HP and Fortify – Application Security Now in the Lifecycle
HP announced its intent to acquire Fortify Software. Fortify represents one of the last standing original independent application security software vendors. Back in 2003, application security vendors were all the rage. The idea that security vulnerabilities occur rather frequently at the application level was 100% accurate. The problem with getting development and QA shops to fully embrace the notion of application security was one of skills and communication across organizational boundaries.
Think about developers and testing professionals, they have full time jobs that keep them more than busy. Now, add the complexity of developing and testing for security – that is a difficult task to add to an already full docket. Thus, application security, while necessary and vital, never gained the traction in the market that was expected.
So, slowly one by one, the pure play application security vendors were either acquired or disappeared. Fortify represents one of the last pure play application security vendors. And while what Fortify stands for and can deliver, application security needs a heftier brand to put the message forth at the executive level. This is where HP comes into play.
HP’s acquisition of Fortify is important to the market in many respects. The intended acquisition helps HP shore up its application lifecycle offering in the developer arena, this is a big win for existing HP customers. HP can talk about the desired outcomes with C-level executives and have a comprehensive message for the business. Overall, this acquisition is positive for market.
Read a more detailed analysis of the HP acquisition of Fortify in our voke First Impressions research here.