A friend once told me that when the media puts you on a pedestal it is because they want to swing at you with a baseball bat. So it is slightly bittersweet to see Veracode on NetworkWorld‘s list of top 10 IT security companies to watch. (I guess the Veracode blog is too modest to link to this but I’m not beyond promoting my companies.) NW’s team know how to pick them: most of the companies that made last year’s list are doing pretty well.

I’m excited about the traction that Veracode is getting in the market because the company’s mission is one that ultimately benefits everyone in the software space. By consistently quantifying application security risk, Veracode makes it possible for enterprises to develop and implement policies that take into account the impact of poor software development practices and software vulnerabilities. The coolest thing about Veracode’s trusted third party application security services is that they apply equally well to internally developed software as well as software developed by third parties such as ISVs. I have said before that security will become a competitive advantage and that benefits larger software vendors that have the resources to invest in improving application security. My hope is that easy-to-use, pay-as-you-go services such as those provided by Veracode may even the playing field and help smaller ISVs compete more effectively.

In general, the new top 10 list shows an innovation trend that is moving away from pure network security towards application & data security, whether on the move or at rest. Example companies: NetWitness, Palo Alto Networks, Provilla, Sentrigo and Veracode.