IBM did not disclose the financial details of the acquisition. Armonk, N.Y.-based IBM intends to integrate Ounce Labs into its Rational software development business and combine its products with the IBM Rational AppScan product line.
Ounce Labs, based in Waltham, Mass., develops tools for scanning application source code during the software development process to identify potential security and compliance vulnerabilities. Such problems are easier and less costly to correct early in development, rather than during later stages of development or after the software has been deployed.
Eighty percent of software development costs are spent identifying and fixing defects, IBM said, quoting a statistic from the National Institute of Standards and Technology.
Ounce Labs' tools can be used to pinpoint areas in software code that would make it vulnerable to hackers, for example, or where the software would fail to comply with regulations such as the Payment Card Industry Data Security Standard or the Health Insurance Portability and Accountability Act.
The tools also can be used to test and fix security and compliance gaps in legacy applications, according to IBM.
"The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security testing solution for managing security and compliance across all stages of the software delivery process," said Daniel Sabbah, general manager of IBM Rational Software, in a statement.
IBM's Ounce Labs acquisition was its second of the day. Earlier Tuesday IBM said it plans to acquire Chicago-based SPSS, a developer of sophisticated data mining and predictive analysis software, in a move that will greatly expand IBM's data analysis technology offerings. That deal is valued at approximately $1.2 billion.