HP-SPI deal underscores apps security integration

As attacks on applications-level vulnerabilities increase, more enterprises are integrating security testing apps into their software development -- often via acquisition

Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms.

Following closely behind IBM's June 6 acquisition of Watchfire, one of Atlanta-based SPI's closest rivals in the Web applications and software code-scanning space, the HP buyout highlights the rapidly emerging trend toward integration of security testing tools into the software development process.

HP, which acquired software development giant Mercury Interactive for $4.5 billion in cash in July 2006 in a move that greatly expanded its interests in the area, said that it plans to blend SPI's business and its 140 person staff into the software unit at its Technology Solutions Group, the division responsible for its server and storage products, as well as its IT consulting services.

In response to the growing threat of attacks on applications-level vulnerabilities, the company said, more customers than ever before are building security testing requirements into their development projects.

By folding applications security testing into its existing portfolio of tools, HP officials said, the company has added an increasingly strategic piece of the overall software development puzzle.

"This adds a new chapter to the applications side of the house; we think of applications and [IT] operations working together, and this adds the piece of security assessment from early on in the [software development] lifecycle all the way through to production," said Jonathan Rende, vice president of products for the Quality Management Software group at HP.

"This is a new dimension of that, that is so complementary because there is a whole set of users who are getting involved in security assessment in the lifecycle," Rende said on a conference call with media and analysts. "There are security experts who determine policies and prepare applications before they go live, but then there are also the developers and quality assurance professionals who need to ensure security before the applications go live."

In a research report published by market analysis firm Gartner in May 2007, industry experts said that by 2009, some 80 percent of major software development lifecycle vendors would offer source code security scanning tools as part of their platforms.

The company said that further that 60 percent of IT organizations will have made vulnerability detection an integral part of their development process by 2010.

HP's move to buy SPI and IBM's acquisition of Watchfire provide tacit evidence that those predictions are already coming to pass, said Joseph Feiman, the Gartner analyst who authored the report.

"In a span of two weeks, two of the largest applications security companies have been acquired by development platform providers, which proves that users of those platforms understand that having applications security as a discipline is as important to them as network or operational security," said Feiman. "This is the part of security that is being built into applications by customers, and it should be an integral part of these [software development] platforms to allow them to do that work."

In addition to appeasing customers who are already calling for integrated applications security testing tools, the HP-SPI and IBM-Watchfire deals should increase the trend toward software developers making security auditing part of their everyday work, the analyst said.

SPI has been a longtime partner of HP, which has offered its tools as a package with its Mercury and OpenView software development products -- just as Watchfire had been selling its applications security products packaged with IBM's Rational code-authoring tools before getting snapped-up by the firm.

Both platform providers' moves to bring security testing capabilities under their own control should benefit their individual marketing efforts and customers' development lifecycle plans, other analysts said.

"SPI had integration with Mercury from a partner standpoint, but that type of a relationship is never as tight as it is within a product suite produced by the same company, and SPI will now be able to take better advantage of HP's installed base of customers," said Dr. Chenxi Wang, analyst with Forrester Research.

"Mercury is the leader of the quality testing market, and customers are increasingly making vulnerability testing a part of that type of work, as opposed to an afterthought, so it makes a lot of sense of HP to make this type of deal," Wang said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?