Providers of applications security testing tools say business is taking off, as more customers are building such capabilities into their development lifecycles and large platform providers have picked off some of their closest rivals.
When IBM and HP purchased two of the leading applications security specialists in the space of several months in mid-2007 - acquiring Watchfire and SPI Dynamics, respectively - other vendors in the space predicted they would also benefit from the exposure and shift in the competitive landscape.
Less than one year after the acquisitions, some customers and industry analysts agree that independent security testing providers are making hay as high-profile data leaks, compliance measures, and ceaseless malware attacks at the applications level push businesses to place greater emphasis on security testing tools.
While IBM and HP work to integrate the acquired technologies into their broader software development platforms - and try to affect a significant change in the way developers secure their code - IT security teams and software quality assurance (QA) specialists are still investing in the offerings of standalone providers such as Cenzic, Fortify, Ounce Labs, and WhiteHat.
"Right now most of the buying in this space is still being done by information security teams. Some companies are testing during QA, but developers are still too busy to do testing," said Mandeep Khera, vice president of marketing at Cenzic. "The idea that we remain focused on product innovation appears to be resonating with customers. They know that we're totally committed to this market, whereas for these other guys it's just a drop in the bucket as they move to integrate [these capabilities] into their development platforms."