Veracode

{{short description|Application security company}}{{Advert|date=February 2024}}{{Infobox company

| name = Veracode, Inc.

| logo = Veracode-logo-small.png

| type = Private

| founder = Chris Wysopal, Co-Founder, CTO and CISO
Christien Rioux, Co-Founder

| area_served =

| key_people = {{Unbulleted list|Brian Roche, CEO}}

| industry = Computer software

| genre =

| services =

| revenue =

| operating_income =

| net_income =

| assets =

| equity =

| owner = CA Technologies (2017-18)
Broadcom, Inc. (2018)
Thoma Bravo (2018-22)
TA Associates (2022-present)

| parent =

| divisions =

| homepage = {{URL|https://www.veracode.com/}}

| footnotes =

| intl =

| foundation = 2006

| location_city = Burlington, Massachusetts

| location_country = United States

| location =

| locations =

}}

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.{{cite news |url=https://www.digitalmarketplace.service.gov.uk/g-cloud/services/935505900181474 |title=Veracode Application Security Testing (AST) - Leader in Gartner MQ|work=Digital Marketplace Gov.UK}}

The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis.{{cite news |url=https://us-cert.cisa.gov/bsi/articles/best-practices/white-box-testing/white-box-testing |title=White Box Testing|last=Janardhanudu|first=Girish|date=26 September 2005 |work=Cybersecurity & Infrastructure Security Agency}}{{cite news |url=https://flylib.com/books/en/4.223.1.44/1/ |title=Dynamic Black-Box Testing: Testing the Software While Blindfolded|work=Flylib}} Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code.{{cite news |url=https://www.bloomberg.com/press-releases/2021-02-04/appsec-market-leader-veracode-continues-strong-growth-and-business-momentum |title=AppSec Market Leader Veracode Continues Strong Growth and Business Momentum|date=February 4, 2021|work=Bloomberg}}{{cite news |url=https://ca.finance.yahoo.com/news/appsec-market-leader-veracode-continues-135900422.html|title=AppSec Market Leader Veracode Continues Strong Growth and Business Momentum|date=February 4, 2021|work=Yahoo! Finance}}

History

Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries.{{cite news |url=http://www.networkworld.com/news/2007/010907-veracode-security-evaluations.html?zb&rc=sec |archive-url=https://web.archive.org/web/20070505025520/http://www.networkworld.com/news/2007/010907-veracode-security-evaluations.html?zb&rc=sec |url-status=dead |archive-date=2007-05-05 |title=Start-up Veracode offers code security evaluation online |work=Network World |date=2007-01-09 |last=Messmer |first=Ellen |access-date=2010-02-16}} Much of Veracode's software was written by Rioux.{{cite news|last1=Fitzgerald|first1=Michael|title=To Find the Danger, This Software Poses as the Bad Guys|url=https://www.nytimes.com/2007/04/22/business/yourmoney/22proto.html|access-date=11 October 2016|work=New York Times|date=April 22, 2007}} In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system. On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer.{{cite news |url=http://bostonglobe.com/business/2011/11/29/veracode-hires-iron-mountain-ceo/Uhza2yI4zyad6d5rzIOtbI/story.html|archive-url=https://web.archive.org/web/20120415015440/http://bostonglobe.com/business/2011/11/29/veracode-hires-iron-mountain-ceo/Uhza2yI4zyad6d5rzIOtbI/story.html|url-status=dead|archive-date=2012-04-15|title=Veracode hires Iron Mountain CEO |last=Denison |first=D.C. |work=Boston Globe |date=2011-11-29 |pages=B5 ff}}

As of 2014, Veracode's customers included three of the top four banks in the Fortune 100.{{cite web |url=http://www.bizjournals.com/boston/blog/techflash/2014/12/cybersecurity-firm-veracode-to-hire-100-next-year.html |title=Cybersecurity firm Veracode to hire 100 next year, readies for IPO |work=Boston Business Journal |date=2014-12-09 |access-date=2014-12-10}} Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through.{{cite news|last1=Primack|first1=Dan|title=Exclusive: Veracode files for IPO|url=http://fortune.com/2015/03/02/exclusive-veracode-files-for-ipo/|access-date=11 October 2016|publisher=Fortune|date=March 2, 2015}}{{cite web |author1=Dan Primack |title=CA is buying Veracode for $614 million |date=7 March 2017 |url=https://www.axios.com/2017/12/15/ca-is-buying-veracode-for-614-million-1513300803 |publisher=axis |access-date=16 November 2023}} In a funding round announced in September 2014, the firm raised {{Currency|40 million}} in a late-stage investment led by Wellington Management Company with participation from existing investors.{{cite journal |url=http://fortune.com/2014/09/11/veracode-40-million-funding-ipo/ |title=With some swagger, security firm Veracode preps for an IPO |date=2014-09-11 |journal=Fortune.com |last=Nusca |first=Andrew |access-date=2014-09-12}}

In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities.{{cite news|last1=Palmer|first1=Danny|title=Government is worst industry sector for fixing security vulnerabilities, claims Veracode|url=http://www.computing.co.uk/ctg/news/2414316/government-is-worst-industry-sector-for-fixing-security-vulnerabilities-claims-veracode|access-date=11 October 2016|publisher=Computing|date=June 23, 2015}}{{cite news|last1=Ward|first1=Marguerite|title=All industries fail cybersecurity, govt the worst|url=https://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the-worst.html|access-date=11 October 2016|publisher=CNBC|date=June 23, 2015}} This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark."{{cite news|last1=Ashford|first1=Warwick|title=Veracode finds most web apps fail Owasp security check list|url=http://www.computerweekly.com/news/4500259915/Veracode-finds-most-web-apps-fail-Owasp-security-check-list|access-date=11 October 2016|publisher=Computer Weekly|date=December 3, 2015}}

On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash,{{cite web |title=CA Technologies to Acquire Veracode, a Leading SaaS-based Secure DevOps Platform Provider |url=https://www.ca.com/us/company/newsroom/press-releases/2017/ca-technologies-to-acquire-veracode-the-leading-saas-based-secure-devops-platform.html |publisher=CA Technologies |date=2017-03-06}} and the acquisition was completed on April 3, 2017.{{cite web |title=CA Technologies Completes Acquisition of Veracode |url=https://www.ca.com/us/company/newsroom/press-releases/2017/ca-technologies-completes-acquisition-of-veracode.html |publisher=CA Technologies |date=2017-04-03}}

On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash.{{cite web |title=Broadcom to Acquire CA Technologies for $18.9 Billion in Cash |url=http://investors.broadcom.com/phoenix.zhtml?c=203541&p=irol-newsArticle&ID=2357930 |publisher=Broadcom |date=2018-07-11}} The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business.{{cite web |title=Broadcom Inc. Completes Acquisition of CA Technologies |url=http://investors.broadcom.com/phoenix.zhtml?c=203541&p=irol-newsArticle&ID=2375294 |publisher=Broadcom |date=2018-11-05}} On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash.{{cite web |title=Thoma Bravo to Acquire Veracode Software from Broadcom Inc. |url=https://thomabravo.com/2018/11/05/thoma-bravo-to-acquire-veracode-software-from-broadcom-inc-nasdaqavgo/ |publisher=Thoma Bravo |date=2018-11-05}}{{Cite web|date=2018-11-05|title=Veracode sold to Thoma Bravo for $950 million|url=https://www.cyberscoop.com/veracode-thoma-bravo-broadcom-950m/|access-date=2020-09-04|website=CyberScoop|language=en}}

Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO.{{cite web |title=Veracode to be acquired by private equity firm for $950M |url=https://www.bizjournals.com/albany/bizwomen/news/latest-news/2018/11/veracode-to-be-acquired-by-private-equity-firm-for.html |publisher=bizjournal |access-date=16 November 2023}}

Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery.{{cite news |url=https://www.infosecurity-magazine.com/news/report-application-flaws/|title=Report: Application Flaws Being Fixed Faster Although Bugs Persis|last=Raywood|first=Dan|date=October 28, 2020|work=Info Security}} In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws.

In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion.{{cite web |author1=Peter Cohan |title=5 Ways This $2.5 Billion Tech Company Takes the Lead |url=https://www.inc.com/peter-cohan/5-ways-this-25-billion-tech-company-takes-lead.html |publisher=Inc. |access-date=16 November 2023}}

In April 2024, Brian Roche replaced Sam King as CEO, following Veracode’s acquisition of Longbow Security.{{cite web |url= https://www.bankinfosecurity.com/veracode-promotes-brian-roche-to-ceo-buys-longbow-security-a-24767 |title=Veracode Promotes Brian Roche to CEO, Buys Longbow Security |work=BankInfoSecurity.com |last=Novinson |first=Michael |date=2024-04-03 |accessdate=2024-05-06}}

In January 2025, Veracode acquired Phylum Inc. The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries.{{cite web |author1=Ryan Naraine |title=Veracode targets malicious code threats with Phylum acquisition |url=https://www.securityweek.com/veracode-targets-malicious-code-threats-with-phylum-acquisition |date=7 January 2025 |accessdate=16 January 2025}}

Technical integrations

Veracode's Static Application Security Testing solution provides users with integrations with most workflow applications.

Channel model

Veracode applies a mixed channel model, using local resellers to reach customers but also doing business direct with enterprise size global accounts. The company collaborates with partners across various regions, including North America, Latin America, EMEA and the Asia-Pacific. Veracode provides a "Find a Partner" tool on its website, enabling prospective customers to identify and connect with authorized partners in their area. New resellers are added on a regular basis.{{cite web|title=Macanta partnert met Veracode |url=https://belgiumcloud.com/2024/08/19/macanta-partnert-met-veracode-om-application-risk-management-in-de-benelux-te-versterken/|date=19 August 2024 |accessdate=24 January 2025}}

Veracode

History

Technical integrations

Channel model

See also

References

Further reading