Code Testing Tools Could Be Acquisition Targets in 2008

Interest in building security into the development process could make code testing products into inviting buyout targets.If application security has to be baked into the development process, source code analysis tools are the technological equivalent of oven mitts—making their providers natural targets for acquisition, some analysts predicted.

"Theres a lot of interest in this space because of [the Payment Card Industry Data Security Standard]," said Nick Selby, an analyst with The 451 Group. "Were seeing an exponential increase in the number of software-as-a-service providers who are doing vulnerability assessments either for Web applications or for traditional network applications or network vulnerability assessment.

"Those companies are branching into application vulnerability assessment and were seeing a move at a high level to push code analysis and security assessment into the development stage of coding as opposed to where it is now, which is in the quality assurance and in production," Selby said.

The past year saw two major acquisitions related to application security testing: Hewlett-Packards purchase of SPI Dynamics and IBMs acquisition of Watchfire. The acquisitions, coupled with an increase in the number of providers offering vulnerability assessments, are indicators of a growing emphasis on increasing security in the development process.

One driver behind any acquisitions in the space may simply be competition. Ironically, though, the number of acquisitions that have already taken place may mean there are fewer on the table for 2008, Gartner analyst John Pescatore said. Still, some of the larger vendors, like Fortify Software, are likely to be targets of companies that compete with IBM and HP in the software development space, he said.