IBM has bought a small software house that specialises in tools used to analyse source code to produce details and remediation advice about software security vulnerabilities.
The company said that it has acquired Ounce Labs and will integrate it into its Rational AppScan web application and software testing business. Financial terms were not disclosed.
Ounce has been in business since 2002, and is understood to have around 30 employees. The company seems to have been performing well of late, and although privately held reportedly saw quarterly bookings grow by 80% during the second quarter of 2009 year-on-year.
Now in version 6, the company’s flagship is a security source code analysis engine that assesses web application code, enforcing rules and policies and housing a security knowledgebase.
The system scans the application portfolio to provide various metrics and remediation advice to reduce vulnerabilities in software.
IBM said the software identifies potential security and compliance vulnerabilities during the earliest stages of software development. The reason that is important is that research has shown that issues found later in the lifecycle are anywhere between 10 times and 100 times more expensive to resolve than those found in the development phase.
It also said it can help organisations assess and remediate the level of risk posed to their businesses through their legacy code and business applications that are in production. On this front studies have shown that nearly one-third of live applications suffer from some sort of code issue, which is not only more expensive to fix than if it had been detected earlier in the software lifecycle, but is likely to have the greatest business impact.
Ounce Labs has been involved with IBM since it introduced a line of quality management software and services a couple of years ago for the pre-deployment phase of service-oriented architectures.
It was working as a partner of IBM along with the likes of Black Duck Software, BSD Group, Klocwork, RingZero, SPI Dynamics and Watchfire.
