Xconomy did a good write up on Veracode. Matt’s point below is spot on: the only way to address the application security problem is (a) through technology as opposed to people and (b) through easy-to-adopt SaaS solutions as opposed to on-site software that requires cultural change.

With 60 employees to go with its $20 million, Veracode has “nice momentum going into 2008,” [CEO Matt] Moynahan says. “A company could hire a consultant to manually review their code, but we are a faster path to the same destination, especially if they have some application they don’t want to send off-site,” he says. The company even makes suggestions about how to fix code with proven vulnerabilities. Says Moynahan, “We’re trying to bring security to the masses.”