CA Technologies Acquires Veracode for $614M to Enable Secure DevOps

CA Technologies will expand its security portfolio with Veracode, providing application and code security scanning capabilities that will enable a full lifecycle of security for the DevOps workflow.

CA Veracode Acquisition

CA Technologies is making a big bet on security with the acquisition of privately-held code security testing vendor Veracode for $614 million in cash. The deal is expected to close in the first quarter of Veracode's fiscal year 2018.

Veracode was founded in 2006 and is currently led by CEO Bob Brennan. When the deal closes, Brennan will become General Manager of the new Veracode business unit within CA Technologies. Veracode's technology will provide new capabilities to CA as there is no overlap with any existing CA products.

"What CA has done over the last few years is established a baseline of products in agile management, a broad DevOps portfolio as well security and application monitoring," Mordecai Rosen, CA Technologies senior vice president and general manager, Security business, told eWEEK. "The acquisition of Veracode really bridges our security and DevOps portfolio."

Rosen noted that Veracode is a market leader in application security testing. As CA customers move their applications along a DevOps workflow, Rosen expects that in addition to performance testing, CA with Veracode will be able to provide full security testing built into every nightly application build.

"This acquisition will fit in well with the rest of our portfolio and allows us to push security further left to the developer," Rosen said.

There are multiple security and code testing vendors in the market today. Rosen said that CA was attracted to Veracode, due in part to the Software-as-a-Service (SaaS) model that Veracode has as well as the company's broad portfolio and thought leadership. Veracode's capabilities including both static and dynamic code analysis as well as software composition capabilities.

"Veracode is also doing a lot of great work integrating with IDEs and bug tracking platforms," Rosen said. "As we at CA look forward, we wanted to take a big leadership position in secure DevOps."

From an integration perspective, CA will follow the same path as it has with prior acquisitions. Rosen came to CA by way of the August 2015 acquisition of privileged identity management vendor Xceedium.

"With Xceedium we continued to grow considerably after the acquisition and we'll do the same thing here with Veracode," Rosen said. "We'll turn on the resources that we have to bring in additional business and we'll make sure that as we integrate we protect the asset."

Rosen noted that CA has an integration team that will figure out the integration of existing CA products with Veracode in a thoughtful way. One area for potential integration is CA's Blazemeter performance monitoring that could benefit from Veracode's code analysis capabilities.

"All of our customers are application developers now and they are all going through the DevOps transformation," Rosen said. "Now we'll just have more tools to be able to help them."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.