Veracode, a Burlington, Massachusetts-based application risk management company, intends to play a more active role in M&A now that prices have come down to earth, said Brian Roche, who was appointed CEO in April.

There are many companies in the market and valuations are more reasonable than before, he told Mergermarket at the RSA Conference in San Francisco this week.

Veracode is very selective, Roche said, adding that the company has already looked at 100 targets in the US and abroad. Talks with potential acquisition candidates are always happening and Veracode aims to close its next deal in the second half of this year, he said.

On 1 April, Veracode announced the acquisition of Longbow Security, a specialist in security management for cloud-native environments.

Acquisitions should help Veracode expand its capabilities in artificial intelligence, he said. It is interested in targets in fields such as risk base vulnerability and risk orchestration, he added.

The company looks at small pre-revenue players but also at larger companies that are profitable. It would even look at companies larger than itself, Roche said.

Veracode is profitable and will finance deals with its own resources, with the support of its existing investors or by attracting new investors, he said.

TA Associates, which invested in the business in March 2022, is Veracode’s largest shareholder, the CEO said. The transaction valued the company at USD 2.5bn as reported.

The company’s next financing steps could include an additional financing round or an IPO, but Roche declined to provide details.

Roche would not disclose Veracode’s revenue but said the compound annual growth rate of the sector is between 15% and 17%, and Veracode is happy with its growth pace.

The company aims to grow its headcount to 700 by the end of this year from the current 650, he said. Besides the headquarters in the US, it has offices in the Czech Republic, the UK, and India, he said.

The company aims to help organizations manage and reduce application risk.  It is planning to expand its geographical footprint in South America and in Europe and aims to grow in the vertical of federal contracts in the US, he said.

In 2022 the size of the Application Security Testing Market was USD 2.8bn with a growth rate of 17.5%. The global market was USD 6.2bn with a growth rate of 17.9%, according to Gartner.

Prior to becoming Veracode CEO, Roche was the company’s chief product officer for the past three and a half years.

Goodwin Procter is Veracode’s legal counsel.

by Laura Larghi in San Francisco