“The industry is moving away from role-based offerings, because the flow across the life cycle is more important than the individual things you do,” he said.

If agile continues to gain footing in ALM, it may be not about agile per se. “What really matters is business alignment, not agile,” said Voke’s Lanowitz. She said the word “agile” has caught on because it is good word, but what it really means is “customer responsiveness.”

The most important aspect of application life-cycle management is “staying attuned to your line of business,” Lanowitz said. HP vice president Jonathan Rende echoed that view: “These days, the business process represented in software applications is the innovation in the business itself.”

What about application security?
Even as ALM continues to evolve, some established technologies still aren’t part of the life-cycle process. “In most organizations, security professionals still own security,” said Rende, noting that security testing takes place after software is developed and ready to be deployed. Penetration testing needs to move upstream into QA, and source code analysis should take place when developers check in code, he said.

In 2010, HP acquired Fortify Software, which makes tools to scan source code for security flaws. In 2007, HP bought SPI Dynamics. Its penetration tools test application security by simulating malicious attacks.

IBM’s Chu said the company sees customers implementing both types of testing earlier in the life cycle, but he conceded that security has not integrated into most organization’s life cycles in a satisfactory way. “There is recognition that it is a desirable thing. People are moving in that direction,” he said. IBM acquired source code analysis tool maker Ounce Software in 2009, and bought penetration tool maker Watchfire in 2007.

Is virtualized testing on the radar?
Another technology that is yet to gain firm footing in the ALM process is virtualized testing, which provides a way to test applications without having to rely on the operations group to configure physical servers for testing.

“Virtualization has taken off in data centers, but we haven’t seen many organizations using it to test applications as part of the ALM process,” said Lanowitz. One reason adoption has been slow is that, until recently, none of the major tool makers were pushing it, she said.

Now Microsoft is leading that effort, she said. The company launched virtualized test offering Lab Management, which is part of Visual Studio, in August 2010.