HP accounced on June 19th that it would acquire SPI Dynamics, a provider of security testing technology. The announcement came on the heels of the Watchfire acquisition by IBM. These two acquisitions highlighted the industry’s increasing interest in application security. HP’s Mercury with SPI’s WebInspect makes a very compelling offering for comprehensive software testing (performance, functionality, and security). Similar results should ensue for the Watchfire acquisition. It is great to see that application security is finally getting the attention that it deserves. With the two platform providers, HP and IBM, taking on security testing tools, we should see more market uptake on application security measures, which is exciting for those of us in the security space.

While talking to reporters yesterday about the acquisitions, I made a statement: "SPI Dynamics and Watchfire are leading vendors in the space of security testing. Watchfire may have a slightly higher market share, but Mercury+SPI makes a more compelling offering." The statement came out in the form of "Forrester Analyst Wang said: ‘Watchfire is the top security testing company, and SPI Dynamics is No 2.’" This really is not what I meant, because I have never ranked these companies in terms of capabilities, features, and revenues, for that matter. Although I do not control how stories are written in the press, I take responsbility in making a loose statement that could be misconstrued as analysis. So I apologize for that. I certainly never meant to indicate that SPI Dynamics is the #2 security testing company.

But even with this press mishap, I am very excited to see the large platform providers take in the application security vendors, because this ensures that the application testing tools will have a more mainstream audience and a longer shelf life. I think there will be more consolidation in this industry segment where smaller point solution providers will join forces with large security or IT management vendors.

Chenxi Wang, Ph.D., Principal Analyst, Forrester Research