IBM acquires Ounce Labs to build out its application testing capabilities. The purchase, which follows continued growth in the market, may trigger a reaction from HP and other vendors.
IBM has acquired Ounce Labs to bolster
its application testing abilities.
The move underscores the demand
for vulnerability testing, which analysts say has continued to grow even in the
face of an economic downturn. According to Gartner, the market for both dynamic
and static testing has grown steadily during the past few years and now stands
at roughly $200 million. Unsurprisingly, the National Institute of
Standards and Technology estimates 80 percent of development costs are spent identifying
bought Watchfire. Hewlett-Packard acquired
Dynamics around the same time.
s latest purchase
will put additional pressure on HP and other vendors, opined Gartner analyst
"This puts pressure on HP
to fill out there static
capabilities, as well as Microsoft, who has some very basic
capabilities built into Visual Studio," MacDonald said, adding that IBM'
s acquisition makes "great
"Even this year, with the
economy being down, we are still seeing double-digit growth rates in this
market segment," he added. "But longer term, you need to ask yourself: -Do I
need to buy a separate tool to test application security vulnerabilities, or
should this be integrated into my application development platform?'"
Paul Roberts, an analyst
with The 451 Group, agreed that the purchase may trigger a response from
vendors such as HP in the weeks and months ahead.
's efforts to integrate secure code
analysis earlier in the development process, analyzing source code before it's
compiled and helping developers do the right thing, so to speak," he said.
"That's what Ounce brings to the table. There are a slew of vendors in this
could have chosen, as well.
Fortify, most notably ... but also firms like Coverity and Klocwork. Reading
between the lines of IBM's
brief on this, I think the company
liked the fact that there was already some tight integration between Ounce's
tools and Rational AppScan that will make it easier to sell and integrate, long
term, into the Rational line."
IBM officials said that more details
on the road map will be released in the near future. The plan is to integrate
Ounce Labs' products into the Rational AppScan portfolio.
"While the Rational
AppScan portfolio already includes static analysis offerings, the addition of
the new Ounce Labs solution is a strategic move to accelerate Rational's
footprint in static code analysis security with a more mature offering that has
a wider range of language and environment support," said Michael Loria, vice
president of business development for
Rational. "This acquisition
deepens our portfolio of Web application security and compliance solutions,
accelerating elements of our product vision and strengthening our end-to-end
application lifecycle security portfolio."