Veracode Closes $40M Late-Stage Funding Round to Accelerate Leadership Position in Web and Mobile Application Security

Rise of cloud and mobile innovation fuels need for next-generation cyber-security to address pervasive application-layer threats

BURLINGTON, Mass. — September 11, 2014 Veracode, a leader in protecting modern enterprises from today’s pervasive web and mobile application threats, today announced that it has closed a late-stage $40 million funding round led by Wellington Management Company, LLP with participation from existing investors. Veracode will use the new funding to accelerate its global expansion by boosting investments in sales, marketing and R&D. The funding also provides the company significant flexibility to consider other strategic opportunities and financing options, including exploring the acquisition of complementary technologies and a potential IPO.

Veracode grew by 50 percent last year and has seen a strong increase in the number of million-dollar-plus contracts signed with blue-chip enterprise accounts.  The company was also recognized as a “Leader” in Gartner’s 2014 “Magic Quadrant for Application Security Testing.”1  Veracode’s cloud-based service currently secures hundreds of the world’s largest global enterprises, including three of the top four banks in the Fortune 100 and more than 25 of the world’s top 100 brands.

“This investment accelerates our ability to help the world’s leading organizations systematically reduce cyber risk enterprise-wide,” said Bob Brennan, CEO, Veracode. “Our goal is to speed the pace of business innovation with a more scalable, next-generation approach that industrializes application security controls across our customers' web, mobile and third-party applications. This latest round of funding enables us to maintain our growth trajectory as we both gain new customers and expand our scope across our existing customers’ global application infrastructures.”

Mobile and cloud computing are dramatically changing the way enterprises deliver business innovation, as enterprises in all industries transform into digital businesses. At the same time, increased reliance on connected systems brings increased risk. Now that most organizations have addressed the network and end-point layers with next-generation firewalls and other devices, cyber-attackers are increasingly targeting the application layer as the path of least resistance. As a result, web application vulnerabilities like Heartbleed continue to be the No. 1 attack vector for breaches, according to the 2014 Data Breach Investigations Report (DBIR).  

First-generation, on-premises approaches to application security impose excessive complexity on fast-moving development teams. They are de-centralized, difficult to configure and require specialized in-house expertise. In comparison, Veracode’s cloud-based service is easier to implement and more scalable than legacy approaches. It offers centralized policies and KPIs to systematically reduce risk and measure progress in a consistent manner across disparate business units and development teams, including third-party suppliers, outsourcers and open source developers. In addition, the company’s cloud-based platform is continuously learning and evolving to address constantly evolving threats, based on accumulated learning from hundreds of billions of equivalent lines of code scanned.

“Veracode’s subscription-based business model, market leading technology and world-class application security expertise and service levels have enabled the company to achieve high renewal and expansion rates with high gross margins,” said Ed Goldfinger, CFO, Veracode. “We’re looking forward to continuing to execute against our aggressive growth ambitions while securing the critical application layer for major enterprises worldwide.”


1 Gartner, Inc. “Magic Quadrant for Application Security Testing "by Neil MacDonald, Joseph Feiman. July 1, 2014.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.