Veracode sells to CA Technologies for $614 million

CA Technologies Inc. announced Monday it had purchased the security firm Veracode for $614 million in cash. The move comes two years after Veracode reportedly came close to an IPO and was valued around $800 million.

Veracode launched a decade ago to offer developers automated security analysis of applications. CA Technologies, based in New York City, is a $4.5 billion behemoth focused mostly on business-to-business deals, keeping it largely out of the public eye.

Veracode made headlines recently when Cloudflare, fresh off a high-profile data leak, announced the Burlington, Mass.-based company would independently audit its code.

Veracode co-founder Chris Wysopal was part the hacker think tank L0pht, which in 1998 told the U.S. Senate about the cybersecurity disasters looming as the internet approached ubiquity.

The punkish group of hackers were the first — aside from members of federal witness protection programs — to go before Congress using psuedonyms (Wysopal was “Weld Pond”). The group did that for fear that their employers would fire them if they knew the kind of hacking hobbies they were involved with off-hours.

The L0pht Group in front of Congress. Vercode’s Chris Wysopal (Weld Pond) is third from right.

Many of L0pht’s alumni are big names in the security industry today. Wysopal’s Veracode lives in that tradition, too, hunting exploits for the biggest technology companies on the planet. Now, instead of publishing the vulnerabilities with cheeky nicknames (software to hack BackOffice Server 2000 was called “Back Orifice 2000”), they’re cashing in on the multibillion-dollar security industry.

The sale is expected to close in the first quarter of fiscal 2018, pending regulatory approval.