IBM acquires Ounce Labs

IBM has acquired Ounce Labs and will integrate it into its Rational software business. Financial terms were not disclosed.

As today’s systems become increasingly interconnected, instrumented and intelligent, they are also becoming more complex, forcing organizations to protect themselves from an evolving array of security and compliance risks. The industry-leading Ounce Labs solutions use advanced capabilities to scan software source code and identify potential security and compliance vulnerabilities during the earliest stages of software development, when they are less expensive to correct. Ounce Labs software can also help organizations to rapidly assess and remediate the level of risk posed to their businesses through their legacy applications.

Many software application vulnerabilities can be prevented or avoided by taking a preemptive approach to security. According to The National Institute of Standards and Technology (NIST), 80% of development costs are spent identifying and fixing defects. By allowing IT teams to build security and compliance into the software development and delivery process, they can help prevent these issues from posing a greater risk to their organization and becoming highly costly to fix.

Ounce Labs technology will be offered as part of the IBM Rational AppScan family of Web application security and compliance testing solutions. The combined offering will provide a comprehensive solution for organizations concerned about correcting security vulnerabilities in applications before they go live. The Ounce Labs and Rational offerings allow IBM to provide application security analysis capabilities across the software development lifecycle (SDLC), from coding to production.

This acquisition further reinforces IBM’s overall security offering strategy. IBM can provide customers with security analysis solutions across multiple risk areas, spanning major business areas such as people, processes, applications, data, technology and physical facilities.