In-Q-Tel Backs Veracode’s Binary Code Review Technology

7/31/08Follow @wroush

Veracode, a Burlington, MA, startup that looks for security flaws in software by analyzing its raw binary code, announced this week that In-Q-Tel, a venture investing group spawned by the CIA, has made a strategic investment in the company.

The amount of the investment was not disclosed. But as we explained in a story last December about In-Q-Tel’s decision to open a Boston office, the organization usually puts $1 million to $3 million into its portfolio companies, and usually earmarks the investment for research and development in areas of interest to U.S. civilian and defense intelligence agencies. Veracode said in a joint announcement with In-Q-Tel that under its new partnership with the organization, it will “accelerate specific research areas for governmental, commercial and open source applications.”

The obvious appeal of a technology like Veracode’s to the intelligence community is that the company’s Web-based software screening service, called SecurityReview, is able to search for common vulnerabilities in a software application, such as buffer overflows, SQL injection, and hidden backdoors, simply by examining its compiled binary code. Binary code is a non-human-readable series of 1s and 0s and therefore masks any trade secrets—or, for that matter, national security secrets—that might be contained in the source code.

Indeed, Donald Tighe, In-Q-Tel’s vice president of external affairs, told Government Computer News that the intelligence community was attracted to Veracode in part because of its ability to work without source code.

Ben Levitan, the In-Q-Tel partner who runs the Boston-area office (which is actually in Waltham), said in the joint announcement that In-Q-Tel is also “excited by the company’s product roadmap, as it offers great promise for both the private and public sectors.” Kimberly Baker, Veracode’s vice president of government and international markets, told Government Computer News that that roadmap includes a stand-alone, product version of the SecurityReview service that organizations could purchase and run on their own networks.

Aside from the new In-Q-Tel investement, Veracode has raised about $20 million in venture funding, with backers including Atlas Venture, Polaris Venture Partners, and .406 Ventures. It joins an exclusive group of Boston-area In-Q-Tel beneficiaries that includes QD Vision, Stratify (purchased last year by Iron Mountain), Basis Technology, BBN Technologies, Ember, Endeca, Metacarta, Polychromix, Sionex, Spotfire (purchased last year by TIBCO), and Traction Software.

Wade Roush is Chief Correspondent and Editor At Large at Xconomy. You can subscribe to his Google Group or e-mail him at wroush@xconomy.com. Follow @wroush

By posting a comment, you agree to our terms and conditions.