BURLINGTON, Mass. – January 26, 2022– Veracode, the largest global provider of application security testing solutions, has secured its leadership position in the market for another year, closing 2021 with 13 percent revenue growth year over year. Once again, the company outperformed the "rule of 40"—a key success metric for SaaS businesses that analyzes growth rate plus profit margin—demonstrating the solid performance of a best-in-class software company.
"This past year we've seen the continued acceleration of digital transformation, with software development teams under more pressure than ever to deploy quickly. The need for security in the software supply chain has never been greater," said Sam King, CEO of Veracode. "Our analysis shows that customers have shifted security left and are integrating continuous software security testing into their development lifecycle. They are also paying increased attention to securing the extended software supply chain of open source and third-party software."
Veracode focuses on bringing development and security teams together by streamlining AppSec workflows to make DevSecOps a seamless experience while simultaneously providing a 360-degree view of security posture through powerful reporting and analytics. In 2021, the company bolstered its executive leadership to accelerate innovation and growth worldwide with the appointments of Brian Roche as Chief Product Officer and Pete Harteveld as Chief Revenue Officer. Alison Bayiates was also promoted to Chief Human Resources Officer. Each executive brings more than 20 years of experience and deep expertise in their field.
Innovation in Action
Through a cost-effective, scalable, cloud-native SaaS architecture, Veracode's customers benefit from anonymized, aggregated scan data that enables them to find and fix flaws earlier in the software development life cycle. Notable innovations from 2021 include:
- An advanced API scanning tool that allows organizations to find and fix vulnerabilities in application programming interfaces &mdash the fastest-growing attack surface
- Expanded integrations with dozens of technology providers through the Veracode Technology Alliance Program
- Complimentary trial option of Veracode Security Labs Enterprise Edition, the company's hands-on developer training solution
- European Region, a cloud-based instance in Germany, for organizations that require their data to reside geographically in Europe
- The Hacker Games, a competition launched to help tackle the global cybersecurity skills gap by challenging university student coders to find and fix dangerous security flaws
- Public listing on the AWS Marketplace, enabling the company to sell its solutions through AWS Marketplace private offers
Cybersecurity Takes Center Stage
The past year has seen prominent data breaches and zero-day exploits put software security firmly in the spotlight. Headline-grabbing global attacks, such as those on the Colonial Pipeline and Microsoft Exchange, drove the White House to release an executive order on cybersecurity. More recently in early December 2021, arguably the most serious zero-day vulnerability ever, Log4j, left millions of people and organizations worldwide wondering how to reduce their risk exposure. "The increase in impact and volume of cyberattacks has highlighted the importance of a standardized and structured security program that minimizes systemic risk in software," King said.
Seventy percent of application code comes from open source components,* yet according to Veracode's State of Software Security report, 79 percent of the time third-party libraries are never updated after being included in software. Forrester, a leading global research and advisory firm, predicts software composition analysis (SCA) will experience the greatest growth in security scanning tools, at 25 percent CAGR from 2020 to 2025.*
Derek Costa, Vice President of IT Infrastructure at pharmacy integrator and care provider, Shields Health Solutions, said, "Making our software secure couldn't be simpler with Veracode. Not only does Veracode software composition analysis reduce false positives by prioritizing vulnerabilities, it also looks for vulnerabilities in dependencies several layers deep. The product has saved us many hours of work by enabling us to detect open source vulnerabilities with extreme ease and accuracy, making DevSecOps a seamless experience."
Blazing a Trail in Software Security
In 2021, Veracode customers scanned nearly 25 trillion lines of code—a 109 percent increase year on year—and fixed more than 16 million security flaws. With nearly two-thirds of its revenue coming from large enterprise companies and nearly 750 new customer accounts added in the past year, the business has outpaced forecasts for spending growth on application security in 2021.
Business highlights from the year include:
- Named a Leader in the 2021 Gartner Inc. Magic Quadrant for Application Security Testing for the eighth consecutive year, and recognized again by Gartner Peer Insights as a 2021 Customers' Choice for Application Security Testing
- Positioned as a "Strong Performer" in The Forrester Wave™ Software Composition Analysis report, with the Forrester report stating, "Veracode is a strong choice for customers that are most interested in remediating vulnerabilities in open source components." The report also noted, "Veracode has concentrated its SCA solution on finding and remediating open source vulnerabilities, with dependency graphs and guidance on a fix's likelihood to break the code — one customer's reference called the dependency graph 'amazing.'"
- Named a 2021 Top 100 Women-Led Business in Massachusetts by the Boston Globe Magazine and the Commonwealth Institute, ranking No. 1 among all software companies
- Ranked No. 5 in the Largest Cybersecurity Companies and No. 11 in the Largest Software Development Firms in Massachusetts by the Boston Business Journal
- Crowned winner of the 2021 Peer Award for Application Security Testing (AST) by IT Central Station
- Awarded several leadership accolades for CEO Sam King, including EY Entrepreneur of the Year, Boston Business Journal's Women Who Mean Business and Mass Technology Leadership Council Tech Top 50
- Collaborated with the National Institute of Standards and Technology to help shape detailed software security guidelines as part of the U.S. executive order on cybersecurity, and invited to discuss systemic risk in the software supply chain at the Aspen Institute's sixth Aspen Cyber Summit
King closed, "In 2021, as always, we listened closely to our customers and prioritized their needs by investing in automation and developer enablement initiatives. I'm proud that we continue to strengthen our leadership position in the AppSec market with a comprehensive, easy-to-use software security platform and look forward to driving further innovation in the year ahead."