Research Services Business Will Keep GrammaTech Name, Five Points Capital Ownership
GrammaTech has separated its security software products and cyber research services divisions, and venture capital firm Battery Ventures has acquired the former and renamed it CodeSecure.
The Washington, D.C.-area application security testing software business will pursue M&A in adjacent markets such as orchestration, dynamic testing and source code software composition analysis as a stand-alone company owned by Battery Ventures, said CEO Mike Dager. CodeSecure also will examine deals that allow the company to cover additional programming languages with its static analysis tool (see: Sonatype, Snyk, Synopsys Top SW Comp Analysis Forrester Wave).
“There’s an M&A component that Battery Ventures brings to the table,” Dager told Information Security Media Group. “We feel like there are other technologies that are adjacent to binary-based SCA, adjacent to the SAST products that we have, that we may want to add and/or tuck in to CodeSecure going forward. Battery Ventures is the perfect partner do that with.”
More Programming Languages on the Table
The software research services team will continue to operate under the GrammaTech name and under the ownership of Five Points Capital, which has owned both the software products and research services components since fall 2019. Dan Goodwin – who’s been general manager of GrammaTech’s research division since March 2022 – will take over as CEO once CodeSecure becomes an independent company.
Dager said GrammaTech’s headcount and revenue were fairly evenly split its software products and research services divisions. GrammaTech as a whole employs 115 people, according to LinkedIn, down 15% from a year earlier. Terms of Battery Venture’s acquisition of the software products business weren’t disclosed.
Under the ownership of Battery Ventures, Dager hopes to take CodeSecure’s static analysis product from going deep with five or six programming languages to offering support for 18 or 20 additional languages that aren’t covered at all today. Buying or partnering will enable CodeSecure to address emerging customer needs much more quickly than building the technology themselves, Dager said (see: Synopsys Extends Lead in Gartner MQ for App Security Testing).
“Customers need things now,” Dager said. “If it’s going to take you two years to build something, you might miss the market.”
Going After US Government Greenfields
From a go-to-market standpoint, Dager wants to maintain 40% of CodeSecure’s sales outside of North America as the company adds more sales reps across the United States and Canada as well as in Europe. He also would like to see more dedicated personnel addressing the U.S. government and federal contractor space since that accounts for between 15% and 20% of CodeSecure’s business today.
“If it’s going to take you two years to build something, you might miss the market.”
– Mike Dager, CEO, CodeSecure
CodeSecure enjoys particularly strong traction with organizations building embedded devices in verticals such as industrial controls, healthcare, automotive and process control, Dager said. The company also has deep relationships in the financial services space, including with banks, insurance agencies and payment processing entities, according to Dager.
As far as metrics are concerned, CodeSecure plans to closely track EBITDA to determine the extent of its profitability and hopes to maintain an annual growth rate in excess of 50%, Dager said. In addition, Dager hopes to drive new bookings and keep net renewal rates above 100% by expanding the company’s footprint within existing customers and implementing slight price increases during renewal time.
“I’m a software product guy going back my entire career,” Dager said. “That’s really where I am comfortable. I feel like I can build a business, scale it and get it to be large and profitable.”