Veracode’s service hooks into the development tools used by coders so that its cloud-based system can scan their application for vulnerabilities or bugs in the code.

What makes Veracode different than the recent torrent of security startups that have been raising cash is how its technology aims to strengthen the development process of applications rather than providing network-monitoring services like RiskIQ or identity management features like Okta. Brennan said he believes that many of the security breaches today occur by taking advantage of holes in the design and source code of the application itself, especially as these apps are dealing with lots of data flowing in and out.

“The world views of security and development are different; one is focussed on building things and one is focussed on monitoring,” Brennan said.

After scanning the application, Veracode can tell whether or not a development team has been introducing SQL injection errors and other common security bugs. It then reports that information back to the developers so that they can properly patch up their system.

“We run the program to tell them what has been remediated and what hasn’t,”