On 19 June 2007, HP announced a definitive agreement to acquire SPI Dynamics, a vendor of Web application security testing software and services, for an undisclosed sum. The deal should close in 3Q07.
HP’s acquisition of SPI Dynamics is the right step. With it, HP demonstrates that security is an important foundational element of software quality and makes security a peer offering in HP's triad of quality, performance and now security testing.
HP's announcement comes only two weeks after IBM announced it would buy application security testing vendor Watchfire (see "Watchfire Will Strengthen IBM Development Platform Security" ). Market demand for application security testing has grown rapidly during the past three years, and is expected to reach nearly $200 million by YE07. HP and IBM rightfully rushed to capitalize on this trend (see “MarketScope for Web Application Security Vulnerability Scanners, 2006" ).
In G00144800 "Key Technology Trends in Application Security Testing Markets," we explained the need for vendors of software life cycle (SLC) tools — such as IBM, Microsoft, HP (Mercury Interactive) and others — to incorporate security testing tools natively into their platforms. We predicted that 80% of major SLC vendors would offer dynamic application security testing (DAST) or static application security testing (SAST) tools as part of their SLC platforms by 2008. The nearly simultaneous acquisition of two application security testing vendors by two of the largest SLC vendors confirms this trend. Look for Microsoft, Borland, Oracle and SAP to equip their SLC platforms with similar technologies within next 18 months.
Application security should be:
HP’s acquisition of SPI Dynamics fills its primary need for DAST capabilities with the WebInspect tool, which is a good fit within quality assurance.
On the positive side, WebInspect and DevInspect can provide a hybrid testing approach that correlates results of static and dynamic testing, potentially increasing overall accuracy of testing. Both tools were designed for native integration into HP’s (Mercury's) QualityCenters.
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)
|Resource Id: 507761|