Contact:
Kate Munro
Veracode, Inc.
781-425-6040 ext. 296
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Veracode Launches Application Security Company; Secures $19.5 million in Funding

Security Industry Experts Launch New Company and Unveil On-demand Application Security Solutions

Burlington, Mass. – January 22, 2007 – Veracode, Inc. today officially launched as a company and announced it has raised $19.5 million in venture capital funding. Spearheaded by leading security industry experts, Veracode is offering the industry's first automated, on-demand security analysis solutions delivered through a Software-as-a-Service (SaaS) platform.

Key investors are .406 Ventures, Atlas Venture and Polaris Venture Partners, as well as strategic investors Symantec and Macrovision. Veracode's management team includes some of the top application security experts, including founders and former @stake executives Chris Wysopal, Christien Rioux and Mike Pittenger. The Company is led by President and Chief Executive Officer Matthew Moynahan, former vice president of Symantec's Consumer Products and Solutions division.

The Company also unveiled today the Veracode SecurityReview™ solutions, which allow organizations to discover security flaws in software automatically, without releasing their valuable source code. Veracode SecurityReview is the industry's first automated, on-demand application security analysis service. Whether a company is buying or building software, Veracode helps improve the security quality of applications.

Veracode's patented binary analysis provides a comprehensive way to identify and remediate the security flaws in software that put businesses at risk. The ability to assess application security without source code means organizations benefit from analysis of the full application, including linked libraries, without the need to expose valuable intellectual property. The Veracode outsourced business model helps companies avoid costly measures such as deploying tools or hiring in-demand security experts. No hardware, software or other resources are required for installation, maintenance or upgrades.

"Enterprises today have been largely successful in securing their perimeter networks. Unfortunately, the application layer has now emerged as the criminal's new favorite target," said Matthew Moynahan, CEO of Veracode, Inc. "We believe that on-demand application security as an outsourced service is an easier, more accurate, more thorough and less intrusive way to raise the security level of software.

Analyst Predicts Application Security Testing as a Service will Grow
Veracode enters the market at a time when an increasing number of organizations are making application vulnerability detection an integral part of their software development life cycle. In a recent report, "Key Process Trends and Best Practices in Application Security Testing Markets, Gartner analysts Joseph Feiman and Neil MacDonald state, "By 2010, 50% of organizations will use some amount of External Service Provider application security scanning services.1

Gartner analysts Joseph Feiman and Neil MacDonald also state in the report, "Security testing technology vendors help enterprises by offering scanning as a service -- performing vulnerability detection for enterprises, thus mitigating a lack of skills in IT departments."

Veracode SecurityReview™ - Three Solution Offerings
Veracode offers three separate services to meet today's business needs.

• Veracode Enterprise SecurityReview™ provides enterprises with the ability to analyze applications continually via a simple, cost effective, on-demand subscription service.
• Veracode Vendor SecurityReview™ assesses the security of purchased software and reduces the burden of manually evaluating code developed by outsourced vendors or partners. Software vendors are also beneficiaries of this solution as Veracode works collaboratively with them to increase the security of their applications.
• Veracode Partner SecurityReview™ provides platform vendors the ability to determine the security quality of partner-developed applications that may otherwise compromise the security, brand reputation and availability of the vendor's platform.

"Since Veracode code reviews work at the binary level, they can assess risk across mixed code bases. This provides enterprises with an easy and effective way to determine acceptable risk levels for internally or externally developed applications, said Rhonda MacLean, founder, MacLean Risk Partners and former CISO of Bank of America. "At the same time, it ensures that newly purchased software meets acceptable security thresholds before it is integrated into existing software. Companies that depend on secure and reliable code to meet today's fast-paced business demands should look at Veracode's solutions as part of their development life cycle management. It just makes good business sense.

Veracode Attracts Leading Venture Firms/ Technology Corporations
"We believe Veracode, with its patented underlying code assurance platform, has a unique opportunity to fundamentally change the way organizations achieve software application security today and create an entirely new standard for software assurance," said Maria Cirino, chairperson of the board at Veracode and partner at .406 Ventures. "We look forward to working together with Veracode's exceptional team to rapidly build an industry leader in the application security market."

"Veracode's strength lies in its unique intellectual property, innovative service delivery model and veteran executive team, said Simeon Simeonov, partner at Polaris Venture Partners. "That combination establishes the foundation for a category-leading company that can significantly improve how enterprises approach application security and manage software risk.

"Securing business applications is key to protecting corporations, said Jeff Fagnan, partner, Atlas Venture Inc. "With the majority of all application security vulnerabilities being traced back to insecure programming, Veracode is uniquely positioned to capture market attention quickly.

"Today's business environment requires stringent attention to software security, especially as more and more companies move toward digital distribution of goods and services," said Corey Ferengul, senior vice president of product and solutions management for Macrovision. "Veracode's SecurityReview solutions have been developed to offer developers and enterprises the ability to quickly and inexpensively identify security risks and to help maximize the value of technology investments and customer relationships.

About Veracode
Veracode is the industry's first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts from @stake, Guardent, ISS, VeriSign and Symantec, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview™ is based on a patented binary code analysis that inspects the entire application, including components without source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReviewTM provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. Veracode founders and executive team include industry experts from @stake, Guardent, ISS, Salesforce.com, Symantec and VeriSign. http://www.veracode.com/

1) Gartner, Inc., "Key Process Trends and Best Practices in Application Security Testing Markets, by Joseph Feiman and Neil MacDonald. December 19, 2006.