Veracode

Last updated
Veracode, Inc.
Company type Private
Industry Computer software
Founded2006
Founder Chris Wysopal, Co-Founder, CTO and CISO
Christien Rioux, Co-Founder
Headquarters
Burlington, Massachusetts
,
United States
Key people
  • Brian Roche, CEO
Owner CA Technologies (2017-18)
Broadcom, Inc. (2018)
Thoma Bravo (2018-22)
TA Associates (2022-present)
Website www.veracode.com

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. [1]

Contents

The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis. [2] [3] Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code. [4] [5]

History

Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries. [6] Much of Veracode's software was written by Rioux. [7] In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system. [7] On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer. [8]

As of 2014, Veracode's customers included three of the top four banks in the Fortune 100. [9] [10] Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through. [11] [12] In a funding round announced in September 2014, the firm raised US$ 40,000,000 in a late-stage investment led by Wellington Management Company with participation from existing investors. [9]

In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities. [13] [14] This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark." [15]

On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash, [16] and the acquisition was completed on April 3, 2017. [17]

On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash. [18] The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business. [19] On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash. [20] [21]

Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO. [22]

Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery. [23] In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws. [4] [5]

In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion. [24]

In April 2024, Brian Roche replaced Sam King as CEO, following Veracode’s acquisition of Longbow Security. [25]

Reception

In 2013, Veracode ranked 20th on the Forbes list of the Top 100 Most Promising Companies in America. [26] Veracode was named one of the "20 Coolest Cloud Security Vendors of the 2014 Cloud 100" by CRN Magazine . [27] Gartner named Veracode as a Leader for ten consecutive years (2013 to 2022) in Gartner Magic Quadrant for Application Security Testing. Veracode also received the highest scores for enterprise and public-facing web applications in the Gartner Critical Capabilities for Application Security Testing. [28] [29] [30] In October 2020, the company was recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing. [29] That same year, the company was also named a Gold Winner in the Cybersecurity Excellence Awards’ software category. [31] Also in 2020, the company was honored by The Commonwealth Institute and The Boston Globe as the top women-led software business in Massachusetts. [29] [30] [32] In 2021, Veracode was named a Leader in The Forrester Wave: Static Application Security Testing, Q1 2021 and won first-place in TrustRadius’ 2021 Best AppSec Feature Set and Best AppSec Customer Support categories. [29] [30] [33]

See also

Related Research Articles

<span class="mw-page-title-main">McAfee</span> American global computer security software company

McAfee Corp., formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California.

Sophos Ltd. is a British security software and hardware company. It develops and markets managed security services and cybersecurity software and hardware, such as managed detection and response, incident response and endpoint security software. Sophos was listed on the London Stock Exchange until it was acquired by Thoma Bravo in February 2020.

<span class="mw-page-title-main">Chris Wysopal</span> American computer security expert

Chris Wysopal is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher.

Tungsten Automation, formerly Kofax Inc., is an Irvine, California-based intelligent automation software provider. Founded in 1985, the company's software allows businesses to automate and improve business workflows by simplifying the handling of data and documents.

Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company's security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company's networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.

<span class="mw-page-title-main">Ivanti</span> American IT software company

Ivanti is an IT software company headquartered in South Jordan, Utah, United States. It produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software. The company became more widely known after several major security incidents related to the VPN hardware it sells.

<span class="mw-page-title-main">Broadcom</span> American semiconductor company

Broadcom Inc. is an American multinational designer, developer, manufacturer, and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data center, networking, software, broadband, wireless, storage, and industrial markets. As of 2023, some 79 percent of Broadcom's revenue came from its semiconductor-based products and 21 percent from its infrastructure software products and services.

Riverbed Technology LLC is an American information technology company. Its products consist of software and hardware focused on Unified Observability, Network Visibility, End User Experience Management, network performance monitoring, application performance management, and wide area networks (WANs), including SD-WAN and WAN optimization.

Embarcadero Technologies, Inc. is an American computer software company that develops, manufactures, licenses and supports products and services related to software through several product divisions. It was founded in 1993, went public in 2000 and private in 2007, and became a division of Idera, Inc. in 2015.

<span class="mw-page-title-main">Thoma Bravo</span> American private equity firm

Thoma Bravo, LP, is an American private equity and growth capital firm based in Chicago. It is known for being particularly active in acquiring enterprise software companies and has over $130 billion in assets under management as of 2023.

<span class="mw-page-title-main">Splunk</span> American technology company

Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface. Its software helps capture, index and correlate real-time data in a searchable repository, from which it can generate graphs, reports, alerts, dashboards and visualizations.

<span class="mw-page-title-main">Blue Coat Systems</span> American cybersecurity and network management company

Blue Coat Systems, Inc., was a company that provided hardware, software, and services designed for cybersecurity and network management. In 2016, it was acquired by and folded into Symantec. In 2019 was, as part of Symantec Enterprise division, sold to Broadcom.

Anaplan is a business planning software company headquartered in San Francisco, California. Anaplan sells subscriptions for cloud-based business-planning software and provides data for decision-making purposes.

Imperva, Inc. is an American cyber security software and services company which provides protection to enterprise data and application software. The company is headquartered in San Mateo, California.

Everbridge, Inc. is an American enterprise software company that offers applications which provide information about critical events to help with personal safety and business continuity. Formerly known as 3n Global and the National Notification Network, Everbridge began operations in 2002. In an emergency, Everbridge sends messages via telephone, text message and email, but stop once they know that a person has read a message. An app allows emergency managers to track geotagged tweets that contain specific hashtags and use this information to respond to incidents as they occur.

JAGGAER, formerly SciQuest, is a provider of cloud-based business automation technology for Business Spend Management. Its headquarters is in Morrisville, North Carolina and it has offices around the world. The company's tagline is Procurement Simplified.

<span class="mw-page-title-main">Dynatrace</span> American technology company

Dynatrace, Inc. is a global technology company that provides a software observability platform based on artificial intelligence (AI) and automation. Dynatrace technologies are used to monitor, analyze, and optimize application performance, software development and security practices, IT infrastructure, and user experience for businesses and government agencies throughout the world.

Absolute Software Corporation is an American-Canadian company that provides products and services in the fields of endpoint security and zero trust security. It was publicly traded company on the Toronto Stock Exchange (TSX) and Nasdaq until it was acquired by Crosspoint Capital Partners in July 2023.

Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver, Colorado, United States with development offices in Vancouver, British Columbia, Tel Aviv, Israel, Austin, Texas, Denver, Colorado, Boston, Massachusetts and Edinburgh, Scotland. Ping also has European operations with offices in London, Paris, and Switzerland as well as offices in Bangalore, Melbourne, and Tokyo, serving Asia-pacific. It was a publicly traded company until getting acquired by Thoma Bravo and taken private in October 2022.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

References

  1. "Veracode Application Security Testing (AST) - Leader in Gartner MQ". Digital Marketplace Gov.UK.
  2. Janardhanudu, Girish (26 September 2005). "White Box Testing". Cybersecurity & Infrastructure Security Agency.
  3. "Dynamic Black-Box Testing: Testing the Software While Blindfolded". Flylib.
  4. 1 2 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Bloomberg. February 4, 2021.
  5. 1 2 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Yahoo! Finance. February 4, 2021.
  6. Messmer, Ellen (2007-01-09). "Start-up Veracode offers code security evaluation online". Network World . Archived from the original on 2007-05-05. Retrieved 2010-02-16.
  7. 1 2 Fitzgerald, Michael (April 22, 2007). "To Find the Danger, This Software Poses as the Bad Guys". New York Times. Retrieved 11 October 2016.
  8. Denison, D.C. (2011-11-29). "Veracode hires Iron Mountain CEO". Boston Globe . pp. B5 ff. Archived from the original on 2012-04-15.
  9. 1 2 Nusca, Andrew (2014-09-11). "With some swagger, security firm Veracode preps for an IPO". Fortune.com . Retrieved 2014-09-12.
  10. "Cybersecurity firm Veracode to hire 100 next year, readies for IPO". Boston Business Journal . 2014-12-09. Retrieved 2014-12-10.
  11. Primack, Dan (March 2, 2015). "Exclusive: Veracode files for IPO". Fortune. Retrieved 11 October 2016.
  12. Dan Primack. "CA is buying Veracode for $614 million". axis. Retrieved 16 November 2023.
  13. Palmer, Danny (June 23, 2015). "Government is worst industry sector for fixing security vulnerabilities, claims Veracode". Computing. Retrieved 11 October 2016.
  14. Ward, Marguerite (June 23, 2015). "All industries fail cybersecurity, govt the worst". CNBC. Retrieved 11 October 2016.
  15. Ashford, Warwick (December 3, 2015). "Veracode finds most web apps fail Owasp security check list". Computer Weekly. Retrieved 11 October 2016.
  16. "CA Technologies to Acquire Veracode, a Leading SaaS-based Secure DevOps Platform Provider". CA Technologies. 2017-03-06.
  17. "CA Technologies Completes Acquisition of Veracode". CA Technologies. 2017-04-03.
  18. "Broadcom to Acquire CA Technologies for $18.9 Billion in Cash". Broadcom. 2018-07-11.
  19. "Broadcom Inc. Completes Acquisition of CA Technologies". Broadcom. 2018-11-05.
  20. "Thoma Bravo to Acquire Veracode Software from Broadcom Inc". Thoma Bravo. 2018-11-05.
  21. "Veracode sold to Thoma Bravo for $950 million". CyberScoop. 2018-11-05. Retrieved 2020-09-04.
  22. "Veracode to be acquired by private equity firm for $950M". bizjournal. Retrieved 16 November 2023.
  23. Raywood, Dan (October 28, 2020). "Report: Application Flaws Being Fixed Faster Although Bugs Persis". Info Security.
  24. Peter Cohan. "5 Ways This $2.5 Billion Tech Company Takes the Lead". Inc. Retrieved 16 November 2023.
  25. Novinson, Michael (2024-04-03). "Veracode Promotes Brian Roche to CEO, Buys Longbow Security". BankInfoSecurity.com. Retrieved 2024-05-06.
  26. "America's Most Promising Companies: The Top 25". Forbes . 2013-02-06. Retrieved 2014-12-04.
  27. "The 20 Coolest Cloud Security Vendors of the 2014 Cloud 100". CRN Magazine . 2014-01-29. Retrieved 2014-12-04.
  28. MacDonald, Neil; Feiman, Joseph (2015-08-06). "Magic Quadrant for Application Security Testing" . Retrieved 2015-08-10.
  29. 1 2 3 4 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Bloomberg. February 4, 2021.
  30. 1 2 3 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Yahoo Finance. February 4, 2021.
  31. "2020 Cybersecurity Industry Solution Awards – Winners and Finalists". Cybersecurity Excellence Awards. 30 January 2020.
  32. "The 2020 Top 100 Women-Led Businesses in Massachusetts". The Boston Globe. November 6, 2020.
  33. Sandy Carielli (January 11, 2021). "The Forrester Wave™: Static Application Security Testing, Q1 2021". Forrester.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.