IBM has acquired Ounce Labs to bolster its application testing abilities.
The move underscores the demand for vulnerability testing, which analysts say has continued to grow even in the face of an economic downturn. According to Gartner, the market for both dynamic and static testing has grown steadily during the past few years and now stands at roughly $200 million. Unsurprisingly, the National Institute of Standards and Technology estimates 80 percent of development costs are spent identifying and fixing vulnerabilities.
In 2007, IBM bought Watchfire. Hewlett-Packard acquired SPIDynamics around the same time. IBM’s latest purchase will put additional pressure on HP and other vendors, opined Gartner analyst Neil MacDonald.
“This puts pressure on HP to fill out there static analysis capabilities, as well as Microsoft, who has some very basic capabilities built into Visual Studio,” MacDonald said, adding that IBM’ s acquisition makes “great sense.”
“Even this year, with the economy being down, we are still seeing double-digit growth rates in this market segment,” he added. “But longer term, you need to ask yourself: -Do I need to buy a separate tool to test application security vulnerabilities, or should this be integrated into my application development platform?'”
Paul Roberts, an analyst with The 451 Group, agreed that the purchase may trigger a response from vendors such as HP in the weeks and months ahead.
“Ounce jump-starts IBM’s efforts to integrate secure code analysis earlier in the development process, analyzing source code before it’s compiled and helping developers do the right thing, so to speak,” he said. “That’s what Ounce brings to the table. There are a slew of vendors in this space that IBM could have chosen, as well. Fortify, most notably … but also firms like Coverity and Klocwork. Reading between the lines of IBM’s brief on this, I think the company liked the fact that there was already some tight integration between Ounce’s tools and Rational AppScan that will make it easier to sell and integrate, long term, into the Rational line.”
IBM officials said that more details on the road map will be released in the near future. The plan is to integrate Ounce Labs’ products into the Rational AppScan portfolio.
“While the Rational AppScan portfolio already includes static analysis offerings, the addition of the new Ounce Labs solution is a strategic move to accelerate Rational’s footprint in static code analysis security with a more mature offering that has a wider range of language and environment support,” said Michael Loria, vice president of business development for IBM Rational. “This acquisition deepens our portfolio of Web application security and compliance solutions, accelerating elements of our product vision and strengthening our end-to-end application lifecycle security portfolio.”