HP to Buy Fortify Software for Application Security

HP revealed plans to buy Fortify Software today for an undisclosed sum. The move would deepen the existing ties between the two companies and come more than a year after IBM acquired OunceLabs.

Hewlett-Packard has agreed to acquire Fortify Software to add another layer to its application security portfolio.

The terms of the deal were not disclosed. According to HP, the acquisition of Fortify will allow HP to help organizations meet compliance regulations and bolster security by integrating security assurance into the development lifecycle.

"Businesses operate in a world of increasing security and compliance challenges, and the applications and services that they rely on are core to the problem and the solution," said Bill Veghte, executive vice president, Software and Solutions, at HP, in a statement. "With Fortify's leadership in static application security analysis combined with HP's expertise in dynamic application security analysis, organizations will have a best-in-class solution to improve the security of their applications and services."

HP and Fortify have history together, such as the "Hybrid 2.0" security analysis technology the companies announced in February that updated integration unveiled in June 2009. Plans for the deal also follow IBM's purchase of OunceLabs last year, which some analysts predicted would challenge HP.

"I think it is a great move for HP," Forrester Research analyst Mike Gualtieri told eWEEK. "It is a perfect fit for their tools given the integration they have done with Fortify over the past few months. Developing secure applications will always be important and too many app dev organizations don't know where to begin."

When the deal closes HP will run Fortify initially as a standalone company. Fortify will eventually be integrated into the HP Software and Solutions business, with its products becoming part of the company's Business Technology Optimization application portfolio, HP said.

"Fortify has always been committed to helping chief information security officers and application teams find, fix and prevent security vulnerabilities before they can be exploited by attackers," said John M. Jack, CEO of Fortify, in a statement. "Joining HP will allow us to further integrate our proven technology and security expertise with HP's solutions, letting our joint clients shrink the time-to-security for their new and existing production applications."