Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/12/2014
01:35 PM
50%
50%

Veracode Secures $40M In Funding As IPO Looms

Security firm plans to increase investments in sales, marketing, and research and development.

Security firm Veracode scored a $40 million boost in a late-stage funding round led by Wellington Management Co.

Founded in 2006, Veracode offers a cloud-based platform for application security. The money comes as the company prepares for an initial public offering that Veracode co-founder and CTO Chris Wysopal tells Dark Reading the company hopes will happen in the next 12 to 24 months.

"The funding will accelerate our ability to continue innovating (including via potential acquisitions) in key areas such as web application perimeter monitoring, mobile application security and reducing risk from third-party and open source components via our cloud-based service," Wysopal says in an email.

The investment comes at a time of acquisitions in the application security space. Earlier this year, application security rival Coverity was acquired by Synopsys, and Trustwave acquired Cenzic a few months ago as well. In 2012, Veracode acquired Marvin Mobile Security, a developer of a mobile app analysis service, to boost its own capabilities. 

The company has some very large competitors in the app security space, including Hewlett-Packard and IBM. Still, Veracode CFO Ed Goldfinger says in a statement that Veracode's subscription-based business model combined with its technology, service levels, and expertise in application security have enabled the company to succeed. According to the company, it secures hundreds of the world’s largest global enterprises, including three of the top four banks in the Fortune 100 and more than 25 of the world’s top 100 brands.

Veracode's core technology was developed at consulting firm @stake, which was acquired by Symantec in 2004. Two years later, the founders spun Veracode out of Symantec and went their own way. According to Veracode, the $40 million investment will also go towards aiding the company's expansion across the globe by increasing investments in sales and marketing. Last year, Veracode says it grew by 50 percent.

According to Fortune, this most recent round of funding brings the total amount the company has raised to $134 million.  

Bob Brennan, CEO of Veracode, said in a statement:

This investment accelerates our ability to help the world’s leading organizations systematically reduce cyber risk enterprise-wide. Our goal is to speed the pace of business innovation with a more scalable, next-generation approach that industrializes application security controls across our customers' web, mobile and third-party applications. This latest round of funding enables us to maintain our growth trajectory as we both gain new customers and expand our scope across our existing customers’ global application infrastructures.

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/15/2014 | 3:49:00 PM
veracode
It's been really interesting watching the evolution of Veracode, alongside the evolution of secure app development. The imminent IPO is a good sign for SDL, IMHO.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14821
PUBLISHED: 2019-09-19
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->l...
CVE-2019-15032
PUBLISHED: 2019-09-19
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
CVE-2019-15033
PUBLISHED: 2019-09-19
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
CVE-2019-16412
PUBLISHED: 2019-09-19
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)
CVE-2019-16510
PUBLISHED: 2019-09-19
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.