Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/12/2014
01:35 PM
50%
50%

Veracode Secures $40M In Funding As IPO Looms

Security firm plans to increase investments in sales, marketing, and research and development.

Security firm Veracode scored a $40 million boost in a late-stage funding round led by Wellington Management Co.

Founded in 2006, Veracode offers a cloud-based platform for application security. The money comes as the company prepares for an initial public offering that Veracode co-founder and CTO Chris Wysopal tells Dark Reading the company hopes will happen in the next 12 to 24 months.

"The funding will accelerate our ability to continue innovating (including via potential acquisitions) in key areas such as web application perimeter monitoring, mobile application security and reducing risk from third-party and open source components via our cloud-based service," Wysopal says in an email.

The investment comes at a time of acquisitions in the application security space. Earlier this year, application security rival Coverity was acquired by Synopsys, and Trustwave acquired Cenzic a few months ago as well. In 2012, Veracode acquired Marvin Mobile Security, a developer of a mobile app analysis service, to boost its own capabilities. 

The company has some very large competitors in the app security space, including Hewlett-Packard and IBM. Still, Veracode CFO Ed Goldfinger says in a statement that Veracode's subscription-based business model combined with its technology, service levels, and expertise in application security have enabled the company to succeed. According to the company, it secures hundreds of the world’s largest global enterprises, including three of the top four banks in the Fortune 100 and more than 25 of the world’s top 100 brands.

Veracode's core technology was developed at consulting firm @stake, which was acquired by Symantec in 2004. Two years later, the founders spun Veracode out of Symantec and went their own way. According to Veracode, the $40 million investment will also go towards aiding the company's expansion across the globe by increasing investments in sales and marketing. Last year, Veracode says it grew by 50 percent.

According to Fortune, this most recent round of funding brings the total amount the company has raised to $134 million.  

Bob Brennan, CEO of Veracode, said in a statement:

This investment accelerates our ability to help the world’s leading organizations systematically reduce cyber risk enterprise-wide. Our goal is to speed the pace of business innovation with a more scalable, next-generation approach that industrializes application security controls across our customers' web, mobile and third-party applications. This latest round of funding enables us to maintain our growth trajectory as we both gain new customers and expand our scope across our existing customers’ global application infrastructures.

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/15/2014 | 3:49:00 PM
veracode
It's been really interesting watching the evolution of Veracode, alongside the evolution of secure app development. The imminent IPO is a good sign for SDL, IMHO.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting