Veracode CEO Bob Brennan on the Future of Software Security

transition as a company. We’re mindful of the fact that this is about how fast you grow, and there’s an opportunity to dominate application security as a service that’s a large, expanding market. I don’t have to tell you that the difference between first and second place is huge.

X: So ultimately, what’s the big picture here? How will Veracode change the world?

BB: We believe that by pushing very hard, we can produce a tipping point. So—if we have the major financial services companies, the major logistics providers, the major healthcare companies, going out with near-simultaneity to their vendors saying, “You’ve got to do this”—that those software vendors will see the usefulness in doing it. And then they quickly see the benefits of having done it because they have more saleable software, and we become a standard like United Laboratories, like Carfax.

That’s really big stuff. That’s making everybody better, more responsible. There’s a way to provide a secure application infrastructure where you’re expecting more from your vendors—it’s truly a “no regrets” move. We’re very excited about our ability to do this for internal applications, Web applications, and now for mobile applications.

X: What’s the biggest trend to watch?

BB: It’s going to be an increasingly mobile world. This issue of control will become one of anybody using any device, at any time, from anywhere. And where nobody would provision an application without understanding its security profile. The application counts inside these large corporations don’t shrink, they expand. I think it becomes as accepted a practice as QA [quality assurance] is today.

X: What books on leadership and psychology are you reading these days?

BB [pulls out his tablet]: The book I’ve appreciated a lot over the last few months is The Advantage by Patrick Lencioni, on organizational health. I’ve been doing a lot on Presentation Zen. Also You Are Not So Smart [by David McRaney] about biases. And Confessions of an Economic Hit Man [by John Perkins].

Also The Checklist Manifesto [by Atul Gawande]. Jack Dorsey hands this out to everybody at Square and Twitter. It makes the case for where you need different checklists in your business as it becomes more complicated. As you develop a Veracode way, just because I can do some “Presentation Zen” and take a complex idea and present it more simply, doesn’t make the business more simple.

Pages: Page 1, Page 2, Page 3, Page 4

Author: Gregory T. Huang

Greg is a veteran journalist who has covered a wide range of science, technology, and business. As former editor in chief, he overaw daily news, features, and events across Xconomy's national network. Before joining Xconomy, he was a features editor at New Scientist magazine, where he edited and wrote articles on physics, technology, and neuroscience. Previously he was senior writer at Technology Review, where he reported on emerging technologies, R&D, and advances in computing, robotics, and applied physics. His writing has also appeared in Wired, Nature, and The Atlantic Monthly’s website. He was named a New York Times professional fellow in 2003. Greg is the co-author of Guanxi (Simon & Schuster, 2006), about Microsoft in China and the global competition for talent and technology. Before becoming a journalist, he did research at MIT’s Artificial Intelligence Lab. He has published 20 papers in scientific journals and conferences and spoken on innovation at Adobe, Amazon, eBay, Google, HP, Microsoft, Yahoo, and other organizations. He has a Master’s and Ph.D. in electrical engineering and computer science from MIT, and a B.S. in electrical engineering from the University of Illinois, Urbana-Champaign.