What Happened?
In case you missed it, on Tuesday August 17th, HP announced that it has entered into a definitive agreement to acquire Fortify Software, an automated test tool vendor focused on security analysis for enterprise and web applications. The terms of the acquisition of the 175 person company were not disclosed.
VDC’s View
In some perspectives, HP’s acquisition of Fortify is just a logical extension of the existing partnership the two companies have had in place since June of 2009 in which Fortify’s solutions were integrated with HP’s Application Security Center as well Quality Center suites. The partnership focused on enabling a higher level of application security and speeding overall test time by tying together Fortify’s static source code analysis technology with HP’s dynamic test and test management capabilities.
Although the ability to offer their customers a more comprehensive testing suite is certainly a leading driver of this acquisition, IBM’s recent acquisition of Ounce Labs, another static analysis tool vendor focused specifically on enterprise/web security, was surely another catalyst behind move. In addition to the acquisition of Ounce Labs, which was integrated within their Rational AppScan portfolio, IBM has continued to expand its already robust set of software and system lifecycle management tools in recent years, most notably with their 2008 acquisition of Telelogic, which has in turn fueled the technology behind its Rational Quality Manager suite.
We also expect that the competition between HP and IBM Rational to continue to increase going forward as HP continues to expand and gain traction with the old Mercury BTO tool suite in areas such as requirements management that were previously dominated by IBM and Telelogic. Although the move toward integrated lifecycle management solutions is more established with the enterprise market, we are beginning to see the trend gain additional momentum within the embedded market as many engineering organizations are finally being forced move away from the siloed work flows that have buttressed the use of point products.
This acquisition might create some additional opportunities, however, for the static analysis tool vendors such as Coverity, GrammaTech, and Klocwork that have gained wider success within the embedded market but whose solutions also compete with the likes of Ounce and Fortify within the enterprise/IT market. Additionally, we expect that the marketing and product focus tailored to security utilized by Ounce and Fortify will similarly begin to gain additional traction within the embedded market as increasing levels of software functionality and device connectivity drive embedded system manufacturers to give greater weight to application characteristics beyond functionality.
VDC will be exploring the trends and characteristics of the enterprise and embedded test tool markets in greater depth within our upcoming Software & System Lifecyle Management Tools research program. Please contact us for additional information.
Related Posts:
- Agile Systems Bulletin – August 2010
- Artisan Acts Rational, Acquiring Companies to Broaden Solution Set
- IBM/Telelogic Acquisition Update: Part 2
It will be really interesting to see how this acquisition squares up to other security testing applications. The very fact that HP are bringing this function into their suite of software testing tools and business process optimization tool set is an interesting one though. It begs the bigger question should the software test team be skilled enough to complete effective security testing in the first place. My initial reaction would be that the core test team should focus on functionality of a product under test. Performance and security testing (where specialist skills and tool sets are required) should be sub contracted to specialists either within a company or outsourced.
Posted by: William Echlin | 08/25/2010 at 04:02 AM