In-Q-Tel Backs Veracode’s Binary Code Review Technology

Veracode, a Burlington, MA, startup that looks for security flaws in software by analyzing its raw binary code, announced this week that In-Q-Tel, a venture investing group spawned by the CIA, has made a strategic investment in the company.

The amount of the investment was not disclosed. But as we explained in a story last December about In-Q-Tel’s decision to open a Boston office, the organization usually puts $1 million to $3 million into its portfolio companies, and usually earmarks the investment for research and development in areas of interest to U.S. civilian and defense intelligence agencies. Veracode said in a joint announcement with In-Q-Tel that under its new partnership with the organization, it will “accelerate specific research areas for governmental, commercial and open source applications.”

The obvious appeal of a technology like Veracode’s to the intelligence community is that the company’s Web-based software screening service, called SecurityReview, is able to search for common vulnerabilities in a software application, such as buffer overflows, SQL injection, and hidden backdoors, simply by examining its compiled binary code. Binary code is a non-human-readable series of 1s and 0s and therefore masks any trade secrets—or, for that matter, national security secrets—that might be contained in the source code.

Indeed, Donald Tighe, In-Q-Tel’s vice president of external affairs, told Government Computer News that the intelligence community was attracted to Veracode in part because of its ability to work without source code.

Ben Levitan, the In-Q-Tel partner who runs the Boston-area office (which is actually in Waltham), said in the joint announcement that In-Q-Tel is also “excited by the company’s product roadmap, as it offers great promise for both the private and public sectors.” Kimberly Baker, Veracode’s vice president of government and international markets, told Government Computer News that that roadmap includes a stand-alone, product version of the SecurityReview service that organizations could purchase and run on their own networks.

Aside from the new In-Q-Tel investement, Veracode has raised about $20 million in venture funding, with backers including Atlas Venture, Polaris Venture Partners, and .406 Ventures. It joins an exclusive group of Boston-area In-Q-Tel beneficiaries that includes QD Vision, Stratify (purchased last year by Iron Mountain), Basis Technology, BBN Technologies, Ember, Endeca, Metacarta, Polychromix, Sionex, Spotfire (purchased last year by TIBCO), and Traction Software.

Author: Wade Roush

Between 2007 and 2014, I was a staff editor for Xconomy in Boston and San Francisco. Since 2008 I've been writing a weekly opinion/review column called VOX: The Voice of Xperience. (From 2008 to 2013 the column was known as World Wide Wade.) I've been writing about science and technology professionally since 1994. Before joining Xconomy in 2007, I was a staff member at MIT’s Technology Review from 2001 to 2006, serving as senior editor, San Francisco bureau chief, and executive editor of TechnologyReview.com. Before that, I was the Boston bureau reporter for Science, managing editor of supercomputing publications at NASA Ames Research Center, and Web editor at e-book pioneer NuvoMedia. I have a B.A. in the history of science from Harvard College and a PhD in the history and social study of science and technology from MIT. I've published articles in Science, Technology Review, IEEE Spectrum, Encyclopaedia Brittanica, Technology and Culture, Alaska Airlines Magazine, and World Business, and I've been a guest of NPR, CNN, CNBC, NECN, WGBH and the PBS NewsHour. I'm a frequent conference participant and enjoy opportunities to moderate panel discussions and on-stage chats. My personal site: waderoush.com My social media coordinates: Twitter: @wroush Facebook: facebook.com/wade.roush LinkedIn: linkedin.com/in/waderoush Google+ : google.com/+WadeRoush YouTube: youtube.com/wroush1967 Flickr: flickr.com/photos/wroush/ Pinterest: pinterest.com/waderoush/