Application security firm Veracode is changing ownership once again.
On Nov. 5, private equity firm Thoma Bravo announced that it is acquiring Veracode in an all-cash deal for $950 million. Thoma Brava is purchasing Veracode from Broadcom, which on Nov. 5 closed its $18.9 billion acquisition of CA, which was announced on July 11. The $950 million price tag is a 55 percent gain over the $614 million that CA Technologies paid to acquire Veracode in March 2017.
"The market for AppSec is growing rapidly, and the urgency for what we have to offer has never been higher," Sam King, senior vice president and general manager of Veracode, told eWEEK. "At an advantageous time like this, it is of great benefit to Veracode to once again become an independent AppSec pure-play company. This combined with the expertise and experience that Thoma Bravo has in cyber-security gives us the ability to accelerate our growth and product innovation, while continuing to nurture the unique culture we always valued."
Founded in 2006, Veracode had operated as an independent entity until being acquired by CA. As part of CA, the goal was to provide an integrated DevSecOps pipeline for developers. Veracode's product portfolio comprises application security technologies including Software Composition Analysis (SCA), Dynamic Analysis (DAST) and Static Analysis (SAST) capabilities. King will become the CEO of Veracode following the close of the transaction, which is expected to be completed in the fourth quarter of 2018.
King said that while at CA, the Veracode business unit focused on applications security exclusively and had a dedicated team carrying out product development as well as go-to-market functions. She added that the same team will continue to function as a business unit of Broadcom until the deal closes between Broadcom and Thoma Bravo.
"Post deal close, we will continue to focus on innovation, provide best-in-class application security solutions and stay focused on delivering for our customers," King said. "A small group will focus on implementing systems that we will need to operate as an independent company. Otherwise, it is business as usual at Veracode."
With the Veracode acquisition, Thoma Bravo is expanding its portfolio of cyber-security vendors, which has grown significantly in recent months.
This has been a busy year for Thoma Bravo. On Feb. 12, it completed its acquisition of network security vendor Barracuda Networks for $1.6 billion. On July 2, it took a majority stake in next-generation security information and event management (SIEM) vendor LogRhythm. On Aug. 15, Thoma Bravo became the majority investor in identity and access management (IAM) vendor Centrify. Even more recently, on Oct. 10, Thoma Bravo announced plans to acquire Web Application Firewall provider Imperva in a deal valued at $2.1 billion.
Thoma Bravo also holds a majority interest in global SSL Certificate Authority vendor Digicert, privileged access management (PAM) vendor Sailpoint and cyber-security vendor McAfee.
"As long-term investors in cyber-security software, we are impressed with the speed and quality of innovation at Veracode," Seth Boro, a managing partner at Thoma Bravo, wrote in a statement. "Sam King and her team are seasoned, proven operators addressing a critical security problem in application development and delivering best in class products to a rapidly growing customer base for over 10 years."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.