Veracode Continues Rapid Growth Trajectory in First Year as Independent Company

Veracode adds over 700 new customers outpacing AppSec market given high demand for cloud-based secure software development tools to support DevSecOps

BURLINGTON, Mass. – Feb. 5, 2020 – Veracode, a leading provider of application security testing (AST) solutions, today announced that it has solidified its position as the largest global independent AppSec provider by adding over 700 new customers, increasing profitability, and innovating its SaaS solutions to meet the needs of development teams with security analysis tools that align with modern DevSecOps practices. The company grew revenue 21 percent year-over-year, dramatically outpacing forecasted AppSec industry growth of 16 percent[1] by 2023 during its first full year as an independent company after its acquisition by private equity firm Thoma Bravo.

“It is crucial for the continued advancement of the global digital economy that the software powering businesses is secure. As a pioneer of the AppSec market, we’re proud of our continued track record of growth, and our profitability illustrates the sustainability of our business and the maturity of our cloud platform,” said Sam King, Chief Executive Officer, Veracode. “Our platform is relied on by compliance, security professionals, and developers alike as the trusted AppSec partner to build and scale DevSecOps programs and to develop security defect-free code from the start. We have an uncompromising commitment to making secure software a competitive advantage.”

Expansion of Global Customer Base

Veracode grew its global customer base in 2019 to more than 2,500, achieving double digit growth in every global region. The company achieved record growth outside of North America, adding more than 100 new customers in Europe, the Middle East and Africa, and growing its customer base in Asia and Latin America by 42 percent. The number of customers participating in the Veracode Verified^TM program increased by 45 percent. Veracode Verified offers third-party attestation to customers confirming that their applications follow secure development practices, providing a competitive differentiator.

Market-leading Product Innovation

Veracode continues to fuel its exceptional growth with technology innovations designed to support customers’ DevSecOps programs. In the past two quarters, the company has:

• Aligned its expanding product portfolio into three core product families – Security Analysis, Developer Enablement, and AppSec Governance – to more tightly tie the product portfolio to the DevSecOps needs of buyers and users.
• Released its new Software Composition Analysis (SCA), the only solution offering both vulnerable methods detection technology as well as machine learning models to identify open source vulnerabilities that have been fixed by open source projects but not disclosed to the National Vulnerability Database (NVD).
• Enhanced its market-leading analytics and reporting that enables customers to view real-time  performance of their AppSec program via customizable dashboards. Customers can monitor  and measure the impact of their program, support regulatory reporting, report program metrics up the management chain, and obtain benchmarking data to compare their AppSec program to industry metrics. A key benefit of its SaaS platform, Veracode is the first and only vendor in its class to provide this kind of reporting and analysis.
• Launched Interactive Application Security Testing (IAST), a scanning technology that provides instantaneous, accurate results within the CI/CD pipeline. Veracode IAST is ideal for development teams who want to test their runtime applications at DevOps speeds to identify exploitable vulnerabilities. With the Veracode IAST solution, development teams never need to change their code to benefit from IAST scanning, unlike competing solutions.
• Delivered over 20 updates for supported languages and frameworks, added container scanning, and completed more than 10 new integrations including Jenkins and Gitlab.

"Veracode has been heavily adopted by our organization. It has served not only to identify vulnerabilities in our code early in the development lifecycle, but it has helped us to meet compliance needs and better educate our development teams,” according to a vice president of threat and risk at a $3 billion financial firm[2]. “The Veracode team has provided us with great customer service over the years, and has made efforts to support our evolving requirements as our security program continues to grow.”

2 Gartner Peer Insights, April 5, 2019, https://www.gartner.com/reviews/market/application-security-testing/vendor/veracode/product/static-analysis/review/view/796046. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.