HP to buy security software firm Fortify

IDG News Service - Hewlett-Packard said on Tuesday it will buy Fortify Software, which makes tools to find software vulnerabilities and compliance software, for an undisclosed amount.

Fortify Software, a privately held company in San Mateo, California, specializes in software that looks for problems within code that could result in software vulnerabilities, which could then be exploited by an attacker, causing problems such as a data breach.

HP said that Fortify's expertise in static application security analysis will complement its dynamic application security analysis. Static application security testing can uncover vulnerabilities during the development or quality assurance stage of a project, according to Fortify's Web site. Dynamic application security testing finds vulnerabilities in an application that is actively being used and assesses the application's overall security.

Fortify's products include 360, used for finding and fixing vulnerabilities, and Fortify On Demand, where a company can upload binaries to Fortify's data center for analysis.

HP and Fortify said they have collaborated before, working on a technology called Hybrid 2.0 that followed earlier work in June 2009. HP said the acquisition will allow customers to build "scalable enterprise application security programs."

When the acquisition closes, HP said it will run Fortify as a stand-alone entity and then integrate it over time into its HP Software and Solutions business. Fortify's products will become part of HP's Business Technology Optimization application portfolio.

Send news tips and comments to jeremy_kirk@idg.com