July 28, 2009

IBM buys source-code security firm Ounce Labs

IBM on Tuesday acquired Waltham, Mass.-based Ounce Labs, a maker of enterprise source-code security testing software systems.

IBM will integrate Ounce Labs technology into its Rational AppScan web application security and compliance products, according to a statement from IBM.  

"With security and compliance threats becoming so pervasive, companies must take proactive, more cost-effective actions to reduce the opportunities for their applications to be exploited," said Gary Jackson, CEO of Ounce Labs, in a statement. Jackson will be staying with the company, though IBM will move some 30 staffers to new quarters.

"By combining our leading source code analysis technology with IBM's leading web application security software, we are able to offer customers a whole new level of security analysis and support," Jackson said in a statement.

How do the two strategies vary? The underlying technologies have different approaches to security analysis, according to Danny Allan, director of security research at IBM Rational.

“Static analysis is a broad term that cover a lot of different techniques, such as structural analysis, semantic analysis, trace analysis, flow analysis,” Allan told SCMagazineUS.com on Tuesday. “The idea is to see whether there is a vulnerability in the code.”

Dynamic analysis focuses more on vulnerabilities in applications after the code is written, he said.

IBM hopes for the the combined offering to provide a comprehensive solution for organizations looking to correct security vulnerabilities in applications before they go live, the statement said. It should help enable developers build security and compliance into the software development and delivery process. The Ounce Labs website claims that its products can strengthen application security, protect confidential information, and improve governance, risk management and compliance.

“The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security testing solution for managing security and compliance across all stages of the software delivery process,” said Dr. Daniel Sabbah, general manager, IBM Rational Software, in a statement.

Ounce Labs is privately held, and terms of the agreement were not disclosed.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.