Veracode company logo

The profile is currenly unclaimed by the seller. All information is provided by CB Insights.

veracode.com

Founded Year

2006

Stage

Acq - Fin - II | Alive

Total Raised

$114.3M

Valuation

$0000 

Revenue

$0000 

About Veracode

Veracode is an AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Veracode Headquarter Location

65 Network Drive 3rd & 4th Floors

Burlington, Massachusetts, 01803,

United States

877-837-2203

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Veracode

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Veracode is included in 3 Expert Collections, including Regtech.

R

Regtech

1,341 items

Technology that addresses regulatory challenges and facilitates the delivery of compliance requirements in FIs. Regulatory technology helps FIs and regulators address challenges ranging from traditional compliance and risk management to data reporting and transmission.

C

Cybersecurity

4,925 items

A

Advanced Manufacturing

3,331 items

Companies focused on the technologies to increase manufacturing productivity, ranging from automation & robotics to AR/VR to factory analytics & AI, plus many more.

Veracode Patents

Veracode has filed 37 patents.

The 3 most popular patent topics include:

  • Computer security
  • Software testing
  • Computer network security
patents chart

Application Date

Grant Date

Title

Related Topics

Status

7/31/2018

10/13/2020

Database management systems, Data management, Transaction processing, Software testing, Online analytical processing

Grant

Application Date

7/31/2018

Grant Date

10/13/2020

Title

Related Topics

Database management systems, Data management, Transaction processing, Software testing, Online analytical processing

Status

Grant

Latest Veracode News

Software Supply Chain Attacks Surged In 2021

May 25, 2022

Software Supply Chain Attacks Surged In 2021 Community Chats Webinars Library Software Supply Chain Attacks Surged In 2021 brooke.crothers Application security teams are facing massive challenges The SolarWinds attack is considered to be one of the largest and most sophisticated supply chain attacks to date and exemplifies the devastating potential of supply chain attacks. SolarWinds was followed by a similar build-time code-manipulation attack, in which attackers penetrated Codecov product’s software supply chain , manipulating the build process to inject malicious code into its software and using the software update mechanism to distribute the malware to Codecov customers. In July 2021, the attack on Kaseya raised awareness of the downstream effects of supply chain attacks. In this attack, a managed service provider software was used to distribute the REvil ransomware to the managed service provider’s customers, causing significant downtime and revenue loss. The year’s final incident would come in December, when the Log4J vulnerability was discovered and forced software vendors into a patching panic. Shortly after the discovery, attackers started to exploit this popular package and take advantage of this vulnerability to launch their attacks. “The number of attacks over the past year and the widespread impact of a single attack highlights the massive challenge that application security teams are facing,” said Eran Orzel, Senior Director of Argon Customer Success and Sales. Examining the success rate and consequent damage of the many attacks in 2021, one of the most evident details is that current security tools and practices are not adequate for preventing supply chain attacks. Traditional application security testing cannot detect supply chain attacks. Additionally, established CI/CD (continuous integration, continuous delivery) and DevOps pipelines rely on implicit permissions to enable rapid commits and deployment, implementing security controls only at the end of this process, which is too late to preclude malicious activity. Three main risk areas The analysis made by Argon Security researchers highlighted three main risks that companies developing software need to focus upon. Use of vulnerable software packages Open source code is part of almost all commercial software. Many of the open source components used today have existing vulnerabilities. Upgrading to a more secure version requires effort from development and DevOps teams. As a result, most companies are lagging in vulnerability remediation, even when it comes to high severity vulnerabilities. There are two common attacks that leverage vulnerable software packages: Exploiting existing vulnerabilities to obtain access to the application and execute the attack Planting malicious code in popular open source packages and private packages to trick developers or automated pipeline tools into incorporating them as part of the application build process. Compromised pipeline tools Taking advantage of privileged access, misconfigurations, and vulnerabilities in the CI/CD pipeline infrastructure can give attackers access to critical IT infrastructure, development processes, source code, and other application artifacts. A compromised CI/CD pipeline can expose an application’s source code, which is the blueprint of the application, the development infrastructure, and processes. It enables attackers to change code or inject malicious code during the build process and tamper with the application. This type of breach is hard to identify and can cause a lot of damage before it is detected and resolved. Code and artifact integrity The upload of bad code to source code repositories directly impacts artifact quality and security posture. Common issues that were found in most customer environments were sensitive data in code, code quality and security issues, infrastructure as code issues, container image vulnerabilities and misconfigurations. Many issues that were discovered required time-intensive cleanup projects to reduce exposure. How code signing can protect your organization Code signing is a critical security control that provides software with a machine identity, which verifies its legitimacy. These machine identities are in the form of digital certificates and private keys, both of which must be secured. To truly secure code signing private keys, you have to secure the process by which they get used without inconveniencing the developers that need to use them. You need to support developers’ existing tool chains and work within their current processes, such as DevOps. The following code signing best practices can help you improve the security of your software development projects: Centrally secure all your private keys Create strong code signing policies and automatically enforce them through workflow automation Identify roles, responsibilities and the approval process Secure an automated code signing process across the overall CI/CD pipelines Integrate with current tools and environments to make code signing fast and easy for your DevOps teams Maintain an irrefutable record of all code signing activities Venafi and Veracode Venafi and Veracode with contributions from Sophos and Cloudbees have developed the “Blueprint for building modern, secure software development pipelines.” It aims at reducing risk and aligning with agile, high performance software development pipelines. The blueprint proposes a standard set of controls to secure software development pipelines for CI/CD against attack. The ultimate goal of the blueprint is to minimize the possibility of supply chain attacks. Download “ Code Signing Machine Identity Management for Dummies ” eBook and discover why cybercriminals target code signing machine identities and how effective management and secure processes keep yours safe Related Posts

Veracode Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Veracode Rank

  • When was Veracode founded?

    Veracode was founded in 2006.

  • Where is Veracode's headquarters?

    Veracode's headquarters is located at 65 Network Drive, Burlington.

  • What is Veracode's latest funding round?

    Veracode's latest funding round is Acq - Fin - II.

  • How much did Veracode raise?

    Veracode raised a total of $114.3M.

  • Who are the investors of Veracode?

    Investors of Veracode include TA Associates, Thoma Bravo, CA Technologies, Founders Circle Capital, Accomplice and 13 more.

  • Who are Veracode's competitors?

    Competitors of Veracode include Chainguard, StackHawk, SonarSource, Zimperium, Bright Security and 16 more.

You May Also Like

Lookout Logo
Lookout

Lookout is a cybersecurity company on a mission to secure and empower productivity in a privacy-focused world. The company delivers an integrated endpoint-to-cloud security platform that secures data for the world’s leading enterprises and ensures they comply with regulations while respecting the privacy of their team who work anywhere. The company was founded in 2007 and is based in San Francisco, California.

Zimperium Logo
Zimperium

Zimperium provides enterprise mobile threat defense. The Zimperium Mobile Threat Defense system delivers enterprise-class protection for Android and iOS devices against the next generation of advanced mobile threats. Developed for mobile devices, Zimperium uses patented, behavior-based analytics that continuously runs on the device to protect mobile devices against WiFi, cellular, and host-based threats wherever business takes them.

Snyk Logo
Snyk

Snyk is an open-source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner finds, prioritizes, and fixes vulnerabilities and license violations in open source dependencies and container images.

Checkmarx Logo
Checkmarx

Checkmarx is a developer of software solutions that identify, fix, and block security vulnerabilities in web and mobile applications. It provides a way for organizations to introduce security into their software development lifecycle.On March 16th, 2020, Checkmarx was acquired by Hellman & Friedman at a valuation of $1.15B.

Deep Instinct Logo
Deep Instinct

Deep Instinct applies a subset of artificial intelligence (AI), known as deep learning, to cybersecurity. The company has built a vast neural network that is trained on hundreds of millions of files. There are no human dependencies related to identifying and preventing cyber attacks. As a result, threats are detected >99% of the time, with a false positive rate <0.1%.

StackHawk Logo
StackHawk

StackHawk is a SaaS company building security software for DevOps teams, enabling engineers to find and remediate security problems in development and production through continuous vulnerability scanning, documentation, and remediation. The company was founded in 2019 and is based in Denver, Colorado.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.