Hubbry Logo
VeracodeVeracodeMain
Open search
Veracode
Community hub
Veracode
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Veracode
Veracode
Veracode
View on Wikipedia
from Wikipedia

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.[1]

Key Information

The company provides multiple security analysis technologies on a single platform, including static analysis (or white-box testing), dynamic analysis (or black-box testing), and software composition analysis.[2][3] Veracode serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code.[4]

History

[edit]

Veracode was founded by Chris Wysopal and Christien Rioux, former engineers from @stake, a Cambridge, Massachusetts-based security consulting firm known for employing former “white hat” hackers from L0pht Heavy Industries.[5] Much of Veracode's software was written by Rioux.[6] In 2007, the company launched SecurityReview, a service which can be used to test code in order to find vulnerabilities that could lead to cybersecurity breaches or hacking. The service is intended to be used as an alternative to penetration testing, which involves hiring a security consultant to hack into a system.[6] On November 29, 2011, the company announced that it had appointed Robert T. Brennan, former CEO of Iron Mountain Incorporated, as its new chief executive officer.[7]

As of 2014, Veracode's customers included three of the top four banks in the Fortune 100.[8][9] Fortune reported in March 2015 that Veracode was prepared to file for an initial public offering (IPO) but ultimately did not follow through.[10][11] In a funding round announced in September 2014, the firm raised US$40,000,000 in a late-stage investment led by Wellington Management Company with participation from existing investors.[8]

In the company's annual cybersecurity report for 2015, it was found that most sectors failed industry-standard security tests of their web and mobile applications and that government is the worst performing sector in regards to fixing security vulnerabilities.[12][13] This annual report also found that "four out of five applications written in popular web scripting languages contain at least one of the critical risks in an industry-standard security benchmark."[14]

On March 9, 2017, CA Technologies announced it was acquiring Veracode for approximately $614 million in cash,[15] and the acquisition was completed on April 3, 2017.[16]

On July 11, 2018, Broadcom announced that it was acquiring Veracode parent CA Technologies for $18.9 billion in cash.[17] The acquisition was completed on November 5, 2018, and Broadcom thus became the new owner of the Veracode business.[18] On the same day, Thoma Bravo, a private equity firm headquartered in San Francisco, California, announced that it had agreed to acquire Veracode from Broadcom for $950 million cash.[19][20]

Upon Thoma Bravo’s acquisition of the company, Sam King replaced Bob Brennan as CEO.[21]

Veracode’s 2020 annual cybersecurity report found that half of application security flaws remain open 6 months after discovery.[22] In 2020, Veracode scanned over 11 trillion lines of code, helping to correct approximately 16 million flaws.[4]

In March 2022, the company was acquired by TA Associates at a valuation of $2.5 billion.[23]

In April 2024, Brian Roche replaced Sam King as CEO, following Veracode’s acquisition of Longbow Security.[24]

In January 2025, Veracode acquired Phylum Inc. The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries.[25]

Technical integrations

[edit]

Veracode's Static Application Security Testing solution provides users with integrations with most workflow applications.[citation needed]

Channel model

[edit]

Veracode applies a mixed channel model, using local resellers to reach customers but also doing business direct with enterprise size global accounts. The company collaborates with partners across various regions, including North America, Latin America, EMEA and the Asia-Pacific. Veracode provides a "Find a Partner" tool on its website, enabling prospective customers to identify and connect with authorized partners in their area. New resellers are added on a regular basis.[26]

See also

[edit]

References

[edit]

Further reading

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Veracode

View on Grokipedia
from Grokipedia
Veracode is an American cybersecurity company specializing in , founded in 2006 by Chris Wysopal and , both former members of the renowned hacker group Heavy Industries. Headquartered in , Veracode provides a cloud-based Application Risk Management platform that enables organizations to identify, prioritize, and remediate security vulnerabilities across the lifecycle (SDLC), from to cloud deployment. The platform integrates (SAST), (DAST), (SCA), and other tools to scan hundreds of programming languages and frameworks, supporting secure without introducing bottlenecks. Originally focused on binary static analysis for third-party applications, Veracode has evolved into a comprehensive solution addressing modern threats, including those in AI-driven and environments. The company has scanned over 360 trillion lines of code and facilitated the fixing of more than 121 million security flaws for its customers. With approximately 700 employees and serving over 2,400 organizations worldwide, Veracode is recognized as a leader in testing, earning accolades such as being named an 11x Leader in the for Testing. Veracode's ownership history reflects its growth in the cybersecurity sector: it was acquired by in 2017 for $614 million, then transferred to following its 2018 purchase of CA, before being sold to the private equity firm in 2019 for $950 million. In recent years, under 's backing, Veracode has pursued strategic expansions, including the acquisition of Phylum Inc.'s technology in January 2025 to bolster security capabilities. The company marked 2024 as a record year, adding over 300 new customers and completing a strategic acquisition (Longbow Security) amid rising demand for proactive in an era of increasing software vulnerabilities.

Overview

Company profile

Veracode is a Burlington, Massachusetts-based company founded in 2006 by Chris Wysopal and , with its headquarters located at 65 Blue Sky Drive remaining there as of 2025. The company operates as a SaaS-based provider of solutions, specializing in identifying and mitigating risks throughout the lifecycle. Veracode employs approximately 700 people globally, supporting its operations across multiple regions. Its mission is to provide customers with the most comprehensive and open platform for managing application risk while ensuring software is secure across the entire . This focus empowers organizations to build secure software by reducing application-layer risks through comprehensive testing and risk management. As of 2024, Veracode served more than 2,400 customers worldwide, adding over 300 new customers that year alone. The company achieved a valuation of $2.5 billion in 2022 following a significant growth investment.

Leadership

Brian Roche serves as Chief Executive Officer of Veracode, appointed in April 2024. With over 25 years of experience in application security engineering, cloud native technologies, cloud operations, and AI, Roche previously held the role of Chief Product Officer at Veracode from October 2020 to April 2024, where he led product strategy and drove innovations in application security solutions. Prior to joining Veracode, he held executive positions at EMC, Cognizant, and Medidata, guiding multi-million-dollar software and services businesses through digital transformations. Anthony Barkley was appointed Chief Strategy Officer in September 2025, focusing on operationalizing strategic priorities, reinforcing product vision, and enhancing go-to-market execution. Bringing more than 30 years of expertise in technology and cybersecurity, Barkley previously served as at , where he managed revenue growth, customer value optimization, and major acquisition integrations, including @stake into Symantec and into . Diana Bushard joined as General Counsel in September 2025, overseeing legal operations and compliance in the domain. A seasoned attorney with over 25 years of experience in multidisciplinary legal practices at firms, including senior roles at Archblock and Bloom Protocol, Bushard supports , , and . Sam King served as CEO from January 2021 to April 2024, having joined Veracode in 2006 and overseeing its evolution from a startup to a multi-billion-dollar enterprise valued at $2.5 billion in 2022. Under her leadership, Veracode expanded its go-to-market strategy to enterprises and federal sectors, scaling offerings globally. Following her CEO tenure, King transitioned to an advisory role at Veracode before assuming the CEO position at Nasuni in April 2025. Veracode was co-founded in 2006 by Chris Wysopal and , both former members of the hacker collective. Wysopal, who initially contributed to technical leadership as co-founder, now serves as Chief Security Evangelist, continuing to influence security research through vulnerability analysis, advocacy for responsible disclosure guidelines, and authorship of key works like The Art of Software Security Testing. Rioux provided foundational technical leadership as co-founder and Chief Scientist, developing core intellectual property including patents for Veracode's security technologies, before departing to pursue other ventures.

History

Founding and early development

Veracode was founded in 2006 by Chris Wysopal, a former vice president of research and development at the security consultancy @stake, and in . The company was established to address limitations in existing testing tools, particularly by pioneering binary static testing (BAST) that analyzes compiled code without requiring access to . From its inception, Veracode focused on developing cloud-based scanning tools tailored for web and mobile applications, prioritizing high accuracy and ease of use to enable secure in enterprise environments. This approach allowed organizations to identify vulnerabilities in deployed binaries, filling a critical gap for teams handling or third-party code where source access was restricted or impractical. A key milestone came in 2007 with the launch of its initial SaaS platform, SecurityReview, which provided automated static as a service and quickly gained traction among enterprises seeking compliance with standards such as PCI DSS and guidelines. Early adoption was driven by the platform's ability to support regulatory requirements without disrupting development workflows, attracting clients in and sectors. The company also secured significant early , including a $19.5 million Series B round in 2007 led by Atlas Venture, with participation from .406 and Polaris Partners, to fuel platform enhancements and market expansion. During the growth phase from 2010 to 2016, Veracode expanded its platform to support a broader range of programming languages, including , .NET, and others commonly used in enterprise applications, enhancing its applicability across diverse software ecosystems. This period saw steady scaling, with the company achieving recognition as a leader in the 2015 for Testing due to its comprehensive vision and execution in static analysis services. Veracode also secured a $12 million expansion round in 2010 led by StarVest Partners, with participation from Atlas Venture and .406 Ventures.

Ownership changes

In 2017, CA Technologies announced its acquisition of Veracode on March 9 for approximately $614 million in cash, with the deal closing on April 3 and integrating Veracode into CA's broader security software portfolio to enhance application security offerings. This move positioned Veracode within a larger enterprise technology ecosystem, providing expanded resources for scaling its cloud-based security testing platform. Later that year, agreed to acquire on July 11, , for $18.9 billion in an all-cash transaction, which was completed on November 5, , thereby placing Veracode under 's ownership for a brief period. As part of 's strategic realignment toward software, Veracode's integration was short-lived, reflecting the acquirer's focus on divesting non-core assets. On the same day as the -CA completion, November 5, 2018, firm announced its acquisition of Veracode from for $950 million in cash, with the transaction finalizing on January 1, 2019. This shift to ownership emphasized growth through operational enhancements and market expansion, leveraging 's expertise in software investments to drive Veracode's innovation in application risk management. In March 2022, TA Associates announced a significant growth investment in Veracode, acquiring a majority stake at a $2.5 billion valuation on March 15, with the deal completing in May 2022; Thoma Bravo retained a minority interest. This transaction provided Veracode with substantial capital for accelerated research and development, enabling investments in platform enhancements and global team expansion. Under TA Associates' majority ownership, Veracode achieved record growth in 2024, including the addition of over 300 new customers, which underscored the impact of increased resources on its market penetration and strategic evolution. These successive ownership transitions—from public enterprise integration to private equity-led scaling—collectively bolstered Veracode's resources for international growth and product development, transforming it into a more agile leader in .

Strategic acquisitions

Veracode has pursued strategic acquisitions to broaden its offerings, focusing on , cloud-native environments, and protections. In December 2022, the company acquired Crashtest Security, a Munich-based developer of (DAST) tools. This move integrated Crashtest's capabilities for penetration testing into Veracode's platform, enhancing runtime scanning for web applications, JavaScript-based apps, and REST APIs to address vulnerabilities in development pipelines. Building on this, Veracode acquired Longbow Security, a Texas-based startup specializing in cloud-native , in April 2024. The acquisition incorporated Longbow's tools for automated root cause analysis and continuous monitoring in and container environments, providing unified visibility across code, applications, and cloud infrastructure. Integration of Longbow's capabilities became available to customers immediately following the deal, with full rollout by mid-2024, enabling AI-driven prioritization of security risks. Most recently, in January 2025, Veracode acquired key technology assets from , Inc., a Denver-based firm focused on open-source security. This enhanced Veracode's (SCA) by adding Phylum's malicious package detection and mitigation tools, which analyze code in seconds and identify threats such as in third-party dependencies. The technology, integrated into Veracode's SCA product, detects approximately 60% more malicious packages than competing solutions, with general availability achieved in early 2025. These acquisitions reflect Veracode's strategy to evolve from traditional static and dynamic scanning toward comprehensive , particularly following the growth investment from , which facilitated expanded investment in complementary technologies. Collectively, they have strengthened threat detection in open-source components and cloud deployments, reducing remediation times for risks amid rising attack costs projected to reach $138 billion by 2031.

Products and services

Application Risk Management Platform

The Veracode Application Risk Management Platform is a cloud-based SaaS solution that provides a centralized for assessing and governing risks across entire application portfolios. It enables organizations to automate the scanning of codebases, prioritize vulnerabilities based on potential impact, and track remediation efforts throughout the lifecycle (SDLC). This holistic approach unifies risk insights from various sources, allowing teams to monitor and manage risks at scale without disrupting development workflows. Key features include risk scoring that combines the (CVSS) metrics—such as exploitability and impact on confidentiality, integrity, and availability—with business criticality factors like reputation damage, financial loss, and operational disruption. The platform enforces customizable policies to ensure compliance with standards such as GDPR and SOC 2, generating automated reports and alerts to facilitate audits and regulatory adherence. Additionally, built-in analytics provide visibility into security debt, helping organizations measure flaw remediation rates and reduce accumulated vulnerabilities over time. Originally launched in 2006 as a foundational scanning tool, the platform has evolved into a comprehensive system, incorporating AI-driven capabilities by 2025 to deliver predictive insights on emerging threats, such as those from AI-generated code. It supports shift-left security practices by integrating directly into pipelines, enabling continuous monitoring and early flaw detection to minimize downstream risks. In practice, the platform scales to enterprise needs, supporting the of millions of unique applications and trillions of lines of code across diverse languages and frameworks, while streamlining remediation to achieve up to 200% faster mean time to fix through AI-assisted tools. Enhancements from acquisitions like have further bolstered its risk capabilities, as detailed in the company's strategic history.

Security testing solutions

Veracode provides a suite of security testing solutions designed to identify and mitigate vulnerabilities across the software development lifecycle, focusing on static, dynamic, interactive, and compositional analysis methods. These tools integrate into development workflows to enable early detection and remediation, supporting organizations in securing applications without disrupting productivity. Static Application Security Testing (SAST) in Veracode performs analysis on binary and source code without executing the application, using whole-program analysis to uncover exploitable vulnerabilities such as SQL injection, cross-site scripting, and insecure data handling. It supports over 100 programming languages and frameworks, including Java, .NET, JavaScript, Python, and C/C++, allowing for broad coverage of legacy and modern codebases. Veracode SAST achieves a false positive rate below 1.1%, ensuring high accuracy in flaw detection while minimizing developer triage time. Dynamic Application Security Testing (DAST) conducts runtime testing of web applications and APIs by simulating real-world attacks, such as injection attempts and bypasses, to identify exploitable issues that may only appear during execution. This black-box approach requires no access to and provides real-time feedback on runtime vulnerabilities, with configurable scan depths for optimized speed and coverage. Veracode DAST delivers industry-leading accuracy with false positives under 5%, enabling rapid prioritization of high-impact risks. Software Composition Analysis (SCA) scans open-source components within applications to detect known vulnerabilities, outdated libraries, and licensing risks that could lead to compliance issues or compromises. Following Veracode's acquisition of technology assets in January 2025, SCA now incorporates advanced and threat intelligence for malicious package detection, blocking threats like and dependency confusion. It includes reachability analysis to focus on exploitable issues and automated remediation suggestions for efficient . Interactive Testing (IAST) employs runtime instrumentation to monitor applications during development and testing phases, providing precise detection by analyzing only the paths exercised by functional tests or user interactions. Deployed in QA environments without extending test cycles, IAST combines elements of static and dynamic for reduced false positives and contextual insights into flaws like insecure deserialization. It complements other Veracode tools by focusing on active execution, enhancing precision in pipelines. These solutions offer comprehensive coverage for web, mobile, and API applications, with accuracy rates exceeding 90% as validated by industry benchmarks from sources like and Forrester, where Veracode consistently ranks highly for detection reliability. AI-driven features, such as Veracode Fix, automate remediation by generating precise code suggestions for vulnerabilities, accelerating fixes within integrated development environments.

Training and consulting services

Veracode offers a range of programs designed to equip developers and security teams with the skills to integrate secure coding practices into their workflows. The company's Secure Code initiative provides flexible, online courses and hands-on labs that cover foundational topics such as , session , and service-based , tailored to various and technical backgrounds. These programs emphasize practical education, including modules on the Top 10 vulnerabilities, to help participants identify and mitigate common security risks in code. In addition to core secure coding instruction, Veracode's eLearning platform delivers specialized content for developer enablement, focusing on techniques to embed (AppSec) into / () pipelines. This includes resources and workshops that teach developers how to interpret scan results, prioritize flaws, and reduce false positives through better understanding of tools and policies. By fostering these skills, the aims to shift left in the development lifecycle, enabling teams to address vulnerabilities earlier and more efficiently. On the consulting side, Veracode provides advisory services through its Mitigation Proposal Review (MPR), where application security experts evaluate developers' proposed fixes against organizational policies and risk tolerances. This service supports custom assessments by offering guidance on remediation strategies, ensuring that mitigations align with best practices without slowing development velocity. Consultation calls are also available to assist with scan configuration, result interpretation, and overall , complementing automated testing tools by adding human expertise to complex scenarios. These offerings have demonstrated measurable impact on organizational postures. For instance, developers receiving through Veracode's programs fix 88% more flaws compared to those without such , while organizations implementing structured programs remediate 50% of flaws two months faster than those without. In practice, MPR has enabled clients, such as an insurance company, to review five times more proposals at a lower cost per flaw, yielding efficiency gains within the first month of use. Overall, only about 15% of development teams participate in formal , highlighting the value of Veracode's targeted educational and advisory services in bridging this gap.

Technology

Analysis methods

Veracode's analysis methods primarily revolve around Binary Static Analysis (BSA), a core technique developed since the company's founding in 2006 that examines compiled binaries without requiring access to source code. This approach models the application's data and control flow by converting binaries into an intermediate representation, enabling the detection of security flaws through automated scanning in a cloud-based environment for enhanced scalability. Specifically, BSA employs pattern matching to identify known vulnerability signatures and data flow analysis to track taint propagation, where untrusted or sensitive data flows into security sinks like SQL queries or file operations, flagging potential issues such as injection attacks. To address limitations of pure static analysis, Veracode incorporates hybrid approaches that integrate —leveraging source-aware insights when available—with black-box dynamic testing, which simulates external attacks without internal knowledge of the code structure. This combination reduces noise in results by cross-verifying findings across methods and applying for , prioritizing high-impact vulnerabilities while achieving a of less than 1.1%. The hybrid model also incorporates manual review by security experts to refine automated outputs, ensuring accuracy in diverse application environments. Vulnerability detection in Veracode's methods targets a broad spectrum of risks, including those in the CWE/SANS Top 25 Most Dangerous Software Errors, such as injection flaws and buffer overflows. It extends to API security by scanning for issues like broken authentication and excessive data exposure, as well as configuration checks for misconfigurations in servers or dependencies that could expose applications to exploitation. All analysis occurs in a scalable cloud platform, processing large binaries efficiently without on-premises infrastructure demands. These methods adhere to established standards, including NIST SP 800-53 for and MITRE's CWE framework, with Veracode contributing to CWE development and aligning detections to its categories for consistent, verifiable security assessments. The iterative training of analysis models, informed by historical scan data, maintains low false positive rates below 1.1% and supports compliance reporting.

AI-driven innovations

Veracode employs in its remediation processes through Veracode Fix, an AI-powered tool that generates contextual fix suggestions and code snippets for identified vulnerabilities. This capability automates the resolution of security flaws by providing developers with reliable, expert-vetted patches that can be reviewed and applied directly in integrated development environments (IDEs), command-line interfaces (CLIs), or pipelines. Supporting over 70% of detected flaws across 10 programming languages, Veracode Fix leverages a security-specific fine-tuned on common weaknesses enumeration (CWE) patterns and historical fix data to produce accurate recommendations without retaining user code or generating hallucinations. According to a Forrester Consulting study commissioned by Veracode, organizations using this tool achieved a 200% improvement in mean time to remediate flaws, transforming processes that previously took hours into resolutions under 30 seconds for repetitive issues. In , Veracode integrates models to forecast vulnerability trends by analyzing historical scan data from trillions of lines of code across its platform. These models predict emerging risks, such as unlisted open-source vulnerabilities, and generate proactive alerts integrated into the Application platform for early prioritization. For instance, AI-assisted simulates potential attack paths based on application architecture and historical exploit patterns, enabling teams to address design flaws before code deployment. This approach enhances risk forecasting without relying solely on traditional static or dynamic analysis methods. Recent advancements from 2024 to 2025 have expanded Veracode's AI capabilities, including generative AI enhancements for threat simulation within its suite. These updates allow for dynamic modeling of adversarial scenarios, such as AI-driven attacks on application components, to proactively identify weaknesses in real-time during development cycles. Complementing this, Veracode's acquisition of Inc.'s technology in January 2025 introduced AI-based malicious code detection to its (SCA) offerings. 's machine learning-driven package management firewall and malicious package database enable automated scanning of open-source dependencies for hidden threats, integrating behavioral analysis to block risks before incorporation and providing a customizable policy engine for security. These innovations collectively strengthen proactive defense against evolving attacks. Veracode prioritizes ethical AI practices by designing its models to be bias-free and compliant with standards like the Top 10 for LLM Applications. Through active bias mitigation techniques, such as diverse training datasets and multi-option recommendation generation, the company ensures fair and secure outputs that avoid discriminatory or insecure suggestions. Veracode's responsible-by-design AI framework, including no-code-retention policies and fine-tuning on verified security data, aligns with OWASP guidelines to prevent issues like prompt injection or model poisoning in its remediation and analytics tools.

Integrations and partnerships

Technical integrations

Veracode offers robust integrations with pipelines to automate within development workflows. Plugins are available for Jenkins, enabling static analysis, dynamic analysis, and (SCA) scans directly in freestyle or pipeline jobs, which can be triggered on code commits or pull requests to provide immediate feedback. Similarly, the GitHub Actions integration uses workflow configurations and actions like Scan to submit code for automated scanning during repository events such as pushes or pull requests, embedding security checks into the process. For Azure DevOps, extensions and YAML-based workflow integrations support policy scans, scans for static analysis, and agent-based SCA, allowing teams to configure automated scans at various pipeline stages, including on commit or build triggers. In the development environment, Veracode provides IDE extensions that deliver security insights during coding. The Scan for VS Code extension integrates (SAST) and SCA, allowing developers to package and upload code for analysis, review findings, and apply AI-generated fixes directly within the IDE, with configurable auto-scans on open or changes. For JetBrains IDEs like IntelliJ, the Scan for JetBrains plugin supports SAST and SCA to detect flaws and open-source risks, displaying results and remediation guidance in the editor; additionally, Veracode offers on-the-fly scanning for real-time detection of security defects and contextual fix suggestions as code is written. Veracode's API ecosystem facilitates custom integrations through RESTful APIs that follow standard conventions for accessing platform data and triggering scans, enabling orchestration with external tools for tailored security workflows. For instance, the platform integrates with via a dedicated Vulnerability Response connector, importing SAST, dynamic analysis, SCA, and software (SBOM) data through scheduled API jobs to create tickets, prioritize , and manage remediation in processes. Veracode ensures compatibility with major cloud platforms, providing native support for AWS through integrations like CodeBuild for pipeline-embedded scans, Azure via extensions, and (GCP) through API-driven workflows for automated testing in cloud environments. Following the 2024 acquisition of Security (rebranded as Veracode Risk Manager), Veracode enhanced its cloud-native capabilities, adding unified risk management that aggregates data from AWS, Azure, and GCP to scan images, (IaC) configurations, and secrets in -based deployments. This includes IaC scanning for manifests, supporting secure orchestration without disrupting deployment pipelines. In 2025, Veracode integrated technology from to strengthen SCA for security, enhancing detection of malicious packages in third-party components.

Channel and partner ecosystem

Veracode's channel and partner ecosystem revolves around its Velocity Partner Program, which was significantly enhanced in July 2024 to streamline collaboration and accelerate partner growth across regions including , , EMEA, and APAC. The program features a three-tiered structure—Silver, Gold, and Platinum—designed for resellers and other channel partners, with tiers based on levels of engagement and investment to reward performance through increased margins and protected renewals. Key benefits include comprehensive training via a new Partner Technical Certification Program offering four progressive levels with Credly digital badges, deal registration to protect opportunities, and marketing development funds (MDF) for joint marketing initiatives. These elements enable partners to deliver high-value solutions more effectively. The ecosystem encompasses diverse partner categories to support Veracode's . Global System Integrators (GSIs), such as and , collaborate on consulting, implementation, and cloud modernization services to integrate Veracode's solutions into enterprise transformations. Technology Alliances focus on seamless technical integrations with complementary platforms, exemplified by the Veracode Splunk Bridge, which imports vulnerability data into for enhanced analytics and reporting, and the 2025 partnership with Wiz to eliminate security data silos in cloud environments. Solution Providers, including value-added resellers (VARs) like , distribute and support Veracode's offerings, particularly in and scalable deployment scenarios. This diversified structure allows partners to address varied customer needs in . Veracode's channel model prioritizes co-selling of solutions, emphasizing simplified onboarding and specialized appsec certifications to build partner expertise. The enhanced program facilitates faster market entry and revenue acceleration for participants. Strategically, these partnerships have been instrumental in driving enterprise adoption, enabling organizations to scale secure amid rising threats. The 2024 updates particularly underscored collaborations in cloud-risk management, incorporating AI-powered remediation tools and integrations from the Veracode Risk Manager (formerly Longbow Security) to extend from to environments.

References

  1. https://www.veracode.com/about/
  2. https://www.veracode.com/platform/
  3. https://www.veracode.com/blog/leader-in-gartner-mq-ast-11-times/
  4. https://www.inc.com/peter-cohan/5-ways-this-25-billion-tech-company-takes-lead.html
  5. https://www.sdxcentral.com/news/thoma-bravo-acquires-veracode-from-broadcom-for-950-million/
  6. https://www.veracode.com/blog/innovating-secure-software-supply-chains-veracode-acquires-phylum/
  7. https://www.businesswire.com/news/home/20250320889134/en/Veracode-Achieves-Record-Year-with-Significant-Growth-and-Strategic-Expansion
  8. https://www.businesswire.com/news/home/20240401733848/en/Advancing-Cloud-Native-Application-Security-Veracode-Connects-Security-from-Code-to-Cloud-with-the-Acquisition-of-Longbow-Security
  9. https://pitchbook.com/profiles/company/52819-57
  10. https://finance.yahoo.com/news/veracode-achieves-record-significant-growth-115000394.html
  11. https://www.thomabravo.com/press-releases/veracode-announces-significant-growth-investment-from-ta-associates
  12. https://www.businesswire.com/news/home/20240403218177/en/Veracode-Embarks-on-a-New-Chapter-with-Appointment-of-Brian-Roche-as-Chief-Executive-Officer
  13. https://www.bloomberg.com/profile/person/23913777
  14. https://www.veracode.com/leadership/brian-roche/
  15. https://www.itpro.com/business/leadership/veracode-bolsters-leadership-team-for-next-growth-chapter
  16. https://www.veracode.com/leadership/anthony-barkley/
  17. https://www.veracode.com/leadership/diana-bushard/
  18. https://www.aspendigital.org/person/sam-king/
  19. https://www.ta.com/news/veracode-announces-significant-growth-investment-from-ta-associates/
  20. https://www.nasuni.com/blog/a-new-beginning-nasuni-appoints-sam-king-as-chief-executive-officer/
  21. https://www.veracode.com/leadership/chris-wysopal/
  22. https://www.bloomberg.com/profile/person/17662206
  23. https://www.linkedin.com/pulse/why-binary-static-analysis-christian-dalomba-cissp
  24. https://www.veracode.com/security/static-analysis-tool/
  25. https://www.mintsecurity.fi/en/veracode/
  26. https://omdia.tech.informa.com/om018263/omdia-market-radar-for-nextgeneration-application-security-pipeline-pipeline-ngas
  27. https://www.globenewswire.com/news-release/2007/08/13/1060086/0/en/Veracode-President-and-CEO-Matt-Moynahan-Named-One-of-Boston-Business-Journal-s-40-Under-40.html
  28. https://www.veracode.com/security/pci-security/
  29. https://docs.veracode.com/r/r_supported_table
  30. https://sg.finance.yahoo.com/news/veracode-recognized-leader-gartner-magic-130000015.html
  31. https://www.darkreading.com/cybersecurity-analytics/veracode-secures-12-million-in-vc-funding
  32. https://www.helpnetsecurity.com/2017/03/07/ca-technologies-acquires-veracode/
  33. https://www.darkreading.com/application-security/ca-technologies-completes-acquisition-of-veracode
  34. https://www.nasdaq.com/articles/ca-technologies-ca-completes-the-purchase-of-veracode-2017-04-04
  35. https://investors.broadcom.com/news-releases/news-release-details/broadcom-acquire-ca-technologies-189-billion-cash
  36. https://investors.broadcom.com/news-releases/news-release-details/broadcom-inc-completes-acquisition-ca-technologies
  37. https://www.cnbc.com/2018/07/11/ca-technologies-soars-after-reportedly-nearing-deal-with-broadcom.html
  38. https://cyberscoop.com/veracode-thoma-bravo-broadcom-950m/
  39. https://investors.broadcom.com/news-releases/news-release-details/thoma-bravo-completes-acquisition-veracode-software
  40. https://www.crn.com/news/security/thoma-bravo-to-buy-veracode-from-broadcom-for-950-million
  41. https://www.goodwinlaw.com/en/news-and-events/news/2022/05/05_05-ta-associates-makes-significant-growth
  42. https://www.fitchratings.com/research/corporate-finance/fitch-assigns-veracode-b-idr-outlook-stable-11-04-2022
  43. https://www.businesswire.com/news/home/20221212005449/en/Veracode-Adds-Advanced-Dynamic-Analysis-Capability-With-Acquisition-of-Crashtest-Security-Solution
  44. https://www.businesswire.com/news/home/20250106967344/en/Veracode-Acquires-Phylum-Inc.-Technology-to-Transform-Software-Supply-Chain-Security
  45. https://community.veracode.com/s/question/0D5Uf00000Xthb3KAB/introducing-phylum-malicious-package-database-and-package-management-firewall
  46. https://docs.veracode.com/r/review_scoringmethodology
  47. https://docs.veracode.com/r/review_assurancelevels
  48. https://www.veracode.com/policy-reporting/
  49. https://www.veracode.com/resources/analyst-reports/2025-genai-code-security-report/
  50. https://www.businesswire.com/news/home/20251029207424/en/Veracode-Report-Finds-63-of-Financial-Services-Firms-Carry-Critical-Security-Debt-Heightening-Supply-Chain-Risk
  51. https://tei.forrester.com/go/veracode/veracodefix/
  52. https://www.veracode.com/
  53. https://www.veracode.com/products/binary-static-analysis-sast/
  54. https://www.veracode.com/products/dynamic-analysis-dast/
  55. https://www.veracode.com/products/software-composition-analysis/
  56. https://www.veracode.com/security/interactive-application-security-testing-iast/
  57. https://www.veracode.com/resources/ebooks/forrester-tei/
  58. https://www.veracode.com/developers/training/
  59. https://docs.veracode.com/r/elearning_course_catalog
  60. https://www.veracode.com/products/elearning/
  61. https://www.veracode.com/services/mitigation-proposal-review
  62. https://docs.veracode.com/r/t_schedule_consultation
  63. https://www.intelligentciso.com/2022/12/08/24-of-tech-apps-contain-high-severity-security-flaws-posing-a-serious-cybersecurity-risk-if-exploited/
  64. https://www.veracode.com/security/static-code-analysis/
  65. https://community.veracode.com/s/article/How-does-static-analysis-work-What-type-of-internal-modeling-is-performed-e-g-dataflow-controlflow-etc
  66. https://www.veracode.com/blog/managing-appsec/comparing-vulnerable-methods-static-analysis/
  67. https://www.veracode.com/security/black-box-analysis/
  68. https://docs.veracode.com/r/review_methodology
  69. https://docs.veracode.com/r/r_findings_explore
  70. https://www.veracode.com/security/api_security_best_practices/
  71. https://www.veracode.com/security/code-analysis/
  72. https://www.veracode.com/security/nist-compliance/
  73. https://www.nist.gov/document/veracode040413pdf
  74. https://www.veracode.com/wp-content/uploads/2024/07/veracode-artificial-intelligence-white-paper.pdf
  75. https://www.veracode.com/blog/ai-transforming-application-security-testing/
  76. https://www.veracode.com/blog/ai-advantage-in-application-security/
  77. https://www.veracode.com/wp-content/uploads/Veracode_Top10_OWASP_IG.pdf
  78. https://www.veracode.com/products/fix/
  79. https://docs.veracode.com/r/c_about_jenkins
  80. https://docs.veracode.com/r/GitHub_Workflow_Integration_for_Repo_Scanning
  81. https://docs.veracode.com/r/c_VS_team_servs
  82. https://docs.veracode.com/r/Veracode_Scan_for_VS_Code
  83. https://docs.veracode.com/r/Scan_for_JetBrains
  84. https://plugins.jetbrains.com/plugin/10026-veracode-greenlight
  85. https://docs.veracode.com/r/c_rest_intro
  86. https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/secops-integration-vr/veracode/concept/veracode-vuln-integration.html
  87. https://www.veracode.com/aws/
  88. https://www.veracode.com/blog/veracode-advances-cloud-native-application-security-with-longbow-acquisition/
  89. https://www.veracode.com/blog/introducing-veracode-risk-manager-new-chapter-aspm-built-scale/
  90. https://www.veracode.com/products/longbow/
  91. https://docs.veracode.com/r/Review_Container_Security_Findings
  92. https://www.businesswire.com/news/home/20240730015405/en/Veracode-Launches-Enhanced-Velocity-Partner-Program-and-Unveils-Technical-Certification-Program
  93. https://www.channelfutures.com/new-changing-channel-programs/veracode-partners-get-enhanced-global-partner-program
  94. https://www.veracode.com/partners/global-system-integrators/
  95. https://www.veracode.com/partners/technology-alliances/
  96. https://www.veracode.com/partners/solution-providers/
  97. https://splunkbase.splunk.com/app/7277
  98. https://www.dlt.com/government-products/veracode
  99. https://careers.ta.com/companies/veracode/jobs/25261828-global-systems-integrator-partner-director
  100. https://finance.yahoo.com/news/veracode-joins-wiz-integration-network-115000757.html
  101. https://www.veracode.com/partners/program
  102. https://www.veracode.com/press-release/veracode-connects-security-from-code-to-cloud-with-acquisition-of-Longbow-Security
Add your contribution
Related Hubs
User Avatar
No comments yet.