IBM acquires Ounce Labs

by Steve Ragan - Jul 28 2009, 16:30

Ounce Labs, makers of Ounce 6 code analyzer for vulnerability scanning, is under new ownership as Big Blue adds another security company to the fold. On Tuesday Morning, IBM said that it will integrate Ounce Labs into its “Rational” software business. The financial details of the acquisition were not disclosed.

We’ve covered Ounce Labs on The Tech Herald before. Gary Jackson, President and CEO of Ounce Labs, gave us a one-on-one with regard to the IT and the economy series, and earlier this year, Ounce Labs founder and CTO Jack Danahy took a stand against the criticisms surrounding Open Source security. Ounce Labs is a private company based in Waltham, Massachusetts, and with today’s news they become company number 50 to join IBM through acquisition since Blue started snapping up companies in 2003.

The security and regulatory compliance of Web applications is one of the largest priorities for businesses. According to a recent IBM ISS Threat Report, more than half of all vulnerabilities disclosed in 2008 were Web-based. Many software application vulnerabilities can be prevented or avoided by taking a preemptive approach to security, IBM said.

According to The National Institute of Standards and Technology (NIST), 80-percent of development costs are spent identifying and fixing defects. By allowing information technology (IT) teams to build security and compliance into the software development and delivery process, they can help prevent these issues from posing a greater risk to their organization and becoming highly costly to fix.  

It is because of this that security needs to be built-in during the development cycle, not added later through patches and as an afterthought. With that in mind, this is exactly the reason IBM said they wanted to merge Ounce Labs into their Rational AppScan family of Web application security offerings.

In addition to the Ounce Labs acquisition, IBM also today announced an agreement to acquire SPSS, Inc., who provides predictive analytics software. SPSS helps clients forecast trends and anticipate change to drive smarter business outcomes.

“With security and compliance threats becoming so pervasive, companies must take proactive, more cost effective actions to reduce the opportunities for their applications to be exploited,” said Gary Jackson, CEO, Ounce Labs.

 “By combining our leading source code analysis technology with IBM’s leading Web application security software, we are able to offer customers a whole new level of security analysis and support. We look forward to joining IBM in their continued development of security technology, which will no doubt become required infrastructure over the next few years.”

IBM would not disclose the financial details or the complete merger details with the press. More than likely, the Ounce Labs staff and management will simply be rolled into the AppScan division.

Around the Web

comments powered by Disqus