Contact Information: Contact: Rachel Labas Lois Paul & Partners 781-782-5783 rachel_labas@lpp.com
Veracode Appoints Kimberly Baker as Vice President of Government Markets
25-Year IT Executive to Lead Veracode's Entry Into the Government Sector
| Source: Veracode
BURLINGTON, MA--(Marketwire - January 16, 2008) - Veracode Inc., provider of the industry's
first on-demand application security testing solutions, announced today the
appointment of Kimberly Baker as the company's vice president of Government
Markets. Baker brings to Veracode over 25 years of sales, services, and
consulting experience in the federal, state and commercial sectors. She is
responsible for developing the go-to-market, sales and technical resource
strategy for code security in the government market.
Veracode also announced it will expand its software security testing
service offerings to address the specific needs of Federal Agencies, the
Department of Defense (DoD) and the Intelligence community. These
investments underscore Veracode's recognition of the large and strategic
opportunity for growth in the government sector.
"As software applications grow in complexity and are increasingly produced
by geographically distributed workgroups or by offshore developers, the
likelihood of flaws and exploitable vulnerabilities increases," said Matt
Moynahan, CEO of Veracode. "Government agencies are rightfully concerned
about the risks these complex commercial and custom developed applications
can pose to military and civilian infrastructure. The situation is further
exacerbated by the lack of standards and metrics available to quantify the
potential risk posed by the use of these applications. Veracode
SecurityReview, with its patented binary analysis that inspects 100 percent
of an application, and on-demand delivery model, is poised to aid the
government in meeting the application security challenge."
A recent government issued memorandum provided instructions to heads of
executive departments and agencies for meeting FY 2007 reporting
requirements under the Federal Information Security Management Act of 2002
(FISMA). Within the document, agencies were encouraged to seek out and
utilize private sector software, including on-demand, software as a
service, software subscription solutions.
Application security has become a greater focus for the government. FISMA
and DITSCAP/DIACAP are government regulations that require agencies to
assess the levels of risk in their software and systems and develop a plan
of action and milestones to show continuous improvement in the security of
the systems and software. To date the major focus has been at the network
and systems level with Certification and Accreditation (C&A). The
underlying risk in commercial-off-the-shelf (COTS) and custom code has not
been addressed to any significant degree due to the same cost and
complexity challenges commercial markets are facing.
In addition, in September 2007 the government's Defense Science Board
issued a "Mission Impact of Foreign Influence on DoD Software" report,
discussing specific risks throughout the global software supply chain and
offering ways to mitigate the problem. Software developed in this supply
chain is touched by many hands, increasing the complexity of a review
because source code is not readily available. Foreign developed and COTS
software may have malicious code or backdoor traps hidden within, and
organizations like the DoD need a way to verify that applications they
purchase contain secure code. Veracode's unique service model, using
binary code analysis to detect malicious code, is well designed for this
task.
"Veracode's entry into the government space comes at a time when
application security solutions are crucial to protecting the federal
infrastructure," Baker said. "Today's applications are the new perimeter.
Given the amount of COTS software developed in foreign countries and the
lack of software standards, a method to evaluate and mitigate software risk
is critical. Veracode's unique on-demand service model is a simple and
cost-effective way for government agencies to evaluate software risk and
ensure their code is secure and free of backdoors and malware."
Baker continued, "Software used by the government is at risk for many of
the same types of malicious hacking and coding threats faced by the
commercial sector. A significant portion of the applications the
government currently runs are unclassified, and a perfect fit for the
standard commercial offering Veracode provides."
Prior to Veracode, Baker served as Vice President Federal Government
Operations for Internet Security Systems (acquired by IBM in October 2006),
where she was responsible for leading the development and execution of the
strategy to grow the company's enterprise solution business in the Federal
Civilian, DoD and Intel markets. Baker also held executive-level positions
relating to financial and government sectors at NCR Government Systems,
AT&T and Federal Sources, Inc.
Kimberly Baker will be hosting an executive roundtable today, January 16th,
in Washington, D.C., along with CEO Matt Moynahan and security expert and
Veracode CTO, Chris Wysopal, to discuss five trends shaping software
security. CIOs and CISOs from the public and private sector will be in
attendance. Specifically, security executives from eBay, The Depository
Trust & Clearing Corporation and SAFECode will discuss the impact of
current security trends on their organizations and the industry. For
information on trends coming out of this exclusive event contact us at:
contact@veracode.com.
About Veracode
Veracode is the leading provider of on-demand application security
testing solutions. Created by a world-class team of application security experts, the company delivers services
to identify software flaws introduced through coding errors or malicious
intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is
uniquely able to inspect entire application inventories, including
components, and does not require companies to expose their valuable source
code. Enterprises can now protect their intellectual property while
preventing attacks allowed by vulnerabilities in applications.
As the most accurate and comprehensive solution, Veracode makes it simple
and cost-effective to implement application security best
practices and reduce operational costs related to manual reviews. Whether a
company is developing applications internally, purchasing software or
integrating code from partners, Veracode's SecurityReview provides insight
to the security level of your applications. Outsourcing code analysis to
Veracode is the easiest way to secure your software. With a pragmatic
approach to application security, Veracode helps you fix what matters most
to your business.
Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas
Venture and Polaris Venture Partners. www.veracode.com.