Veracode Appoints Kimberly Baker as Vice President of Government Markets

25-Year IT Executive to Lead Veracode's Entry Into the Government Sector

BURLINGTON, MA--(Marketwire - January 16, 2008) - Veracode Inc., provider of the industry's first on-demand application security testing solutions, announced today the appointment of Kimberly Baker as the company's vice president of Government Markets. Baker brings to Veracode over 25 years of sales, services, and consulting experience in the federal, state and commercial sectors. She is responsible for developing the go-to-market, sales and technical resource strategy for code security in the government market.

Veracode also announced it will expand its software security testing service offerings to address the specific needs of Federal Agencies, the Department of Defense (DoD) and the Intelligence community. These investments underscore Veracode's recognition of the large and strategic opportunity for growth in the government sector.

"As software applications grow in complexity and are increasingly produced by geographically distributed workgroups or by offshore developers, the likelihood of flaws and exploitable vulnerabilities increases," said Matt Moynahan, CEO of Veracode. "Government agencies are rightfully concerned about the risks these complex commercial and custom developed applications can pose to military and civilian infrastructure. The situation is further exacerbated by the lack of standards and metrics available to quantify the potential risk posed by the use of these applications. Veracode SecurityReview, with its patented binary analysis that inspects 100 percent of an application, and on-demand delivery model, is poised to aid the government in meeting the application security challenge."

A recent government issued memorandum provided instructions to heads of executive departments and agencies for meeting FY 2007 reporting requirements under the Federal Information Security Management Act of 2002 (FISMA). Within the document, agencies were encouraged to seek out and utilize private sector software, including on-demand, software as a service, software subscription solutions.

Application security has become a greater focus for the government. FISMA and DITSCAP/DIACAP are government regulations that require agencies to assess the levels of risk in their software and systems and develop a plan of action and milestones to show continuous improvement in the security of the systems and software. To date the major focus has been at the network and systems level with Certification and Accreditation (C&A). The underlying risk in commercial-off-the-shelf (COTS) and custom code has not been addressed to any significant degree due to the same cost and complexity challenges commercial markets are facing.

In addition, in September 2007 the government's Defense Science Board issued a "Mission Impact of Foreign Influence on DoD Software" report, discussing specific risks throughout the global software supply chain and offering ways to mitigate the problem. Software developed in this supply chain is touched by many hands, increasing the complexity of a review because source code is not readily available. Foreign developed and COTS software may have malicious code or backdoor traps hidden within, and organizations like the DoD need a way to verify that applications they purchase contain secure code. Veracode's unique service model, using binary code analysis to detect malicious code, is well designed for this task.

"Veracode's entry into the government space comes at a time when application security solutions are crucial to protecting the federal infrastructure," Baker said. "Today's applications are the new perimeter. Given the amount of COTS software developed in foreign countries and the lack of software standards, a method to evaluate and mitigate software risk is critical. Veracode's unique on-demand service model is a simple and cost-effective way for government agencies to evaluate software risk and ensure their code is secure and free of backdoors and malware."

Baker continued, "Software used by the government is at risk for many of the same types of malicious hacking and coding threats faced by the commercial sector. A significant portion of the applications the government currently runs are unclassified, and a perfect fit for the standard commercial offering Veracode provides."

Prior to Veracode, Baker served as Vice President Federal Government Operations for Internet Security Systems (acquired by IBM in October 2006), where she was responsible for leading the development and execution of the strategy to grow the company's enterprise solution business in the Federal Civilian, DoD and Intel markets. Baker also held executive-level positions relating to financial and government sectors at NCR Government Systems, AT&T and Federal Sources, Inc.

Kimberly Baker will be hosting an executive roundtable today, January 16th, in Washington, D.C., along with CEO Matt Moynahan and security expert and Veracode CTO, Chris Wysopal, to discuss five trends shaping software security. CIOs and CISOs from the public and private sector will be in attendance. Specifically, security executives from eBay, The Depository Trust & Clearing Corporation and SAFECode will discuss the impact of current security trends on their organizations and the industry. For information on trends coming out of this exclusive event contact us at:

About Veracode

Veracode is the leading provider of on-demand application security testing solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners.

Contact Information: Contact: Rachel Labas Lois Paul & Partners 781-782-5783