IBM has disclosed its acquisition of Ounce Labs, Inc., a privately-held company based in Waltham, Massachusetts. Software produced by Ounce Labs automatically discovers Information Security flaws in application source code and resolves compliance-based concerns faced by companies and federal agencies. It is a leading application security and digital risk-management firm and enables customers to reduce their threat exposure and avoid data breach disasters. Ounce Labs software will be bundled with IBM Rational AppScan family of Web application security and compliance testing solutions.
This acquisition builds off of IBM’s 2007 purchase of web application vulnerability scanning vendor Watchfire Corp., which also became part of IBM’s Rational development platform. Jack Danahy, cofounder and CTO of Ounce Labs, said the IBM acquisition will help existing customers leverage IBM’s Rational tools, enabling fuller integration of a Rational plug-in popular with Ounce Labs customers. Danahy, who has been pushing source code analysis in the software development lifecycle since 2002, said companies are finally starting to get the message. Danahy said, “It’s sometimes difficult to make that kind of awareness happen when you are a small company. It’s taken organizations time to recognize and show others that if you look at code early on you can save money. Now I’ve got a bullhorn, so this is an extremely exciting development.” Danahy will continue to oversee Ounce Labs during the integration.