Veracode Completes Strong First Year of Business With Exceptional Customer and Partner Momentum

Expansion and Industry Accolades Mark End of First Year of Operations


BURLINGTON, MA--(Marketwire - February 12, 2008) - Veracode Inc., provider of the industry's first on-demand application security testing solutions, closed out 2007 with strong customer and partner momentum and firmly established its position as an industry visionary. After having secured $19.5 million in initial funding, Veracode unveiled SecurityReview® at the RSA Security Conference in February 2007. SecurityReview is the industry's first automated, on-demand application security testing solution. Furthermore, the company announced additional industry-firsts, including a standards-based ratings service for determining security levels in purchased software and outsourced application development, as well as comprehensive support for detecting backdoors and malicious code using Veracode's patented static binary analysis technology launched in December 2007.

Veracode completed 2007 with record bookings and customer signings in the fourth quarter, including top-tier independent software vendors (ISVs), Fortune 500 financial service companies, and mid-market organizations. Veracode's Code Assurance Services Platform currently processes the binary equivalent of approximately 7 million lines of code weekly.

"Although we formally launched less than a year ago, I am thrilled with the customer and partner success we've experienced to date, which is a tribute to our team and the power of the on-demand business model and our innovative approach to conducting security testing on binary code," said Matt Moynahan, CEO at Veracode. "We founded Veracode on the belief that if we could transform what once was cost-prohibitive and difficult to use to be broadly accessible, user-friendly and cost-effective, organizations of all sizes would take appropriate steps to secure internally developed code and implement best practices for assessing third party risk. We are proud of the recognition Veracode has achieved to date, and we look forward to expanding our market leadership as the trusted independent, on-demand application security testing source in 2008."

"Our customers are realizing unprecedented levels of productivity gains with Veracode SecurityReview," said Chris Wysopal, Veracode's co-founder and chief technology officer. "As one example, a large financial services provider leverages Veracode to automate its application security testing of third-party Commercial-Off-The-Shelf (COTS) applications. Previously they spent more than $600,000 a year to manually test two applications. With Veracode they automate the testing of those applications for less than $50,000 per year. In addition, our customers are realizing significant developer productivity gains based on false positive rates of below 10 percent with Veracode compared to industry averages of 40 to 60 percent."

Noteworthy Achievements

-- Customers: Veracode signed a significant number of customers, demonstrating particular momentum within the financial services, Independent Software Vendors and Internet retailing industries.

-- Partnerships: Veracode continued its expansion by signing partnerships with TELUS, a two billion dollar telecommunications company based in Toronto, and Wipro Technologies, a leading global service provider based in Bangalore.

-- Appointments: The company also rounded out its executive management team with the following additions: Bernd Leger as vice president of marketing, Susan Ledoux as chief financial officer, Kimberly Baker as vice president of government markets and Seksom Suriyapa as senior vice president of business development.

-- Certification: Veracode's Code Assurance Services Platform achieved SysTrust Certification in 2007. The SysTrust examination is a rigorous process developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants to provide independent assurance that an organization's systems are reliable. Ernst & Young evaluated Veracode's Code Assurance Platform to ensure appropriate internal controls were in place and compliant with the SysTrust Security and Confidentiality Principles. The certification provides additional assurance to customers that code given to Veracode for testing is treated with high regard for security and confidentiality.

-- Thought Leadership: Veracode spoke at 13 industry events in 2007, which included CEO Matt Moynahan's discussion of an independent software assessment at the Department of Homeland Security Forum, and CTO Chris Wysopal's speaking engagements at STPCon, FS-ISAC, OWASP, BlackHat, IT Security World, and additional keynotes on software security testing. Wysopal, well-known as a security industry expert, became an author when his book, "The Art of Software Security Testing: Identifying Security Flaws," was published.

-- Awards: Veracode was recognized with several industry accolades, including being named as one of 10 Hot Security Startups by Dark Reading, a 'Rookie Security Company' finalist in SC Magazine's 2008 Security Awards to be selected in April, a finalist in SC Magazine's Europe 2008 'Technology Innovation Award' and 'Best Vulnerability Assessment Product Category' to be selected in April, one of 10 Security Companies to Watch by Network World, a finalist in the American Business Awards, and the selection of Moynahan as one of Boston Business Journal's "40 Under 40." The award recognizes 40 promising Greater Boston area business and civic leaders under the age of 40 who have made significant contributions in their respective fields.

About Veracode

Veracode is the leading provider of on-demand application security testing solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com.

Contact Information: Contact: Rachel Labas Lois Paul & Partners 781-782-5783 rachel_labas@lpp.com