PRESS RELEASE

Wilmington, MA and Burlington, MA November 3, 2009 " Security Innovation, the leading independent provider of secure software lifecycle management solutions and Veracode, provider of the world's leading cloud-based Application Risk Management Platform, today announced a partnership to expand Veracode's SecurityReview service with additional eLearning content from Security Innovation. This collaboration provides organizations with a simple and cost-effective solution to train and certify software developers on secure coding techniques. The strategic partnership also establishes mutual business referral and customer collaboration practices between Security Innovation and Veracode.

"Our vision of the Secure Development Lifecycle (SDL) begins with knowledge," said Security Innovation President and CEO Ed Adams. "Organizations reduce their risk by building the proficiency of their development teams and then giving those teams the tools they need to find and mitigate vulnerabilities."

"Organizations need a simple way to train and certify both internal and 3rd party developers on application security and secure coding techniques," said Matthew Moynahan, CEO of Veracode. "This partnership leverages the power and flexibility of Veracode's cloud-based Application Risk Management Services Platform by expanding our eLearning content and allowing our customers access to new security training modules authored by Security Innovation."

Veracode SecurityReview application risk management services platform provides a simple turnkey solution for enterprises, independent software vendors, outsourcing solution providers, and open source developers to identify, assess, remediate and learn about software flaws and vulnerabilities. SecurityReview Enterprise Edition integrates a security knowledgebase and web-based secure programming training courses for developers and security personnel to meet formal training and competency testing requirements.

Training courses cover a range of content from introductory security overviews and assessments to in-depth secure coding techniques for C/C++, .NET and Java. Additionally, organizations leveraging 3rd party outsourcers, contractors or commercial vendors for software development can leverage Veracode's eLearning to certify that both internal and 3rd party developers have demonstrated secure development competency before allowing them to work on their enterprise projects.

Veracode is offering a free security training course on Cross-Site Scripting (XSS) available at the following link:

http://www.veracode.com/resources/registration/e-learning-sample.html

About Security Innovation

Security Innovation is a leading independent provider of secure software lifecycle management solutions to Fortune 500 companies and government organizations. Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Coca-Cola and GE rely on the company's security services, tools and training to identify and mitigate the security risks in their software systems. The company is headquartered in Wilmington, Mass., with offices in Seattle, Wash. and Beijing, China. For more information about Security Innovation, please visit www.securityinnovation.com or call +1.978.694.1008.

About Veracode

Veracode provides the world's leading Application Risk Management Services Platform. Veracode SecurityReview's patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Customers include the world's largest and most security aware organizations in every industry. Recognized as a Gartner "Cool Vendor," The Wall Street Journal's "Technology Innovation Award," The Banker's "Information Security Project of the Year" with Barclays, SC Magazine's "Best Vulnerability Assessment Solution," Information Security "Readers' Choice Award," and AlwaysOn Northeast's "Top 100 Private Company," Veracode is Software Security Simplified. For more information, visit www.veracode.com.