1 Introduction
Veracode is a privately held application security vendor based in Burlington, Massachusetts, USA. The company’s founders had a long history of providing security consulting services and working closely with white hat hackers to identify security flaws in applications, thus having a deep understanding of the importance of application security testing for preventing cyber attacks and breaches.
Unfortunately, most applications back then were not designed with security in mind, and modern agile development methodologies make the problem even worse. Under constant pressure to bring new applications to the market as quickly as possible, developers continue to see security as a nuisance and innovation blocker. The continuing digitalization of modern businesses does not just enable them to pursue new business models and revenue channels, but dramatically increases the potential attack surface for their critical applications – thanks to growing complexity of IT infrastructures and a massive shortage of qualified security experts.
In 2006, Veracode was founded with a vision of providing an integrated cloud-native security testing platform to make the process of identifying and proactively fixing vulnerabilities in software as easy and cost-effective as possible. Understanding the complexity of modern applications, which often comprise code from different teams, languages, frameworks and third-party libraries, the company has pioneered the static binary code analysis approach, which allows assessing the security posture of entire applications after they’ve been built instead of analyzing separate parts of source code and missing some of the potential “cross-platform” exploits.
Since then, Veracode has grown into one of the leading vendors in the application security testing market, providing an integrated platform for managing security risks across multiple application types and platforms across the whole software development lifecycle. Over 140,000 software developers and security experts from over 2,100 enterprises around the world are using the company’s platform. With a partner network covering more than 30 countries and 390 partners, the company has a strong global presence, providing localized customer support, training, and other services.
Veracode’s recent history has been somewhat turbulent – in 2017, the company was acquired by CA Technologies, which was in turn acquired by Broadcom in 2018. At the end of 2018, Thoma Bravo, an American private equity firm with a long history of investment in cybersecurity, has announced the Veracode’s acquisition from Broadcom, once again making it an independent software security company.
These changes, however, had no negative impact on the company’s performance. On the contrary – arguably, they helped Veracode to re-focus better from the traditional standalone approach to application security towards modern DevOps and DevSecOps methodologies, offering more integration options into existing CI/CD pipelines, added automation capabilities, consolidation of previously separate modules and in general making the platform even easier to use for software developers.
And after all, that’s the only thing that matters – with Veracode’s SaaS-based application security testing platform, developers can be sure that they can continue using their existing tools and build systems yet make actionable security recommendations an integral part of their development process.