Veracode

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis. Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code.

History
Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries. Much of Veracode's software was written by Rioux. In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system. On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer.

As of 2014, Veracode's customers included three of the top four banks in the Fortune 100. Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through. In a funding round announced in September 2014, the firm raised US$40 million in a late-stage investment led by Wellington Management Company with participation from existing investors.

In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities. This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark."

On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash, and the acquisition was completed on April 3, 2017.

On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash. The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business. On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash.

Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO. Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery. In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws.

In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion.

In April 2024, Brian Roche replaced Sam King as CEO, following Veracode’s acquisition of Longbow Security.