HOME

TheInfoList



Click Here for Items Related To - Veracode
OR:
Veracode on:   [Wikipedia]   [Google]   [Amazon]

Veracode is an
application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security ...
company based in Burlington, Massachusetts. Founded in 2006, it provides
SaaS Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is con ...
application security that integrates application analysis into development pipelines. The company provides multiple security analysis technologies on a single platform, including
static analysis Static analysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without regard to the longer-term response of the system to that change. If the short-term effect i ...
(or
white-box testing White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality ...
), dynamic analysis (or
black-box testing Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied virtually to every level of software testing: unit, ...
), and software composition analysis. Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code. In March 2022, the company was acquired by
TA Associates TA Associates, founded in 1968, is one of the early modern-era private equity firms in the United States. The firm leads buyouts and minority recapitalizations of profitable growth companies. TA invests across five industry groups: technology, hea ...
.


History

Veracode was founded by
Chris Wysopal Chris Wysopal (also known as Weld Pond) is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher. Chris Wysopal was ...
and Christien Rioux, former engineers from
@stake ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initial core team of techno ...
, a
Cambridge, Massachusetts Cambridge ( ) is a city in Middlesex County, Massachusetts, United States. As part of the Boston metropolitan area, the cities population of the 2020 U.S. census was 118,403, making it the fourth most populous city in the state, behind Boston ...
-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries. Much of Veracode's software was written by Rioux. In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to
penetration test A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...
ing, which involves hiring a security consultant to hack into a system. On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of
Iron Mountain Incorporated Iron Mountain Inc. () is an American enterprise information management services company founded in 1951 and headquartered in Boston, Massachusetts. Its records management, information destruction, and data backup and recovery services are supp ...
, as its new chief executive officer. As of 2014, Veracode's customers included three of the top four banks in the Fortune 100. '' Fortune'' reported in March 2015 that Veracode planned to file for an
initial public offering An initial public offering (IPO) or stock launch is a public offering in which shares of a company are sold to institutional investors and usually also to retail (individual) investors. An IPO is typically underwritten by one or more investme ...
(IPO) later that year in order to go public. However, the IPO did not occur. In a funding round announced in September 2014, the firm raised in a late-stage investment led by
Wellington Management Company Wellington Management Company is a private, independent investment management firm with client assets under management totaling over US$1 trillion based in Boston, Massachusetts, United States. The firm serves as an investment advisor to over ...
with participation from existing investors. In the company's annual
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities. This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark." On March 9, 2017,
CA Technologies CA Technologies, formerly known as CA, Inc. and Computer Associates International, Inc., is an American multinational corporation headquartered in New York City. It is primarily known for its business-to-business (B2B) software with a product po ...
announced it was acquiring Veracode for approximately $614 million in cash, and the acquisition was completed on April 3, 2017. On July 11, 2018,
Broadcom Broadcom Inc. is an American designer, developer, manufacturer and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data center, networking, software, broadband, wirel ...
announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash. The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business. On the same day,
Thoma Bravo Thoma Bravo, LP, is an American private equity and growth capital firm with offices in San Francisco, Chicago and Miami. It is known for being particularly active in acquiring software companies and has over $114 billion in assets under manage ...
, a
private equity In the field of finance, the term private equity (PE) refers to investment funds, usually limited partnerships (LP), which buy and restructure financially weak companies that produce goods and provide services. A private-equity fund is both a t ...
firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash. In 2019, Sam King became the CEO. Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery. In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws.


Reception

In 2013, Veracode ranked 20th on the ''
Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also r ...
'' list of the Top 100 Most Promising Companies in America. Veracode was named one of the "20 Coolest Cloud Security Vendors of the 2014 Cloud 100" by ''
CRN Magazine ''CRN'' is an American computer magazine. It was first launched as ''Computer Retail Week'' on June 7, 1982, as a magazine targeted to computer resellers. It soon after was renamed ''Computer Reseller News''. History and profile Originally laun ...
''.
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its client ...
named Veracode as a Leader for eight consecutive years (2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, and 2021) in ''Gartner
Magic Quadrant Magic Quadrant (MQ) is a series of market research reports published by IT consulting firm Gartner that rely on proprietary qualitative data analysis methods to demonstrate market trends, such as direction, maturity and participants. Their anal ...
for Application Security Testing''. Veracode also received the highest scores for enterprise and public-facing web applications in the ''Gartner Critical Capabilities for Application Security Testing''. In October 2020, the company was recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing. That same year, the company was also named a Gold Winner in the Cybersecurity Excellence Awards’ software category. Also in 2020, the company was honored by The Commonwealth Institute and
The Boston Globe ''The Boston Globe'' is an American daily newspaper founded and based in Boston, Massachusetts. The newspaper has won a total of 27 Pulitzer Prizes, and has a total circulation of close to 300,000 print and digital subscribers. ''The Boston Glob ...
as the top women-led software business in Massachusetts. In 2021, Veracode was named a Leader in ''The Forrester Wave: Static Application Security Testing, Q1 2021'' and won first-place in TrustRadius’ 2021 ''Best AppSec Feature Set'' and ''Best AppSec Customer Support'' categories.


Products

Veracode provides multiple software security analysis technologies on a single SaaS platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis, all of which prevent software vulnerabilities like
cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability m ...
(XSS) and
SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL in ...
. In February 2020, Veracode launched DevSecOps and Veracode Security Labs. In July 2020, Veracode released a free edition of Veracode Security Labs which is accessible to anyone.


See also

*
List of tools for static code analysis This is a list of notable tools for static program analysis (program analysis is a synonym for code analysis). Static code analysis tools Languages Ada * * * * * * * * * * * C, C++ * * * * * * * * * * * * ...


References


Further reading

* {{paywall Static program analysis tools Software companies based in Massachusetts American companies established in 2006 Software companies established in 2006 Computer security software companies Computer security software 2006 establishments in Massachusetts Companies based in Burlington, Massachusetts CA Technologies Private equity portfolio companies Software companies of the United States 2017 mergers and acquisitions 2018 mergers and acquisitions 2022 mergers and acquisitions