CA Technologies has acquired DevOps security vendor Veracode to help encourage and enable customers to build more secure applications by focusing on security as the applications are being coded instead of as an afterthought.
The $614 million acquisition of Veracode, which was announced by CA on March 6, is aimed at helping customers make their applications more secure through faster, automated, scalable application development and security testing, while at the same time producing fewer defects, according to the companies. Veracode offers web application security, secure development, compliance and related platforms for its customers.
By buying Veracode, CA is bridging its DevOps applications with its deep security portfolio to help kits customers create the most secure applications they can build, Mordecai Rosen, the general manager of CA Technologies' security business, told WindowsITPro in an interview.
The purchase is fueled by the idea that the Veracode products will move application security from the application lifecycle segment and make it an integral part of DevOps, said Rosen. "We're huge, religious believers in the DevOps security area," he said. "We have to provide a platform and set of tools to developers and DevOps people so they can think of security and build it [into applications] all at the same time. This is where we have to go if we are to have a prayer" fighting hackers and attackers, by essentially moving security much closer to developers.
"This really fills an open spot for us, said Rosen, because CA did not until now have these kinds of specific development tools in its product line, which does include a wide range of identity, access management and other security-related products. "This doesn't overlap with anything we have today."
When security testing is shifted earlier into the application development process, fewer errors are found in released code, according to CA. Statistics have been reported that show it can be 30 times more expensive to fix a vulnerability during application post-production than during the design, requirement identification and architecture stage, according to data from the National Institute of Standards and Technology.
The ability to use these kinds of tools at the time code is written offers an enormous opportunity for developers and businesses, said Rosen.
The Veracode acquisition is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including regulatory approvals.
"“Software is at the heart of every company's digital transformation," Ayman Sayed, president and chief product officer of CA Technologies, said in a statement. "Therefore, it's increasingly important for them to integrate security at the start of their development processes, so they can respond to market opportunities in a secure manner."