Sounding like a happy nuptial more than anything else, Hewlett-Packard has entered a definitive agreement to acquire application security vendor Fortify Software to compliment its dynamic security analysis technology.
Both HP and Fortify (best known for its static security analysis solutions) expect to close the deal by year’s end. However, terms of the deal and future joint road maps were not disclosed.
“The technology that Fortify brings is not only market-leading, but highly complimentary to technology we already have from a previous acquisition in the application security space,” said Mark Sarbiewski, vice president of products at HP, referring to HP’s 2007 acquisition of Web application security vendor SPI Dynamics.
“We see the future security market as the marriage of these two technologies [static and dynamic analysis],” he added.
Barmak Meftah, chief product officer at Fortify, said, “We bring to the table a lot of security bench strength, a lot of security expertise, a big install base, and a big outreach to chief information security officers, which ultimately leads to engineering groups. HP’s outreach, through its ALM offerings, reaches QA teams up through CIOs.
“There are two ingredients to successful acquisitions,” he said. One is the intellectual property that each party brings and how complementary it is; the other is how complimentary are the channels that the products and services will reach.
For about one year, HP plans to treat Fortify as a standalone entity “to keep the momentum of the company and talent,” Sarbiewski said. Key people will stay in place, continuing their roles and driving forward their visions and road maps, he added.
Meftah echoed those thoughts and added, “When being acquired for creative reasons, it’s best to keep the autonomy and trends going until figuring out the best integration strategy.”
Eventually, Fortify’s products, such as the Fortify 360 vulnerability scanner, will become part of HP’s Business Technology Optimization application portfolio.
For several years, Fortify and HP have partnered on other projects. The companies jointly introduced Hybrid 2.0, a solution that combines static and dynamic analyses of application security, this past February.
The San Mateo, Calif.-based company, with its 178 employees, said current Fortify customers will still have access to engineering, and product teams and support organizations will remain unchanged.