Company:Veracode
Type | Private |
---|---|
Industry | Computer software |
Founded | 2006 |
Founder | Chris Wysopal, Co-Founder, CTO and CISO Christien Rioux, Co-Founder |
Headquarters | Burlington, Massachusetts , United States |
Key people |
|
Owner | CA Technologies (2017-18) Broadcom, Inc. (2018) Thoma Bravo (2018-22) TA Associates (2022-present) |
Website | www |
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.[1]
The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis.[2][3] Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code.[4][5]
History
Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries.[6] Much of Veracode's software was written by Rioux.[7] In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system.[7] On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer.[8]
As of 2014, Veracode's customers included three of the top four banks in the Fortune 100.[9][10] Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through.[11][12] In a funding round announced in September 2014, the firm raised US$40,000,000 in a late-stage investment led by Wellington Management Company with participation from existing investors.[9]
In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities.[13][14] This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark."[15]
On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash,[16] and the acquisition was completed on April 3, 2017.[17]
On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash.[18] The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business.[19] On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash.[20][21]
Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO.[22]
Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery.[23] In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws.[4][5]
In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion.[24]
Reception
In 2013, Veracode ranked 20th on the Forbes list of the Top 100 Most Promising Companies in America.[25] Veracode was named one of the "20 Coolest Cloud Security Vendors of the 2014 Cloud 100" by CRN Magazine.[26] Gartner named Veracode as a Leader for ten consecutive years (2013 to 2022) in Gartner Magic Quadrant for Application Security Testing. Veracode also received the highest scores for enterprise and public-facing web applications in the Gartner Critical Capabilities for Application Security Testing.[27][28][29] In October 2020, the company was recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing.[28] That same year, the company was also named a Gold Winner in the Cybersecurity Excellence Awards’ software category.[30] Also in 2020, the company was honored by The Commonwealth Institute and The Boston Globe as the top women-led software business in Massachusetts.[28][29][31] In 2021, Veracode was named a Leader in The Forrester Wave: Static Application Security Testing, Q1 2021 and won first-place in TrustRadius’ 2021 Best AppSec Feature Set and Best AppSec Customer Support categories.[28][29][32]
Products
Veracode provides multiple software security analysis technologies on a single SaaS platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis, all of which prevent software vulnerabilities like cross-site scripting (XSS) and SQL injection.[33][34] In February 2020, Veracode launched DevSecOps and Veracode Security Labs.[35][36] In July 2020, Veracode released a free edition of Veracode Security Labs which is accessible to anyone.[37]
See also
References
- ↑ "Veracode Application Security Testing (AST) - Leader in Gartner MQ". Digital Marketplace Gov.UK. https://www.digitalmarketplace.service.gov.uk/g-cloud/services/935505900181474.
- ↑ Janardhanudu, Girish (26 September 2005). "White Box Testing". Cybersecurity & Infrastructure Security Agency. https://us-cert.cisa.gov/bsi/articles/best-practices/white-box-testing/white-box-testing.
- ↑ "Dynamic Black-Box Testing: Testing the Software While Blindfolded". Flylib. https://flylib.com/books/en/4.223.1.44/1/.
- ↑ 4.0 4.1 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Bloomberg. February 4, 2021. https://www.bloomberg.com/press-releases/2021-02-04/appsec-market-leader-veracode-continues-strong-growth-and-business-momentum.
- ↑ 5.0 5.1 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Yahoo! Finance. February 4, 2021. https://ca.finance.yahoo.com/news/appsec-market-leader-veracode-continues-135900422.html.
- ↑ Messmer, Ellen (2007-01-09). "Start-up Veracode offers code security evaluation online". Network World. http://www.networkworld.com/news/2007/010907-veracode-security-evaluations.html?zb&rc=sec.
- ↑ 7.0 7.1 Fitzgerald, Michael (April 22, 2007). "To Find the Danger, This Software Poses as the Bad Guys". New York Times. https://www.nytimes.com/2007/04/22/business/yourmoney/22proto.html.
- ↑ Denison, D.C. (2011-11-29). "Veracode hires Iron Mountain CEO". Boston Globe: pp. B5 ff. http://bostonglobe.com/business/2011/11/29/veracode-hires-iron-mountain-ceo/Uhza2yI4zyad6d5rzIOtbI/story.html.
- ↑ 9.0 9.1 Nusca, Andrew (2014-09-11). "With some swagger, security firm Veracode preps for an IPO". Fortune.com. http://fortune.com/2014/09/11/veracode-40-million-funding-ipo/. Retrieved 2014-09-12.
- ↑ "Cybersecurity firm Veracode to hire 100 next year, readies for IPO". Boston Business Journal. 2014-12-09. http://www.bizjournals.com/boston/blog/techflash/2014/12/cybersecurity-firm-veracode-to-hire-100-next-year.html.
- ↑ Primack, Dan (March 2, 2015). "Exclusive: Veracode files for IPO". Fortune. http://fortune.com/2015/03/02/exclusive-veracode-files-for-ipo/.
- ↑ "CA is buying Veracode for $614 million". axis. https://www.axios.com/2017/12/15/ca-is-buying-veracode-for-614-million-1513300803.
- ↑ Palmer, Danny (June 23, 2015). "Government is worst industry sector for fixing security vulnerabilities, claims Veracode". Computing. http://www.computing.co.uk/ctg/news/2414316/government-is-worst-industry-sector-for-fixing-security-vulnerabilities-claims-veracode.
- ↑ Ward, Marguerite (June 23, 2015). "All industries fail cybersecurity, govt the worst". CNBC. https://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the-worst.html.
- ↑ Ashford, Warwick (December 3, 2015). "Veracode finds most web apps fail Owasp security check list". Computer Weekly. http://www.computerweekly.com/news/4500259915/Veracode-finds-most-web-apps-fail-Owasp-security-check-list.
- ↑ "CA Technologies to Acquire Veracode, a Leading SaaS-based Secure DevOps Platform Provider". CA Technologies. 2017-03-06. https://www.ca.com/us/company/newsroom/press-releases/2017/ca-technologies-to-acquire-veracode-the-leading-saas-based-secure-devops-platform.html.
- ↑ "CA Technologies Completes Acquisition of Veracode". CA Technologies. 2017-04-03. https://www.ca.com/us/company/newsroom/press-releases/2017/ca-technologies-completes-acquisition-of-veracode.html.
- ↑ "Broadcom to Acquire CA Technologies for $18.9 Billion in Cash". Broadcom. 2018-07-11. http://investors.broadcom.com/phoenix.zhtml?c=203541&p=irol-newsArticle&ID=2357930.
- ↑ "Broadcom Inc. Completes Acquisition of CA Technologies". Broadcom. 2018-11-05. http://investors.broadcom.com/phoenix.zhtml?c=203541&p=irol-newsArticle&ID=2375294.
- ↑ "Thoma Bravo to Acquire Veracode Software from Broadcom Inc.". Thoma Bravo. 2018-11-05. https://thomabravo.com/2018/11/05/thoma-bravo-to-acquire-veracode-software-from-broadcom-inc-nasdaqavgo/.
- ↑ "Veracode sold to Thoma Bravo for $950 million" (in en). 2018-11-05. https://www.cyberscoop.com/veracode-thoma-bravo-broadcom-950m/.
- ↑ "Veracode to be acquired by private equity firm for $950M". bizjournal. https://www.bizjournals.com/albany/bizwomen/news/latest-news/2018/11/veracode-to-be-acquired-by-private-equity-firm-for.html.
- ↑ Raywood, Dan (October 28, 2020). "Report: Application Flaws Being Fixed Faster Although Bugs Persis". Info Security. https://www.infosecurity-magazine.com/news/report-application-flaws/.
- ↑ "5 Ways This $2.5 Billion Tech Company Takes the Lead". Inc.. https://www.inc.com/peter-cohan/5-ways-this-25-billion-tech-company-takes-lead.html.
- ↑ "America's Most Promising Companies: The Top 25". Forbes. 2013-02-06. https://www.forbes.com/sites/jjcolao/2013/02/06/americas-most-promising-companies-the-top-25/.
- ↑ "The 20 Coolest Cloud Security Vendors of the 2014 Cloud 100". CRN Magazine. 2014-01-29. http://www.crn.com/slide-shows/cloud/240165645/the-20-coolest-cloud-security-vendors-of-the-2014-cloud-100.htm/pgno/0/18.
- ↑ MacDonald, Neil; Feiman, Joseph (2015-08-06). "Magic Quadrant for Application Security Testing". http://www.gartner.com/technology/reprints.do?id=1-2KW56YW&ct=150807.
- ↑ 28.0 28.1 28.2 28.3 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Bloomberg. February 4, 2021. https://www.bloomberg.com/press-releases/2021-02-04/appsec-market-leader-veracode-continues-strong-growth-and-business-momentum.
- ↑ 29.0 29.1 29.2 "AppSec Market Leader Veracode Continues Strong Growth and Business Momentum". Yahoo Finance. February 4, 2021. https://ca.finance.yahoo.com/news/appsec-market-leader-veracode-continues-135900422.html.
- ↑ "2020 Cybersecurity Industry Solution Awards – Winners and Finalists". Cybersecurity Excellence Awards. 30 January 2020. https://cybersecurity-excellence-awards.com/2020-cybersecurity-industry-solution-awards-winners-and-finalists/.
- ↑ "The 2020 Top 100 Women-Led Businesses in Massachusetts". The Boston Globe. November 6, 2020. https://www.bostonglobe.com/2020/11/06/magazine/2020-top-100-women-led-businesses-massachusetts/.
- ↑ Sandy Carielli (January 11, 2021). "The Forrester Wave™: Static Application Security Testing, Q1 2021". Forrester. https://www.forrester.com/report/The+Forrester+Wave+Static+Application+Security+Testing+Q1+2021/-/E-RES162015#.
- ↑ "DOM-Based Cross-Site Scripting". https://www.synopsys.com/content/dam/synopsys/sig-assets/whitepapers/dom-based-cross-site-scripting.pdf.
- ↑ Julie Peterson (August 27, 2020). "Application Security Testing: Security Scanning Vs. Runtime Protection". https://www.whitesourcesoftware.com/resources/blog/ast-application-security-testing/.
- ↑ "Veracode Static Analysis: Comprehensive analysis across the development lifecycle". February 17, 2020. https://www.helpnetsecurity.com/2020/02/17/veracode-static-analysis/.
- ↑ "New Hands-On Veracode Security Labs Helps Developers Tackle Vulnerabilities in a Real-World Environment". February 20, 2020. https://finance.yahoo.com/news/hands-veracode-security-labs-helps-133010931.html.
- ↑ Jenna Sargent (July 31, 2020). "Veracode Security Labs Community Edition launches to close the security gap". https://sdtimes.com/security/veracode-security-labs-community-edition-launches-to-close-the-security-gap/.
Further reading
Original source: https://en.wikipedia.org/wiki/Veracode.
Read more |