LOGIN | REGISTER NOW | SUBSCRIBE
 
print Printable version 
Most Read Latest News Blog Resources
Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Going 'all in' on .NET as default runtime
Programmers for Windows Phone 7 will need to use Silverlight and XNA for development

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Big Blue to Buy Watchfire


First development giant to get in the app security game

By Jennifer deJong
July 1, 2007 — 
IBM has made the first move in the application security market, setting off speculation that other software development giants will follow suit.

The company last month announced it has entered into a definitive agreement to acquire privately held Watchfire, which sells black-box testing tool AppScan and other security offerings.

“Up until this point, none of the big players has gotten into the application security game. This puts IBM there, and it is a good move,” said Voke analyst Theresa Lanowitz. “Now that IBM has done it, maybe HP and Microsoft will [make similar acquisitions].”

IBM Rational vice president of business development Mike Loria said that the Watchfire acquisition will help companies address security issues earlier in the application life cycle. “You need to find the problems in the application [itself], and allow developers to fix them.” Loria said IBM plans to integrate Watchfire’s AppScan and WebXM tools with the Rational and Tivoli product lines, as well as with the network security tools that IBM acquired when it bought Internet Security Systems last year. AppScan and WebXM will also be available as standalone offerings under the new regime.

AppScan finds and fixes security vulnerabilities by simulating attacks that a hacker might launch, and was originally developed by Sanctum, a software company that Watchfire acquired in 2004. WebXM lets companies audit their Web applications to make sure customer data is protected properly, ensuring compliance with government mandates such as HIPAA, the Health Insurance Portability and Accountability Act of 1996.

Financial terms of the acquisition, expected to close in the third quarter of 2007, were not disclosed. Watchfire CTO Mike Weider said that all of the company’s senior executives are expected to move over to IBM, as will the majority of the company’s employees. The exact role Weider will assume at IBM has not yet been determined, nor has that of Watchfire CEO Peter McKay.

‘CATCH-22 SITUATION’
In buying Watchfire and integrating its tools with its Rational development platform, IBM will take a leading role in proactive application security by spreading the word on why it’s essential to address security concerns early in the application life cycle, instead of simply relying on firewalls that aim to block intruders at the network door, said Lanowitz. “It’s really been a Catch-22 situation,” she said. The application security tool makers have worked hard to raise awareness around this issue, but without the direct backing of the big players, making significant inroads has been difficult, she said.

The industry has failed to take a firm stand around secure development, added Aberdeen analyst Carol Baroudi. “We have been remiss, but it’s time to hunker down around application security.”

Lanowitz said she is surprised it has taken so long for a big player such as IBM to make an application security acquisition, but she cited a couple of contributing factors. “First, customers aren’t raising the issue: Neither CIOs or line-of-business executives are demanding application security tools.” Second, she believes that the application security firms’ valuations are likely to be too high. “That’s why [potential buyers] were waiting,” she speculated.

In addition to Watchfire, the application security market is composed of small, privately held firms, such as Cenzic, Fortify, Ounce Labs and SPI Dynamics. They sell black-box testing tools and source code scanners, which pinpoint security flaws. Several companies, including Watchfire, have said recently that sales have grown in the past year. But Yankee Group analyst Andrew Jaquith estimated that the entire market for code assurance is less than US$30 million in size, as reported earlier by SD Times.

It’s interesting that IBM jumped in first, Lanowitz said of the planned Watchfire acquisition. “They usually wait.”

But this time IBM has taken the lead over competitors, said company executive Loria. “If they want to remain competitive with us, they will look at how to respond in kind.”


Share this link: http://www.sdtimes.com/link/30862
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading



 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG