IBM acquires source code-scanning tools

IBM said on Tuesday that it has acquired Ounce Labs, a maker of enterprise tools for detecting software flaws during the development process, for an undisclosed sum.

Earlier this year, IBM released Rational AppScan, designed to scan Flash and Ajax-based applications for security defects, and the Ounce purchase is intended to complement this product, the company said.

Ounce's source code security testing products will be integrated into the Rational software business and offered as part of the Rational AppScan product line.

"The complexity of today's systems and the sophistication of attacks require comprehensive technology," said Rational general manager Dr Daniel Sabbah, in a statement.

Ounce's tools are intended to help enterprises take a pre-emptive approach to security and compliance issues in the software they develop. The technology is used to scan source code and identify potential problems during the earliest stages of development.

The products can also help assess the risks posed by an enterprise's legacy applications.

HP has also developed products in the application scanning market, such as SWFScan, released in March. SWFScan decompiles Flash applications and searches the code for vulnerabilities and violations of Adobe's guidelines for best security practices.

HP also developed Scrawlr, which tests for SQL injection vulnerabilities in applications on Microsoft's ASP platform.