Hewlett-Packard is to buy Fortify Software, which makes tools to find software vulnerabilities and compliance software.
Fortify Software, a privately held company based in San Mateo, California, specialises in software that looks for problems within code that could result in software vulnerabilities, which could then be exploited by an attacker, causing problems such as a data breach.
HP says Fortify's expertise in static application security analysis will complement its dynamic application security analysis. Static application security testing can uncover vulnerabilities during the development or quality assurance stage of a project, according to Fortify's website. Dynamic application security testing finds vulnerabilities in an application that is actively being used and assesses the application's overall security.
Fortify's products include 360, used for finding and fixing vulnerabilities, and Fortify On Demand, where a company can upload binaries to Fortify's data center for analysis.
HP and Fortify have collaborated before, on a technology called Hybrid 2.0 that followed earlier work in June 2009. HP says the acquisition will allow customers to build "scalable enterprise application security programs."
When the acquisition closes, HP said it will run Fortify as a stand-alone entity and then integrate it over time into its HP Software and Solutions business. Fortify's products will become part of HP's Business Technology Optimization application portfolio.
The terms of the deal were not disclosed.