Source Code Specialist Fortify to Buy Secure Software

Applications development security specialist Fortify Software announced that it has agreed to buy a majority of privately held rival Secure Software for an undisclosed amount of money.

Fortify, which is also a private company, reported Jan. 17 that it has signed a definitive contract to purchase Secure, which has its headquarters in McLean, Va., but did not disclose any financial details of the transaction.

The deal specifically calls for Fortify, based in Palo Alto, Calif., to acquire certain intellectual property, capital assets and related resources from Secure, including the entirety of the firm’s CodeAssure applications business and CLASP (Comprehensive, Lightweight Application Security Process) development best practices platform.

Secure’s products are used by companies to identify, asses and remediate vulnerabilities in software applications while they are still being developed, as do Fortify’s own tools.

By drumming out any potential flaws in their applications before taking the programs live, enterprises can greatly reduce the range of security threats they are ultimately exposed to, advocates of such technologies say.

As part of the announcement, Fortify indicated its intent to continue to support Secure’s existing products and customers after the deal is closed.

In addition to gaining Secure’s products, which expand Fortify’s ability to integrate its technologies with IBM’s software development tools, specifically its RUD (Rational Unified Process) platform, company officials said the deal will give the firm a larger presence in the Washington, D.C.-area as it pushes further into the federal government market.

The acquisition also widens Fortify’s ability to bring to market new products that will address the requirements and design phases of the software development process, company officials said.

Fortify has tripled its sales over the last 12 months as demand for source code vulnerability scanning tools has escalated, according to Mike Armistead, vice president of corporate development at the firm.

Read more here about Oracle’s plan to use static code analysis technology from Fortify.

“We’ve seen tremendous growth in the market, and we’re looking to take advantage of our position and get additional assets onboard that will benefit customers,” Armistead said.

“People are looking for ways to solve the software vulnerability issue at its root cause, and this deal helps us add new capabilities to deliver on that goal; companies are doing a lot more testing, but they need technologies such as this to help them address vulnerabilities head on.”

Armistead would not speculate on how the two companies might merge their respective technologies, but he said Fortify plans to retain the majority of Secure’s staff, as those individuals played a significant role in the software maker’s decision to purchase its rival.

The Fortify-Secure deal marks only the latest in a string of recent acquisitions announced in the security applications space.

The largest of the deals is Cisco Systems’ planned buyout of messaging security specialist IronPort Systems, for $830 million, announced Jan. 4.

On Jan. 11, software maker Sophos announced a deal to buy privately held Endforce, a maker of network compliance software.

On Dec. 20, malware detection software maker Websense announced an agreement to acquire data leakage prevention specialist PortAuthority Technologies for approximately $90 million in cash.

And remote access specialist Check Point Software Technologies announced an agreement to acquire network intrusion detection analyst NFR Security for approximately $20 million on Dec. 19.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.