October 21, 2016 8:30 PM ET

Internet Software and Services

Company Overview of Veracode, Inc.

Company Overview

Veracode, Inc. provides a cloud-based application security platform. The company’s platform enables users to secure Web, mobile, and third-party applications across their global infrastructure ranging from development to production; and static application security testing technology that identifies critical vulnerabilities, such as SQL injection, cross-site scripting (XSS), buffer overflows, unhandled error conditions, and potential back-doors to prioritize flaws according to their severity. It also provides dynamic application security testing that identifies highly-exploitable vulnerabilities, such as SQL injection and cross-site scripting, as well as finds runtime issues; Web application ...

65 Network Drive

Burlington, MA 01803

United States

Founded in 2005





Key Executives for Veracode, Inc.

Chief Executive Officer and Director
Age: 57
Co-Founder, Chief Scientist and Director
Co-Founder, Chief Information Security Officer, Chief Technology Officer and Director
Chief Financial Officer
Age: 54
Head of Sales and Executive Vice President
Compensation as of Fiscal Year 2016.

Veracode, Inc. Key Developments

Veracode Report Finds Open-Source Components Proliferating Digital Risk At an Alarming Rate

Veracode released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months. The report revealed that the continued and persistent use of components in software development is creating systemic risk in digital infrastructure. However, the report also found that companies achieve accelerated benefits when their application security programs reach maturity. These findings indicate that the growing trend of focusing on digital risk at the application layer and building security into DevOps processes (DevSecOps) can yield great results for organizations in reducing risk without slowing down software development. Veracode's analysis revealed the growing risk caused by the proliferation of vulnerable open-source components. Veracode found that a single popular component with a critical vulnerability spread to more than 80,000 other software components, which were in turn then used in the development of potentially millions of software programs. Approximately 97% of Java applications contained at least one component with a known vulnerability.

Veracode Announces New Products and Innovations That Help Extend Application Security Across the Entire Software Development Lifecycle

Veracode announced new products and innovations that help extend application security across the entire software development lifecycle. The announcements highlight new ways in which Veracode helps developers and security teams wrestle with some of their challenges, namely protecting applications in operation without sacrificing time to market, and making secure coding practices a more seamless and positive part of the software development process. They are part of Veracode's strategy to transform application security to increase its speed and effectiveness in the face of changing software development processes and the explosion of software development across all industries. Detect and block attacks against applications in real-time. According to Verizon's most recent Data Breach Report, 40% of breaches are tied to web applications. Veracode's own analysis of thousands of enterprise applications revealed that on initial scans more than half contained cross-site scripting vulnerabilities and more than a third were susceptible to SQL injection attacks. Veracode Runtime Protection is a Runtime Application Self-Protection (RASP) technology deployed as an agent to help detect these common attacks, preventing the return of sensitive data to attackers, and providing insight into the attack for security operations teams. Because Veracode Runtime Protection incorporates visibility into key characteristics -- such as application logic, event and data flow, and executed instructions -- it provides greater effectiveness than Web Application Firewalls, reducing false positives and preventing unauthorized access to sensitive information. It is simple to install and can be deployed in minutes with a one-line change to the application server settings. It also does not require the level of ongoing maintenance required to get value from Web Application Firewalls. Veracode Runtime Protection gives security operations personnel much-needed insight into application behavior and attack patterns at the application level. Besides shielding production applications from attacks, Veracode Runtime Protection -- in conjunction with Veracode's WAS dynamic applications security testing service -- will be used for application security testing, assuring unmatched accuracy of vulnerability detection at the pre-production phase. With this announcement, Veracode begins to offer the most complete set of security technologies in the market, including: Veracode Static Analysis, Veracode Software Composition Analysis, Veracode's web application security products, and the newly announced Veracode Runtime Protection for RASP and IAST (Interactive Application Security Testing). Provide positive reinforcement where developers took active measures to increase security. Veracode's newly-patented, automated coaching methodology provides positive feedback to developers on good security practices as part of the coding process, helping them create better code 'on the fly.' The motivation for this approach is based on the desire to make secure code creation a positive and integral part of software development, where developers see not only security defects to be remediated, but also have the ability to recognize and repeat good secure coding practices. Veracode Runtime Protection is being announced for early-access customers immediately. The patented in-line coaching methodology will be incorporated into Veracode products to help developers improve code security through positive reinforcement of good coding practices.

StarLink Signs Distribution Agreement with Veracode

StarLink has signed a distribution agreement with Veracode. This agreement enables StarLink to provide partners and customers the opportunity to benefit from a leading global application security solution. Veracode's automated cloud-based service safeguards applications for more than 1,000 organizations worldwide, including three of the top four banks in the Fortune 100 and more than 27 of the world's top 100 brands. The company is widely recognised for its broad set of automated services delivered on a single scalable platform. Through this agreement, StarLink partners and customers will have access to Veracode's platform, providing centralised policies, metrics and reports while simplifying information sharing across global teams. The offerings provide solutions for: Secure Web Application Development, Web Perimeter Security, Software Supply Chain and Security, Mobile Application Security.

Similar Private Companies By Industry

Company Name Region
"Atlantic Tele-Satellite, Inc. United States
.Club Domains LLC United States
.Comdaq Corporation United States
@Court United States
0 Food Waste LLC United States

Recent Private Companies Transactions

No transactions available in the past 12 months.

The information and data displayed in this profile are created and managed by S&P Global Market Intelligence, a division of S&P Global. Bloomberg.com does not create or control the content. For inquiries, please contact S&P Global Market Intelligence directly by clicking here.

Stock Quotes

Market data is delayed at least 15 minutes.

Company Lookup

Most Searched Private Companies

Company Name Geographic Region
Lawyers Committee for Civil Rights Under Law United States
Bertelsmann AG Europe
Bloomberg L.P. United States
NYC2012, Inc. United States
The Advertising Council, Inc. United States

Sponsored Financial Commentaries

Sponsored Links

Request Profile Update

Only a company representative may request an update for the company profile. Documentation will be required.

To contact Veracode, Inc., please visit www.veracode.com. Company data is provided by S&P Global Market Intelligence. Please use this form to report any data issues.

Please enter your information in the following field(s):
Update Needed*

All data changes require verification from public sources. Please include the correct value or values and a source where we can verify.

Your requested update has been submitted

Our data partners will research the update request and update the information on this page if necessary. Research and follow-up could take several weeks. If you have questions, you can contact them at bwwebmaster@businessweek.com.