VeraCode Expands With Channel Program Launch

VeraCode is looking to expand its presence and geographic reach with the launch of a new channel program.

VeraCode, which specializes in application security and independent verification services, addresses a more complex threat landscape that is increasingly targeting software applications with static code analysis and scans powered by cloud-based global security intelligence, according to executives.

While still in its infancy with about 10 partners, the channel program will cater to an array of solution providers, both traditional security resellers and specialized security consultants offering risk management assessments and other verification services.

Executives say that introducing a partner program will give the Burlington, Mass.-based application security company the needed reach and expertise to give it a competitive edge in the marketplace and ultimately be more effective.

"Application security is so much different. You need a human in the loop. You need partners going the last mile," said VeraCode CEO Matt Moynahan. "You marry application security with cloud computing, layer the human partner on top of that and you have a complete solution."

Next: VeraCode Ramps Up Partner Recruitment

Moynahan said that initially the company would be selective in partner recruitment to ensure that partners remain profitable.

But looking forward, VeraCode hopes to add on specialists around compliance regulations, such as PCI, for companies that "haven't taken on that code review project," Moynahan said, adding that the services opportunity would enable partners to develop a niche and become experts with the technology. Meanwhile, partners with compliance specializations are experiencing a demand in the SMB and lower markets, which seldom have the resources or staff to adhere to increasingly stringent requirements, he said.

"Everyone is auditing everybody," Moynahan said. "Audits are coming fast and furiously. There is an opportunity there. The SMB can't afford to use a secure testing tool -- that's where the cloud model is really powerful."

And while the solution works well for the SMB, partners would serve a wide range of market segments and vertical markets -- including large enterprise -- all of which suffer from the same security threats that attack Web applications.

"The hodgepodge of Fortune 500 companies all the way down to the SMB all suffer from the same problem," Moynahan said. "Whether it's an iPhone app developer, HP or an SMB company -- it's all insecure code."

Next: Partners Weigh In On Channel Opportunity

Partners could assist customers licensing on the technology on premise or provide services remotely in the cloud, Moynahan said, adding that the technology also works well for service providers or partners looking to adopt a recurring revenue stream model.

Newly added VeraCode partners contend that the application security products are detailed and unintrusive, while providing an ease of use that the SMB finds attractive. Meanwhile, the cloud technology enabled smaller organizations to add on services as they needed.

"From my perspective, there's a lot more flexibility for the types of customers that are very, very (technologically) immature," said Mike Davis, CEO of Savid Technologies, a Tinley Park, Ill.-based solution provider. "With VeraCode, they can put their toe in the water, take this critical project, send a binary into the cloud, report back if it's secure or not, and slowly wade into that pool."

Looking ahead, Davis said that despite the wide trend of consolidation in the security industry, there was likely still a niche for best of breed players like VeraCode, in part because "it is a solution that works across different verticals."

"The recession changed the way people were thinking. If you have a solution, it's got to work today," Davis said. "We provide services on top of everything. If best of breed doesn’t work, then we're going to have a problem too."