IBM is combining static and dynamic code analysis thanks to tools it acquired from Ounce Labs. The move promises to help fight application security threats.
As application security threats continue to grow, the need for greater code quality analysis is critical. One of the key tools in the fight for better and more secure code quality is a technique known as static analysis, which is an area that IBM (NYSE: IBM) jumped into in 2009 with the acquisition of Ounce Labs.
Now six months after the acquisition announcement, the Ounce Labs static analysis tools are part of the IBM Rational family of products, which also include the AppScan product line for dynamic analysis. Ounce Labs static analysis technology has been rebranded as the IBM Rational AppScan Source Edition. With the integration of the Ounce tools, IBM now has both static and dynamic analysis capabilities in its effort to more thoroughly secure application code.
“In our discussions with IBM running up to the acquisition, it was clear that IBM was continuing their success on the dynamic analysis side with the AppScan products,” Jack Danahy, former CTO of Ounce Labs and now a security executive within IBM Rational’s CTO office, told InternetNews.com. “They were hearing from customers that we have broad language coverage and are used in some large deployments. So IBM concluded that it would make sense to jump ahead and combine their muscle in terms of customer confidence and combine the two technologies — static and dynamic analysis.”