Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Eric Ogren

Security Impact

AppScan lives on with IBM

7 comments

IT TOPICS:Development, Enterprise Software & Services, Internet, Security, Servers & Data Center, Software

It seems like just a few years ago that Sanctum's AppShield demo took the RSA Conference by storm. Their demo showing how easy it was for users to modify fields on a web form posted by poorly written applications was a first and people were racing across the Moscone to see what all the buzz was about. What they saw was the birth of the new Web application security segment!

Who would've guessed that over the years that customers would place far more value on AppScan, originally thought of as a throw-in for the web application firewall product. This is one prime example of why start-ups can be so hard - it is very difficult to know how customers will use good ideas. Watchfire saw the potential with application scanning when they purchased Sanctum in 2004.

AppScan will now ride with the IBM security team, as IBM has announced plans to acquire Watchfire. I see this as a terrific deal for both companies, and somewhat less than terrific for Watchfire competitors:

+ IBM gets software that can drive global service revenues. With AppScan in the fold, IBM can evolve the Rational product line to cover more of the application development lifecycle. There is a lively market for tools to help developers make security intrinsic to the application. IBM will bring AppScan into large deals, including those from ISS, that the product would never have seen as part of Watchfire.

+ Watchfire gets IBM backing to broaden the use of its technology. It would not surprise me to see the Watchfire scanning core competency to serve as the basis for a full-scale assault on compliance verification for large enterprises. The fact that Watchfire has some experience with providing scanning results as a service is a definite sweetener.

- SPI Dynamics needs a hug. For that matter so does Cenzic. Fortify has Oracle to run to so they can carry on; Veracode has a unique and interesting business model so they too will continue to go about their business. There have been rumors of SPI throwing themselves at the mercy of companies like HP and Microsoft. In my experience, that approach seldom turns out well.

Email this

Digg this

What People Are Saying

Add new comment

No problem here. Sometimes

Submitted by eric on June 12, 2007 - 4:02 P.M.

No problem here. Sometimes there are winners and losers in market activity. I find folks can get emotional when the company they have a vested interest in comes out on the down side. Comes with the turf.

Reply | Report this comment

I guess the writer of the

Submitted by Anonymous on June 12, 2007 - 1:35 P.M.

I guess the writer of the first two nasty posts works for a competitor of Watchfire and cannot take any constructive remarks about his or her company. I believe the author was unbiased and is merely reflective of what others in the security space are thinking. Maybe this was why the author referenced that "the guys at SPI/Cenzic need a hug". IBM has been around since 1917 and would have done their due diligence in purchasing Watchfire.

Reply | Report this comment

I think this is a great move

Submitted by Anonymous on June 12, 2007 - 1:24 P.M.

I think this is a great move on both company's parts. First, IBM gets a much needed and market leading tool to help bolster its secure software development process and Watchfire gets a major player stepping in and instantly validating the market and the need to address application vulnerabilities at each phase in the SDLC. If IBM has proven anything, its that they have their clients needs on their agenda and they have done their due diligence in acquiring the worldwide leader in the space and not number two or three...

Reply | Report this comment

It is clear that the initial

Submitted by Calls 'em as he sees 'em on June 11, 2007 - 10:15 A.M.

It is clear that the initial two nasty anonymous posts are by the same poster as revealed by his inability to use apostrophes. He must have missed grade 7. To bad.

A word to Anon: while you are learning to use English, bone up on how to add content to your replies. Hollow ad-hominems are just a waste.

Reply | Report this comment

I think some is going to

Submitted by Anonymous on June 10, 2007 - 3:19 P.M.

I think some is going to make remarks about an article being clueless the person making the comment should present his point to counter the article. Otherwise the comment is meaningless and a waste of bandwitdth to download.

Reply | Report this comment

Your clueless about the

Submitted by Anonymous on June 9, 2007 - 6:36 P.M.

Your clueless about the space and market opportunity. You should find a different job.

Reply | Report this comment

Its obvious that you have no

Submitted by Anonymous on June 9, 2007 - 10:25 A.M.

Its obvious that you have no idea of whats going on and don't know enough about the webapp sec space to even make even decent comments or predictions on events. It amazes me that people look to you as any kind of expert when you just vomit on a paper and call it an article.

Reply | Report this comment

Web application security -- time for services

The real reason Google is making Chrome

Java, Ruby and SaaS

Wishing RSA away

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
Download this white paper, free, compliments of Micro Focus!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts