Veracode Extends Leadership in Application Security Testing

BURLINGTON, MA--(Marketwire - August 7, 2007) - Veracode Inc., provider of the industry's first on-demand application security review, is extending its leadership in the Application Security Testing Market by providing the industry's first solution that detects and remediates software security vulnerabilities for multi-tier Web applications while providing 100% code coverage including third party libraries for which no source code is available.

By combining static binary code analysis and dynamic Web application scanning into a single on-demand service and user experience, Veracode's SecurityReview™ solution easily and cost-effectively enables organizations to gain operational insight into security risks for multi-tier, front and back office applications. Veracode is the first and only company to combine multiple testing techniques into a single on-demand application security testing service.

"Our vision at Veracode is to reduce the number of software vulnerabilities in the industry by making it easy and cost effective for all companies to test applications for security risks, whether they are developing applications in-house or purchasing applications from a third party vendor," said Matt Moynahan, president and CEO of Veracode. "By correlating results from multiple software testing techniques in a single user experience, we are making it easier for organizations to focus less on the underlying technology and more on the quality and accuracy of the results and ease of remediation."

Organizations are facing increasing operational risk and rising costs resulting from insecure software developed internally and purchased or sourced from external third-parties such as contractors and offshore development relationships. Internally, companies are challenged by developing multi-tier applications across distributed development teams with limited security expertise and different cultures and development methodologies. Externally, companies are being challenged to put procedures in place to ensure applications entering their organizations are secure and meet acceptable security standards for compliance and related industry regulations.

In response, Veracode has designed the first complete, automated application security testing solution that incorporates multiple vulnerability scanning technologies in an integrated on-demand model. Based on its centralized on-demand infrastructure, Veracode SecurityReview™ can deliver results in a matter of hours to globally distributed teams.

According to Gartner, Inc., "By 2010, 40% of organizations will use a single vendor that provides both code security scanning and Web application security scanning features along the software development life cycle."(1) Joseph Feiman, Research VP with Gartner, added, "Leading vendors will offer solutions that integrate multiple detection technologies and remediation features directly into the development and/or testing platforms, so that users will access them more easily, without having to leave their familiar development environment."

About Veracode

Veracode is the industry's first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts from @stake, Guardent, ISS, VeriSign and Symantec, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview™, uses patented binary code analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com

(1) Gartner, Inc., "Market Definition and Vendor Selection Criteria for Source Code Security Testing Tools" by Neil MacDonald and Joseph Feiman, May 28, 2007.