Hewlett-Packard to Buy Fortify Software

Hewlett-Packard announced a definitive agreement to acquire software security assurance provider Fortify Software, to enhance its Business Technology Optimization application portfolio.

Fortify Software offers solutions that assist software companies in making sure that their products comply with regulations and follow secure application life cycles.

The company, who counts Oracle and the United States Air Force amongst its customers, refers to its services as being part of the Software Security Assurance, or SSA, a security discipline aimed at making critical software more secure by addressing risks at code level.

"With Fortify’s leadership in static application security analysis combined with HP’s expertise in dynamic application security analysis, organizations will have a best-in-class solution to improve the security of their applications and services," Bill Veghte, executive vice president of Software and Solutions at HP, said, according to a press release.

The terms of the deal have not been disclosed, but following the acquisition Fortify will initially continue to function as a standalone entity targeting the security market.

However, in time its products will be integrated into HP's Business Technology Optimization application portfolio and the company will become part of HP's Software and Solutions business arm.

"Fortify has always been committed to helping chief information security officers and application teams find, fix and prevent security vulnerabilities before they can be exploited by attackers," said John M. Jack, chief executive officer, Fortify Software.

"Joining HP will allow us to further integrate our proven technology and security expertise with HP’s solutions, letting our joint clients shrink the time-to-security for their new and existing production applications," he added.

This acquisition builds on past collaboration between the two companies, which was announced back in June 2009 and produced the Hybrid 2.0 technology.

Hybrid 2.0 is an Web application security assessment framework, which combines both static source code analysis and dynamic penetration testing to produce more meaningful and accurate results.