July 28, 2009

IBM buys source-code security firm Ounce Labs

IBM on Tuesday acquired Waltham, Mass.-based Ounce Labs, a maker of enterprise source-code security testing software systems.

IBM will integrate Ounce Labs technology into its Rational AppScan web application security and compliance products, according to a statement from IBM.  

"With security and compliance threats becoming so pervasive, companies must take proactive, more cost-effective actions to reduce the opportunities for their applications to be exploited," said Gary Jackson, CEO of Ounce Labs, in a statement. Jackson will be staying with the company, though IBM will move some 30 staffers to new quarters.

"By combining our leading source code analysis technology with IBM's leading web application security software, we are able to offer customers a whole new level of security analysis and support," Jackson said in a statement.

How do the two strategies vary? The underlying technologies have different approaches to security analysis, according to Danny Allan, director of security research at IBM Rational.

“Static analysis is a broad term that cover a lot of different techniques, such as structural analysis, semantic analysis, trace analysis, flow analysis,” Allan told SCMagazineUS.com on Tuesday. “The idea is to see whether there is a vulnerability in the code.”

Dynamic analysis focuses more on vulnerabilities in applications after the code is written, he said.

IBM hopes for the the combined offering to provide a comprehensive solution for organizations looking to correct security vulnerabilities in applications before they go live, the statement said. It should help enable developers build security and compliance into the software development and delivery process. The Ounce Labs website claims that its products can strengthen application security, protect confidential information, and improve governance, risk management and compliance.

“The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security testing solution for managing security and compliance across all stages of the software delivery process,” said Dr. Daniel Sabbah, general manager, IBM Rational Software, in a statement.

Ounce Labs is privately held, and terms of the agreement were not disclosed.

Related Articles
Related Topics

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.