HP Tightens Application Security With Fortify Software Acquisition


HP plans to scoop up Fortify Software, a privately held security software company, in a bid to lock down applications throughout their life cycle.

Neither HP nor Fortify disclosed the sum of the transaction, through which HP will ultimately add Fortify to its software unit.

The Fortify acquisition comes as HP is looking to fortify its own image as the tech titan is embroiled in controversy following the recent resignation of HP CEO Mark Hurd amid an unfounded sexual harassment claim and subsequent investigation. HP is actively seeking a replacement for its fallen CEO.

According to HP, the acquisition of San Mateo, Calif.-based Fortify Software will allow HP to offer solutions that help companies reduce business risk, meet compliance regulations and protect against malicious application attacks by integrating security assurance across the application life cycle. HP will be able to tie security applications end-to-end through its hardware, software and services offerings.

Fortify makes Software Security Assurance products and services to protect companies from threats posed by security flaws in software applications. Its Fortify 360 suite of software security offerings automates the development and deployment of secure applications.

"Businesses operate in a world of increasing security and compliance challenges, and the applications and services that they rely on are core to the problem and the solution," Bill Veghte, executive vice president of Software and Solutions at HP, said in a statement. "With Fortify's leadership in static application security analysis combined with HP's expertise in dynamic application security analysis, organizations will have a best-in-class solution to improve the security of their applications and services."

HP's Fortify buy comes as major technology players turn their attention to software and application security.

IBM, for example, has been bulking up its security presence and has recently launched a number of software products and services that help companies build security into the initial designs of their applications. In July 2009, IBM acquired Ounce Labs, a supplier of software source code testing tools to help companies reduce security and compliance risks and costs; and last month IBM bought BigFix, a compliance and security management company that IBM will leverage to manage and automate security.

The Fortify purchase also continues an impressive shopping spree for Palo Alto, Calif.-based HP. In April HP acquired struggling smartphone maker Palm to the tune of roughly $1.2 billion, and before that HP bought struggling networking player 3Com Corp. last November for a reported $2.7 billion.

HP and Fortify have teamed up in the past. In June 2009, the two companies collaborated to integrate Fortify's Static Application Testing technology with HP's Application Security Center and Quality Center software offerings for application security and visibility. And in February, the two companies paired up again to create Hybrid 2.0, an advanced security analysis technology that built on the earlier integration.

HP said the acquisition will speed the development of the joint HP-Fortify technologies. At the acquisition's close, HP will run Fortify as a standalone entity while targeting the security market. Over time, HP will integrate Fortify into the HP Software and Solutions business and its products will become part of the Business Technology Optimization application portfolio, which is offered by HP channel sales and services partners.

"Joining HP will allow us to further integrate our proven technology and security expertise with HP's solutions, letting our joint clients shrink the time-to-security for their new and existing production applications," Fortify Software CEO John M. Jack said in a statement.