Web App Security Heats Up

And by that, we mean M&A and consolidation, as HP looks to buy following IBM's purchase of Watchfire

June 7, 2007

2 Min Read
Network Computing logo

5:00 PM -- Yep, Web app security is now officially on the big guys' radar screens. IBM's announcement yesterday of its plans to acquire Web application testing company Watchfire was just the spark that could fire up this space. (See IBM to Enter Web App Security.)

Then came rumors of HP snapping up SPI Dynamics, one of Watchfire's biggest rivals. Neither HP nor SPI would comment on it, but sources close to the companies say they expect HP or another big name to come knocking at SPI's door.

The 451 Group says SPI officials told them they have been in acquisition talks with several companies, including HP and Microsoft. "We have heard that HP may make an offer for SPI," says Nick Selby, a senior analyst with The 451 Group.

Either way, HP and Microsoft just can't sit on the fence in Web app security anymore. "The Web app pen testing space has been waiting to take off for the last five years," Selby says. "This [IBM] acquisition highlights the fact that enterprises are actually waking up to" the vulnerabilities in their Web-based apps.

Matthew Moynahan, CEO of startup Veracode, which offers security scanning services for software, believes the IBM deal was only the first. "This acquisition and further acquisitions to come in the tools space will continue to validate and raise awareness in our core marketplace -- and continue to illustrate that the problems associated with securing code extend well beyond tools' capabilities to solve it."

Moynahan points out that Veracode and other industry estimates show that application security is only about 10 percent of the total security expenditures (the rest is the network). That disconnect won't be long-lived, though: "This must re-adjust given that the threat space has moved from the network to the applications, and I believe that IBM’s move is a bellwether move for the industry in general."

And with around eight in 10 Websites sporting security holes and most attacks targeting the Web app layer, something's gotta give. Maybe it'll be the purse strings of HP or Microsoft, and then the enterprise.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights