Application Security , Application Security & Online Fraud , Fraud Management & Cybercrime

SonarSource Raises $412M on $4.7B Valuation to Grow in Asia

Company Will Use the Money to Expand in Asia and Upsell Existing Customers
SonarSource Raises $412M on $4.7B Valuation to Grow in Asia
SonarSource CEO Olivier Gaudin (Image: SonarSource)

SonarSource has raised $412 million on a $4.7 billion valuation to establish a physical presence in Asia and increase its wallet share with existing customers.

See Also: Application Security: Maturing Your Program

The Geneva-based code security vendor wants its Asia-Pacific business to grow from less than 10% of overall revenue today to at least 15% in the future by opening an office in Singapore and pursuing opportunities in China, South Korea, Taiwan, Singapore, Japan and Australia. The Asian expansion will be a key component in SonarSource's push to reach $1 billion in annual revenue in the next half-decade.

"In Asia, we should be doing more," SonarSource CEO Olivier Gaudin tells Information Security Media Group. "We believe that being in a different time zone and having people with a different culture who are trying to sell over there without necessarily talking the language is adding friction in the process."

SonarSource today has offices in Switzerland, Germany, France and Austin, Texas, and Gaudin says the company wants to replicate what it did in Austin by first hiring salespeople and then supporting them with sales engineers and marketing personnel. The company plans to initially run its Asia business out of a sales hub in Singapore and might open additional facilities in countries such as Japan if demand merits (see: Obsidian Security Raises $90M to Safeguard More SaaS Apps).

The Series B funding round was led by new investors Advent International and General Catalyst and comes 13 years after SonarSource's founding. Gaudin says Advent is a traditional late-stage investor focused on helping businesses refine their engineering and product, while General Catalyst is an innovation-focused investor with directors who have experience driving growth at LinkedIn and Google.

"We wanted to make sure that we gathered the right people," Gaudin says. "If we wanted to get the interest of large investors and people who have real experience here, it was super important to be able to offer the right amount of investment."

The Push to $1 Billion

Companywide, Gaudin says SonarSource reached $100 million in yearly sales 15 months ago, expects to exceed $100 million in annual recurring revenue in 2022, and has grown sales by 50% annually for each of the past three years. Given the traction SonarSource has in the market, Gaudin sees the $1 billion sales figure as a medium-term goal that the company should reach within the next four or five years.

"The fact that people are valuing this business at such a high valuation means they bought into this clear path to $1 billion revenue, which is great validation," Gaudin says. "Imagining internally between ourselves that we can get to $1 billion is one thing. Being able to tell the story to people outside the company and having them verify it is a big validation."

The biggest impediment to SonarSource's growth is a lack of salespeople, and Gaudin says the company plans to double its salesforce from 40 people today to 80 people a year from now and again to 160 people two years from now. SonarSource today employs just 300 people, which Gaudin says is very modest given how much business the company does.

"We have 20,000 customers, and the motion is very much that customers are coming to buy from us," Gaudin says. "We have barely enough people to be able to transact the business which is coming our way."

With an expanded salesforce, Gaudin says, SonarSource wants to go back to existing customers and help expand their usage. The company began focusing last year on upsell opportunities and it quickly paid dividends, leading to a 60% jump in upsell business. As SonarSource hires more sales reps, Gaudin plans to narrow their scope and have them spend more time with customers to accelerate product adoption.

The upsell push will focus both on having customers submit additional projects and lines of code to SonarSource as well as encouraging customers to pay for features that assist with scalability, load management, governance and support, Gaudin says.

He adds, "If we start to have people who are driving the conversation with these large enterprises who are our customers, we can actually accelerate the adoption."

Going Beyond Code Security

SonarSource competes against the likes of Checkmarx, Veracode, Synopsys, Snyk and Micro Focus Fortify when it comes to securing applications and code, Gaudin says. But, he says, the company goes beyond security to address code maintainability and reliability, which can boost developer productivity by making code easier to change and less fragile and help companies retain their developers.

"Our promises is not only focused on security," Gaudin says. "It is actually much wider than this. Our promise to engineers is that we are going to help to get all the benefits from the software."

From a metrics standpoint, Gaudin says SonarSource plans to track annual recurring revenue, the number of developers using its platform and the company's gross retention rate. He wants SonarSource to maintain its 95% gross retention rate even as the company continues to scale and hopes to rapidly expand beyond the 5 million developers the company works with today given the size of the market.

"We are the only ones who are able to show you problems when you write code like a spell check," Gaudin says. "And if you think about it, it's a huge strength because it means you are not pushing stuff out that you then have to rework. You can fix it as it happens."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.