Veracode is a global leader in application security and risk management, providing cloud-based solutions designed to secure software throughout its development lifecycle. Founded in 2006 and headquartered in Burlington, Massachusetts, Veracode’s mission is to secure the software that powers the world, enabling businesses and individuals to operate safely in a digital environment. The company offers a comprehensive platform that integrates seamlessly with DevOps workflows, empowering organizations to identify, prioritize, and remediate vulnerabilities in proprietary, open-source, and third-party code. Veracode’s solutions are trusted by thousands of organizations worldwide, including many large enterprises, to reduce software risk, accelerate innovation, and ensure compliance with industry standards.
Leadership
Brian Roche – Chief Executive Officer Brian Roche is an expert in application security engineering, cloud-native technologies, and AI. He has held leadership roles at EMC, Cognizant, and Medidata, and has served as a strategic advisor on the Cloud Foundry Board.
Chris Wysopal – Co-Founder and Chief Security Evangelist Chris Wysopal is a renowned security leader and one of the original vulnerability researchers at L0pht. Prior to Veracode, he was VP of R&D at @stake (acquired by Symantec). He is a frequent speaker and has testified before the US Congress on software security.
Christien Rioux – Co-Founder Christien Rioux, also a former member of L0pht, co-founded Veracode and played a key role in developing its core software.
Other key executives include Karen Buffo (Chief Marketing Officer), Sanjay Mandloi (SVP, Engineering and Cloud Operations), and Dawn Rogers (Chief Legal Officer), each bringing extensive experience in their respective fields.
Core Technologies
Veracode’s platform offers a suite of automated, cloud-native security products that cover the entire software development lifecycle:
Static Application Security Testing (SAST): Scans source and binary code for vulnerabilities early in development.
Dynamic Application Security Testing (DAST): Simulates attacks on running applications to uncover runtime vulnerabilities.
Software Composition Analysis (SCA): Identifies and manages risks in open-source and third-party software dependencies.
External Attack Surface Management (EASM): Continuously discovers and monitors internet-exposed assets to identify and mitigate risks.
AI-Assisted Remediation: Uses proprietary AI to deliver actionable remediation guidance and automate fixes.
Integration Ecosystem: Over 40 integrations with CI/CD pipelines, IDEs, and issue trackers for seamless DevSecOps adoption.
Security Education: Offers eLearning and developer training to foster secure coding practices.
Key Capabilities
Automated vulnerability scanning and real-time feedback
Risk-based prioritization and centralized vulnerability management
Compliance reporting for standards such as PCI DSS, HIPAA, and GDPR
Developer enablement through training and actionable remediation
Scalable SaaS architecture for organizations of all sizes
Continuous monitoring and risk management across complex application portfolios
Investors
Veracode is a private company. In March 2022, it was acquired by TA Associates for $2.5 billion, with Thoma Bravo retaining a minority stake. Prior to this, Veracode raised approximately $114 million over several funding rounds. The company has also previously been owned by CA Technologies and Broadcom. As of 2025, TA Associates is the majority owner, with Thoma Bravo as a minority investor.
Notable Clients
Veracode serves over 2,600 customers worldwide, including a significant number of large enterprises and regulated organizations. Notable clients and case studies include:
HDI Global SE: Leveraged Veracode’s AI capabilities for security innovation.
Inter: Chose Veracode for comprehensive DevSecOps integration and rapid, accurate scanning.
Manhattan Associates, EcoVadis, Sabre: Featured in customer success stories for improving application security posture and operational efficiency.
