LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 7/1/2009 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
Is the mystery Borland suitor Serena?
Borland software is considering an offer from another company after a preliminary deal with MicroFocus. Is Serena the new company?
06/30/2009 01:55 PM EST

Windows 7 - An eBayer's dream product?
Windows 7 pre-orders can make people money on eBay.
06/29/2009 03:48 PM EST

Know thine cloud provider
Cloud computing require companies to understand compliance and regulation. Third parties will play a big role in regulated industries.
06/29/2009 02:58 PM EST

 

Microsoft Worldwide Partner Conf.
7/13/2009 to 7/16/2009
New Orleans
Microsoft

OSCON (Open Source Convention)
7/20/2009 to 7/24/2009
San Jose
O'Reilly Media

XBRL Technology Workshop & Summit
7/28/2009 to 7/30/2009
Santa Clara
XBRL US

ACM SIGGRAPH
8/3/2009 to 8/7/2009
New Orleans
ACM SIGGRAPH

OpenSource World (formerly LinuxWorld)
8/12/2009 to 8/13/2009
San Francisco
IDG World Expo


 
print Printable version 
Most Read Latest News Blog Resources
Kapow automates website data retrieval
Kapow Technology's Web Data Server 7.0 can be used to create modules that navigate through...

COBOL’s future lies in the clouds
After 50 years of use in businesses, COBOL is still lingering around mainframes. But the s...

Oracle's Fusion 11g lays groundwork for ERP platform
Fusion's components are standards-based and integrated, but some abilities are lost if non...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Big Blue to Buy Watchfire


First development giant to get in the app security game

By Jennifer deJong
July 1, 2007 — 
IBM has made the first move in the application security market, setting off speculation that other software development giants will follow suit.

The company last month announced it has entered into a definitive agreement to acquire privately held Watchfire, which sells black-box testing tool AppScan and other security offerings.

“Up until this point, none of the big players has gotten into the application security game. This puts IBM there, and it is a good move,” said Voke analyst Theresa Lanowitz. “Now that IBM has done it, maybe HP and Microsoft will [make similar acquisitions].”

IBM Rational vice president of business development Mike Loria said that the Watchfire acquisition will help companies address security issues earlier in the application life cycle. “You need to find the problems in the application [itself], and allow developers to fix them.” Loria said IBM plans to integrate Watchfire’s AppScan and WebXM tools with the Rational and Tivoli product lines, as well as with the network security tools that IBM acquired when it bought Internet Security Systems last year. AppScan and WebXM will also be available as standalone offerings under the new regime.

AppScan finds and fixes security vulnerabilities by simulating attacks that a hacker might launch, and was originally developed by Sanctum, a software company that Watchfire acquired in 2004. WebXM lets companies audit their Web applications to make sure customer data is protected properly, ensuring compliance with government mandates such as HIPAA, the Health Insurance Portability and Accountability Act of 1996.

Financial terms of the acquisition, expected to close in the third quarter of 2007, were not disclosed. Watchfire CTO Mike Weider said that all of the company’s senior executives are expected to move over to IBM, as will the majority of the company’s employees. The exact role Weider will assume at IBM has not yet been determined, nor has that of Watchfire CEO Peter McKay.

‘CATCH-22 SITUATION’
In buying Watchfire and integrating its tools with its Rational development platform, IBM will take a leading role in proactive application security by spreading the word on why it’s essential to address security concerns early in the application life cycle, instead of simply relying on firewalls that aim to block intruders at the network door, said Lanowitz. “It’s really been a Catch-22 situation,” she said. The application security tool makers have worked hard to raise awareness around this issue, but without the direct backing of the big players, making significant inroads has been difficult, she said.

The industry has failed to take a firm stand around secure development, added Aberdeen analyst Carol Baroudi. “We have been remiss, but it’s time to hunker down around application security.”

Lanowitz said she is surprised it has taken so long for a big player such as IBM to make an application security acquisition, but she cited a couple of contributing factors. “First, customers aren’t raising the issue: Neither CIOs or line-of-business executives are demanding application security tools.” Second, she believes that the application security firms’ valuations are likely to be too high. “That’s why [potential buyers] were waiting,” she speculated.

In addition to Watchfire, the application security market is composed of small, privately held firms, such as Cenzic, Fortify, Ounce Labs and SPI Dynamics. They sell black-box testing tools and source code scanners, which pinpoint security flaws. Several companies, including Watchfire, have said recently that sales have grown in the past year. But Yankee Group analyst Andrew Jaquith estimated that the entire market for code assurance is less than US$30 million in size, as reported earlier by SD Times.

It’s interesting that IBM jumped in first, Lanowitz said of the planned Watchfire acquisition. “They usually wait.”

But this time IBM has taken the lead over competitors, said company executive Loria. “If they want to remain competitive with us, they will look at how to respond in kind.”


Share this link: http://www.sdtimes.com/link/30862
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading