ARMONK, N.Y., July 28 /PRNewswire-FirstCall/ -- IBM (NYSE: IBM) today announced it has acquired Ounce Labs, Inc., a privately-held company based in Waltham, Massachusetts, whose software helps companies reduce the risks and costs associated with security and compliance concerns. IBM will integrate Ounce Labs, a leading provider of enterprise source code security testing, into its Rational software business. Financial terms were not disclosed.
As today's systems become increasingly interconnected, instrumented and intelligent, they are also becoming more complex, forcing organizations to protect themselves from an evolving array of security and compliance risks. The industry-leading Ounce Labs solutions use advanced capabilities to scan software source code and identify potential security and compliance vulnerabilities during the earliest stages of software development, when they are less expensive to correct. Ounce Labs software can also help organizations to rapidly assess and remediate the level of risk posed to their businesses through their legacy applications.
Many software application vulnerabilities can be prevented or avoided by taking a preemptive approach to security. According to The National Institute of Standards and Technology (NIST), 80% of development costs are spent identifying and fixing defects.(i) By allowing information technology (IT) teams to build security and compliance into the software development and delivery process, they can help prevent these issues from posing a greater risk to their organization and becoming highly costly to fix.
"Secure applications are vital to information integrity and continuity in government and business. The complexity of today's systems and the sophistication of attacks require comprehensive technology. The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security testing solution for managing security and compliance across all stages of the software delivery process," said Dr. Daniel Sabbah, general manager, IBM Rational Software. "Integrating Ounce Labs technology into our industry-leading IBM Rational AppScan family of security products represents the best-of-class solution for application security assessment and testing."
Ounce Labs technology will be offered as part of the IBM Rational AppScan family of Web application security and compliance testing solutions. The combined offering will provide a comprehensive solution for organizations concerned about correcting security vulnerabilities in applications before they go live. The Ounce Labs and Rational offerings allow IBM to provide application security analysis capabilities across the software development lifecycle (SDLC), from coding to production.
"With security and compliance threats becoming so pervasive, companies must take proactive, more cost effective actions to reduce the opportunities for their applications to be exploited," said Gary Jackson, CEO, Ounce Labs. "By combining our leading source code analysis technology with IBM's leading Web application security software, we are able to offer customers a whole new level of security analysis and support. We look forward to joining IBM in their continued development of security technology, which will no doubt become required infrastructure over the next few years."
From growing concerns around the increasingly advanced techniques of cyber criminals, to the concern of not being in compliance with mandatory business regulations, standards and policies, companies often need to take a more proactive and end-to-end approach to reducing risk and lowering costs. IBM helps customers quickly respond to many of these emerging regulation and compliance issues, such as the Payment Card Industry Data Security Standard (PCI DSS), or the Health Insurance Portability and Accountability Act (HIPAA).
This acquisition further reinforces IBM's overall security offering strategy. IBM can provide customers with security analysis solutions across multiple risk areas, spanning major business areas such as people, processes, applications, data, technology and physical facilities.