![]() | This article contains promotional content .(February 2024) |
![]() | |
Company type | Private |
---|---|
Industry | Computer software |
Founded | 2006 |
Founder | Chris Wysopal, Co-Founder, CTO and CISO Christien Rioux, Co-Founder |
Headquarters | , United States |
Key people |
|
Owner | CA Technologies (2017-18) Broadcom, Inc. (2018) Thoma Bravo (2018-22) TA Associates (2022-present) |
Website | www |
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. [1]
The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis. [2] [3] Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code. [4] [5]
Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries. [6] Much of Veracode's software was written by Rioux. [7] In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system. [7] On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer. [8]
As of 2014, Veracode's customers included three of the top four banks in the Fortune 100. [9] [10] Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through. [11] [12] In a funding round announced in September 2014, the firm raised US$ 40,000,000 in a late-stage investment led by Wellington Management Company with participation from existing investors. [9]
In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities. [13] [14] This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark." [15]
On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash, [16] and the acquisition was completed on April 3, 2017. [17]
On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash. [18] The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business. [19] On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash. [20] [21]
Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO. [22]
Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery. [23] In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws. [4] [5]
In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion. [24]
In April 2024, Brian Roche replaced Sam King as CEO, following Veracode’s acquisition of Longbow Security. [25]
In January 2025, Veracode acquired Phylum Inc. The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries. [26]
Veracode's Static Application Security Testing solution provides users with integrations with most workflow applications.
Veracode applies a mixed channel model, using local resellers to reach customers but also doing business direct with enterprise size global accounts. The company collaborates with partners across various regions, including North America, Latin America, EMEA and the Asia-Pacific. Veracode provides a "Find a Partner" tool on its website, enabling prospective customers to identify and connect with authorized partners in their area. New resellers are added on a regular basis. [27]
CA Technologies, Inc., formerly Computer Associates International, Inc., and CA, Inc., was an American multinational enterprise software developer and publisher that existed from 1976 to 2018. CA grew to rank as one of the largest independent software corporations in the world, and at one point was the second largest. The company created systems software that ran in IBM mainframe, distributed computing, virtual machine, and cloud computing environments.
Sophos Limited is a British security software and hardware company. It develops and markets managed security services and cybersecurity software and hardware, such as managed detection and response, incident response and endpoint security software. Sophos was listed on the London Stock Exchange until it was acquired by Thoma Bravo, an American private equity firm in March 2020.
Chris Wysopal is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher.
QAD Inc. is a software company that provides enterprise resource planning (ERP) software and related enterprise software to manufacturing companies. The company has customers in over 100 countries around the world.
CDW Corporation is a premier, multi-brand provider of innovative information technology solutions, serving business, government, education, and healthcare sectors across the United States, the United Kingdom, and Canada. Headquartered in Vernon Hills, Illinois, CDW employs over 15,000 professionals and supports a diverse customer base of 250,000 organizations. As a Fortune 500 company and a member of the S&P 500 Index, CDW generated $21 billion in annual net sales in 2023.
Tungsten Automation, formerly Kofax Inc., is an Irvine, California-based intelligent automation software provider. Founded in 1985, the company's software allows businesses to automate and improve business workflows by simplifying the handling of data and documents.
Barracuda Networks, Inc. provides security, networking and storage products based on network appliances and cloud services.
Broadcom Inc. is an American multinational designer, developer, manufacturer, and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data center, networking, software, broadband, wireless, storage, and industrial markets. As of 2024, some 58 percent of Broadcom's revenue came from its semiconductor-based products and 42 percent from its infrastructure software products and services.
Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.
Thoma Bravo, LP is an American private equity and growth capital firm based in Chicago. It is known for being particularly active in acquiring enterprise software companies and has over $130 billion in assets under management as of 2023.
CyberArk Software Ltd. is an Israeli publicly traded information security company offering identity management. The company's technology is utilized primarily in the financial services, energy, retail, healthcare and government markets. CyberArk is headquartered in Petach-Tikva. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries. The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including Pingdom, Papertrail, and Loggly. It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies and numerous agencies of the US federal government.
Blue Coat Systems, Inc., was a company that provided hardware, software, and services designed for cybersecurity and network management. In 2016 it was acquired by and folded into Symantec and in 2019 as part of Symantec’s Enterprise Security business it was sold to Broadcom.
VMware Carbon Black is a cybersecurity company based in Waltham, Massachusetts. The company develops cloud-native endpoint security software that is designed to detect malicious behavior and to help prevent malicious files from attacking an organization. The company leverages technology known as the Predictive Security Cloud (PSC), a big data and analytics cloud platform that analyzes customers’ unfiltered data for threats.
Anaplan is a business planning software company headquartered in Miami, Florida. Anaplan sells subscriptions for cloud-based business-planning software and provides data for decision-making purposes.
Imperva, Inc. is an American cyber security software and services company which provides protection to enterprise data and application software. The company is headquartered in San Mateo, California.
Everbridge, Inc. is an American enterprise software company that offers applications which provide information about critical events to help with personal safety and business continuity. Formerly known as 3n Global and the National Notification Network, Everbridge began operations in 2002. In an emergency, Everbridge sends messages via telephone, text message and email, but stop once they know that a person has read a message. An app allows emergency managers to track geotagged tweets that contain specific hashtags and use this information to respond to incidents as they occur.
ForgeRock, Inc. is an identity and access management software company headquartered in San Francisco. On August 23, 2023, Thoma Bravo announced that it had completed the acquisition of the company for approximately $2.3 billion. Additionally, it has been reported that ForgeRock integrated into its portfolio the company Ping Identity.
Sierra Ventures is an American venture capital firm based in San Mateo, California. It targets startups in sectors including enterprise tech, artificial intelligence, cybersecurity and healthcare.
Deltek is an American multinational enterprise software and information solutions corporation headquartered in Herndon, Virginia. The company sells software to government contractors, engineering, architectural, accounting, and consulting firms to manage customer information, financial and project accounting, project management, risk management, enterprise resource planning, invoicing, revenue, financial compliance, and expenses. Since 2016, its parent company has been Roper Technologies. Bob Hughes is Deltek’s president and CEO.