Compliance Management, Network Security

IBM buys source-code security firm Ounce Labs

IBM on Tuesday acquired Waltham, Mass.-based Ounce Labs, a maker of enterprise source-code security testing software systems.

IBM will integrate Ounce Labs technology into its Rational AppScan web application security and compliance products, according to a statement from IBM.  

"With security and compliance threats becoming so pervasive, companies must take proactive, more cost-effective actions to reduce the opportunities for their applications to be exploited," said Gary Jackson, CEO of Ounce Labs, in a statement. Jackson will be staying with the company, though IBM will move some 30 staffers to new quarters.

"By combining our leading source code analysis technology with IBM's leading web application security software, we are able to offer customers a whole new level of security analysis and support," Jackson said in a statement.

How do the two strategies vary? The underlying technologies have different approaches to security analysis, according to Danny Allan, director of security research at IBM Rational.

“Static analysis is a broad term that cover a lot of different techniques, such as structural analysis, semantic analysis, trace analysis, flow analysis,” Allan told SCMagazineUS.com on Tuesday. “The idea is to see whether there is a vulnerability in the code.”

Dynamic analysis focuses more on vulnerabilities in applications after the code is written, he said.

IBM hopes for the the combined offering to provide a comprehensive solution for organizations looking to correct security vulnerabilities in applications before they go live, the statement said. It should help enable developers build security and compliance into the software development and delivery process. The Ounce Labs website claims that its products can strengthen application security, protect confidential information, and improve governance, risk management and compliance.

“The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security testing solution for managing security and compliance across all stages of the software delivery process,” said Dr. Daniel Sabbah, general manager, IBM Rational Software, in a statement.

Ounce Labs is privately held, and terms of the agreement were not disclosed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.