SPI has been a longtime partner of HP, which has offered its tools as a package with its Mercury and OpenView software development products -- just as Watchfire had been selling its applications security products packaged with IBM's Rational code-authoring tools before getting snapped-up by the firm.

Both platform providers' moves to bring security testing capabilities under their own control should benefit their individual marketing efforts and customers' development lifecycle plans, other analysts said.

"SPI had integration with Mercury from a partner standpoint, but that type of a relationship is never as tight as it is within a product suite produced by the same company, and SPI will now be able to take better advantage of HP's installed base of customers," said Dr. Chenxi Wang, analyst with Forrester Research.

"Mercury is the leader of the quality testing market, and customers are increasingly making vulnerability testing a part of that type of work, as opposed to an afterthought, so it makes a lot of sense of HP to make this type of deal," Wang said.

One of the most significant benefits of adding SPI in particular is that it has both Web applications inspection and source code scanning tools in-house in the form of its WebInspect and DevInspect product lines respectively, along with its own QAInspect quality assurance tools, said the analyst.

SPI's combination of code and applications analysis software may give HP an advantage over its rivals, including IBM, Wang said, as she cited Watchfire's forte as based in pure Web applications assessment -- work typically done by quality and assurance testers -- not in technologies built specifically for use by applications developers.

"HP has a commitment to pushing this type of security technology deeper into the development lifecycle, integrating with Mercury now makes a lot of sense to their long-term vision," said Wang -- who has worked previously for the HP Labs research group as an independent consultant. "Having SPI's development-phase tools may give HP a leg-up over IBM-Watchfire; HP wants to be selling these types of tools directly to developers, not QA testers."

According to a report issued earlier this month by the National Institute of Standards and Technology, a federal agency that develops technology standards, some 92 percent of all IT security vulnerabilities exist in software applications, which Wang cited as an "astounding" figure.

With customers clamoring for a way to reduce their risk to such issues, HP and IBM have seen the business opportunity and moved to address it, she said.

Other industry watchers noted that it will become increasingly difficult for standalone applications security providers to compete with the tools being integrated by companies with powerful development arms like HP and IBM.

SPI Chief Executive Brian Cohen said he believes it will be hard for such companies to compete in light of the demand for integration with development platforms.

To highlight the point, the CEO alluded to the fact that it may have been tough for SPI to maintain its partnership with IBM -- with whom its products have also been packaged for sale and consumption -- in light of the Watchfire deal.

"Our belief was that the ultimate success of SPI would be to see our technology integrated into a broadly distributed platform sold to software developers, and it is clear that organizations such as HP feel the same way," Cohen said. "I don't see a standalone business long-term without integration for these types of technologies."