Veracode Gears up for Security IPO
Veracode CEO explains what his company is doing now as he heads toward a public offering.
Veracode got its start in 2006 building application security technologies. In 2014 the company is gearing up to enter the next stage of its evolution, raising new funds and preparing for an initial public offering (IPO).
Veracode closed a new $40 million round of funding last month, bringing total funding to approximately $114 million. Bob Brennan, Veracode's CEO,explained to eSecurityPlanet that he has been careful in how the money has been raised.
"An IPO is our goal, but with the money in hand I'm not watching a stock market ticker on my screen watching how the market performs; I'm much more interested in how the business performs," Brennan said. "We have a business that really matters and is built on a model that compounds nicely, even though we've been in business for eight-and-a-half years."
As to why Brennan is focused on an IPO as opposed to perhaps becoming an acquisition target for another company, Brennan stressed that he wants to build a company that will stand the test of time, adding that he wants Veracode to become one of the top 2,000 companies in the world.
Cohesive Application Security Approach
The application security space is highly competitive, with giant vendors like HP and IBM offering code and Web scanning tools. Brennan said that Veracode "covers more ground" and that its technology looks at application security from static, dynamic and behavioral analysis perspectives.
"We're able to look across all of an organization's applications and stand sentry on those applications in a production environment," he said. "We've been doing this as a cloud subscription service for the last eight-and-a-half years."
Many companies today have multiple security tools in place including a security information and event management (SIEM) platform and Web application firewall (WAF) deployments. Brennan said that Veracode has customers that integrate with SIEMs from HP and IBM all the time. To complement WAFs, Brennan said that Veracode provides contextual awareness so a WAF will know what to block.
"We are very purely focused on what constitutes secure software for our customer," Brennan said. "We have scanned over a billion lines of code across over 100,000 applications, so we know this space."
While Brennan is looking forward to the next step for his company, he's not rushing toward an arbitrary date for an IPO.
"It will be within the next year or two," he said. "We have the luxury of not needing to go public rapidly as we have sufficient capital on our balance sheet to take us well into profitability."
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twit
September 10, 2014
Employing the right methodology and tools are two keys to effective application security testing.