our article on TrustTech for more details.

With its focus on open-source security and significant traction in the website security space, Patchstack is smack in the middle of our investment thesis. Our investment in Patchstack is also driven by its innovative approach, vision and the significant market potential:

  • Patchstack is one of the few solutions in the market able to automatically protect web applications pro-actively, preventing vulnerabilities from being exploited and reducing the impact of potential cyber-attacks. Patchstack is the leading open-source security intelligence provider and the largest CVE Naming Authority by volume in 2023 for WordPress. Patchstack published 76% of all known WordPress-related security vulnerabilities in 2023, demonstrating their market dominance.
  • Patchstack is perfectly positioned to move beyond WordPress security into the wider open-source security automation market. As open-source software becomes integral to the software industry, securing these components is crucial, as vulnerabilities in the open-source supply chain can have widespread impacts, affecting numerous applications and systems globally.
  • With 200 million active websites globally and WordPress powering 40% of them, the demand for effective security solutions is immense. Patchstack’s unique capability to deliver real-time protection through virtual patching, combined with the largest vulnerability database for WordPress, positions it as a leader in website security. Furthermore, regulatory developments like the Cyber Resilience Act mandate stringent vulnerability management practices, amplifying the need for solutions like Patchstack.

We look forward to a hands-on partnership with both the Patchstack team and investors, shaping a more secure digital future together. For those looking to secure their WordPress websites, Patchstack offers not just a solution but a promise of safety, efficiency, and peace of mind. Join us in embracing the future of cybersecurity with Patchstack.