Hewlett-Packard Co. has agreed to acquire application security vendor Fortify Software in a deal that would integrate its security software into HP's application development portfolio. Terms of the deal were not disclosed.
When big companies like IBM and HP make acquisitions like this they're going to make these technologies easier to consume for more folks.
research directorThe 451 Group
San Mateo, Calif.-based Fortify Software Inc. sells a suite of tools that are used early in the software development lifecycle. The vendor offers static code analysis tools used to detect coding errors during a development project. In addition, Fortify sells dynamic analysis tools for applications already fully deployed and offers a Web-based vulnerability management environment and module to bring together software developers and security teams.
Analysts had been expecting HP to follow up with an acquisition after IBM acquired Ounce Labs, a source code security testing vendor, last year. Joshua Corman, research director in the enterprise security practice at The 451 Group, called the acquisition a validation that enterprises are beginning to see the value in building more rugged software. Fortify has a large customer base, solid revenues and compliments HP's 2007 acquisition of Web application security vendor Spi Dynamics, Corman said.
"When big companies like IBM and HP make acquisitions like this they're going to make these technologies easier to consume for more folks," Corman said. "There is a small, but growing market demand for more secure development."
HP has had a partnership with Fortify and the question was whether the company would strengthen the partnership by making it exclusive or move forward with an acquisition, said Ramon Krikken, a principal analyst at Gartner Inc. Questions remain over whether HP will be able to retain most of Fortify's talent and how it would eventually integrate the software into its application development portfolio.
"Some people feel HP hasn't been able to keep Spi Dynamics' as strong as it was when they acquired it. ... Some of the talent left and people were not happy with the way the product developed," Krikken said. "But this could be an infusion of new talent that may be able to help move HP's product line forward." Both Krikken and Corman said there is still room for smaller innovator vendors; firms like Veracode which offers cloud-based software testing tools, Coverity and Klockwork. "There's still a large untapped market out there," Corman said.
[Fortify CEO John Jack] is actually leading this business with the team intact and we're being deliberate and thoughtful about how and when we pull the pieces together.
vice president of productsHewlett-Packard
HP said it will initially run Fortify on its own to ensure continuity. The vendor will be eventually integrated into the HP Software and Solutions business. Fortify's products will become part of the Business Technology Optimization application portfolio, available through HP's sales and service channels.
HP says it will also retain all of Fortify's top talent including its three founders, Roger Thornton, Michael Armistead and Brian Chess. Integration will take place over the course of the year, said Mark Sarbiewski, vice president of products, HP Software and Solutions.
"We are staging this integration over the next year in our minds," Sarbiewski said. "[Fortify CEO John Jack] is actually leading this business with the team intact and we're being deliberate and thoughtful about how and when we pull the pieces together. ... After the acquisition closes we'll begin joint road maps, bringing the sales teams together to maximize their efforts in the field."
Armistead said Fortify is excited about the acquisition because it helps Fortify gain access to the full quality assurance teams up to the CIO and operations center within enterprises, Armistead said. "These were places we weren't reaching very effectively," Armistead said. "Our competency was through the CISO and development chief."