HP's Fortify buy puts spotlight on obscure -- but important -- niche

Analysts say moves by tech leaders HP and IBM should boost flagging demand for application security tools

Hewlett-Packard's move this week to buy Fortify software focuses attention on the increasingly important, but still mostly underutilized category of application security products, security experts say.

Privately-held Fortify will provide HP with a set of technologies for on-premise testing of applications through all stages of the development process through deployment.

The planned acquisition complements HP's 2007 purchase SPI Dynamics, a vendor of Web application security products. Fortify will also give HP the means to match IBM's range of static and dynamic analysis tools that help companies test applications during the coding and testing stages, as well as the deployment phase.

The Fortify acquisition is the latest move in efforts by IBM and HP to build competitive application security portfolios mostly via acquisition. HP's purchase of SPI Dynamics for instance, followed IBM's acquisition Web application security vendor Waterfire. And HP's purchase of Fortify follows last year's IBM acquisition of Fortify competor Ounce Labs.

The acquisitions by the two technology giants are lending credibility to an important market segment, said Joshua Corman an analyst with The 451 Group and co-founder of RuggedSoftware.org, a group trying to raise awareness about secure coding practices.

Despite increased hacker attacks at the application level, companies continue to pour most of their security dollars into projects to secure network defenses, Corman said. Of the estimated $50 billion that companies spent on security products and services last year, barely $500 million was spent to shore up application security, he noted.

Corman theorized that IT executives comtinue to lack awareness of a growing need to better secure applications. "Software has become infrastructure, just like cement and steel. But unlike concrete and steel, it's not nearly as reliable," Corman said. "We have just never had a culture that software needs to be not just fast, but also secure."

Another reason for the slow adoption of application security products has been confusion about how best to use them. Some vendors maintain that the tools should be used to scan every line of code to identify vulnerabilities throughout application development projects. Others argue that the tools are best used to identify and fix problems on executable code.

Corman said that having tools available from both HP and IBM should lead to more enterprise investments in such technologies. "Very few companies will adopt technologies from small vendors in a nascent market," he said.

"What (IBM and HP) are saying is, there is a time and place for every technique," said Pete Lindstrom, an analyst with Spire Security. The moves show that "there is good value in both interactive and static tools for various reasons," he added.

The investments by HP and IBM in application security products and highlight the importance that these vendors are attaching to this space, said Dave Peterson, chief marketing officer at Coverity, a maker of security tools. "We look at it as a validation that software integrity has a home in the software development lifecycle," he said.

Tags The 451 GroupsecurityIBMOunce LabsHewlett-Packard

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld (US)

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?