Consolidation, growth in software security

Yesterday, we learned that Fortify Software will be buying Secure Software. Each company makes source code analysis tools. Both are well-regarded in terms of the quality of their products, and in the expertise of their teams.

However, Secure Software had been undergoing a transformation, as the well-known security guru, John Viega, had already left the company (in March 2006) to join McAfee. This led to questions about the future of CLASP, the comprehensive, lightweight, application security process that Viega developed. The sale of Secure Software was no surprise.

What did surprise me, however, is that it was bought by another small security company. We’re certainly the point when bigger ALM companies, such as Borland, IBM Rational, Telelogic or Serena, should be adding security tools to their product portfolio. It’s not a question of if, but when, these specialist firms get snatched up.

This consolidation of the software security market is offset by the launch of a new player. The next issue of SD Times introduces us to a new player, Veracode, which was created out of the remnants of V0pht, a hacker collective in Boston. Look for Alex Handy’s story, coming out on Feb. 1st.