|Founder||Chris Wysopal, Co-Founder, CTO and CISO|
Christien Rioux, Co-Founder
|Owner||Thoma Bravo, LLC|
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.
On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash. The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business. On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash.
Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries. Much of Veracode's software was written by Rioux. In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system. On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer.
The company issued a report on cybersecurity in June 2015. The report found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities. A report issued by the company in December 2015 found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark."
As of 2014, Veracode's customers included three of the top four banks in the Fortune 100. Fortune reported in March 2015 that Veracode planned to file for an initial public offering (IPO) later that year in order to go public. However, the IPO did not occur, and Veracode was later acquired by CA Technologies.
Major investors in the company include .406 Ventures, Accomplice, STARVest Partners, and Meritech Capital Partners. In a funding round announced in September 2014, the firm raised US$40,000,000 in a late-stage investment led by Wellington Management Company with participation from existing investors.
In 2013, Veracode ranked 20th on the Forbes list of the Top 100 Most Promising Companies in America. Veracode was named one of the "20 Coolest Cloud Security Vendors of the 2014 Cloud 100" by CRN Magazine. Gartner named Veracode as a Leader for seven consecutive years (2013, 2014, 2015, 2016, 2017, 2018 and 2019) in Gartner Magic Quadrant for Application Security Testing.
- "CA Technologies to Acquire Veracode, a Leading SaaS-based Secure DevOps Platform Provider". CA Technologies. 2017-03-06.
- "CA Technologies Completes Acquisition of Veracode". CA Technologies. 2017-04-03.
- "Broadcom to Acquire CA Technologies for $18.9 Billion in Cash". Broadcom. 2018-07-11.
- "Broadcom Inc. Completes Acquisition of CA Technologies". Broadcom. 2018-11-05.
- "Thoma Bravo to Acquire Veracode Software from Broadcom Inc". Thoma Bravo. 2018-11-05.
- Messmer, Ellen (2007-01-09). "Start-up Veracode offers code security evaluation online". Network World. Archived from the original on 2007-05-05. Retrieved 2010-02-16.
- Fitzgerald, Michael (April 22, 2007). "To Find the Danger, This Software Poses as the Bad Guys". New York Times. Retrieved 11 October 2016.
- Denison, D.C. (2011-11-29). "Veracode hires Iron Mountain CEO". Boston Globe. pp. B5 ff. Archived from the original on 2012-04-15.
- Palmer, Danny (June 23, 2015). "Government is worst industry sector for fixing security vulnerabilities, claims Veracode". Computing. Retrieved 11 October 2016.
- Ward, Marguerite (June 23, 2015). "All industries fail cybersecurity, govt the worst". CNBC. Retrieved 11 October 2016.
- Ashford, Warwick (December 3, 2015). "Veracode finds most web apps fail Owasp security check list". Computer Weekly. Retrieved 11 October 2016.
- Nusca, Andrew (2014-09-11). "With some swagger, security firm Veracode preps for an IPO". Fortune.com. Retrieved 2014-09-12.
- "Cybersecurity firm Veracode to hire 100 next year, readies for IPO". Boston Business Journal. 2014-12-09. Retrieved 2014-12-10.
- Primack, Dan (March 2, 2015). "Exclusive: Veracode files for IPO". Fortune. Retrieved 11 October 2016.
- "America's Most Promising Companies: The Top 25". Forbes. 2013-02-06. Retrieved 2014-12-04.
- "The 20 Coolest Cloud Security Vendors of the 2014 Cloud 100". CRN Magazine. 2014-01-29. Retrieved 2014-12-04.
- MacDonald, Neil; Feiman, Joseph (2015-08-06). "Magic Quadrant for Application Security Testing". Retrieved 2015-08-10.
- Millman, Gregory J. (July 8, 2013). "Boards Need To Know Risk of Outsourced Software". The Wall Street Journal. Retrieved October 11, 2016.CS1 maint: ref=harv (link) (subscription required)