HP acquired application testing firm Fortify
By siliconindia   |   Wednesday, 18 August 2010, 18:21 IST
Printer Print Email Email
Bangalore: Software giant HP had acquired privately funded Fortify Software, a maker of static code analysis tools, for an undisclosed amount. HP said that Fortify's static analysis tools will complement its dynamic application testing tools. The news comes just over a year since HP rival IBM acquired Fortify rival Ounce Labs. The deal underscores the growing importance of application security and application testing, as applications migrate to the Web and attacks focus on vulnerabilities in common applications. Vulnerabilites in Adobe Flash Player, Apple Quicktime and other popular applications were among the leading targets of attacks in 2009, according to data from Kaspersky Lab. HP says Fortify's technology will streamline development and application security testing for its customers. Fortify, which was founded in 2003, has long partnered with HP, most recently announcing Hybrid 2.0, a product that integrated HP's Assessment Management Platform (AMP) with Fortify's Source Code Analysis (SCA) and Program Trace Analyzer (PTA) products to link the results of penetration tests to static and dynamic source code analysis tools. While HP acquired some static analysis capabilities with SPI Dynamics, word is that the company had de-emphasized that technology in recent years, preferring Fortify's tools. Fortify's products are mostly licensed by large enterprises, with Oracle, Wells Fargo and Fidelity Investments all customers. The company has also partnered with third party providers, like application testing firm WHiteHat Security on Web application vulnerability testing. HP's acquisition will help make Fortify's tools more mainstream and consumeable to a broader population of companies. But analysts like Corman aren't convinced that there will be a spike in demand for them, or an overall improvement in the software security landscape without more investment in software testing and changes to the way software development is taught. "Software has become infrastructure, just like steel and cement," said Joshua Corman, Research Director at The 451 Group and co-founder of RuggedSoftware.org, a group that is trying to raise awareness about the need for secure coding. "The applications we build aren't nearly as strong as the bridges or buildings we rely on every day," he said. Application testing is also an increasing focus of auditors. Regulations like the Payment Card Industry Data Security Standard (PCI DSS) call for application code audits as a necessary step to prove compliance.

Digital Supply Chain Transformation – Winning the AI/ML Way