IBM to buy Web app security vendor Watchfire

IBM plans to fold Watchfire's security compliance and quality testing software into its Rational division

IBM liked Watchfire's Web application security software so much it plans to buy the company for an undisclosed sum, it said Wednesday.

Watchfire develops software for identifying vulnerabilities in Web applications and for auditing sites for compliance with regulations on corporate governance, data privacy, or accessibility.

[ Blog: Is Watchfire deal bad for SPI? ]

IBM plans to fold the Waltham, Massachusetts, company into its Rational division, adding Watchfire's security compliance and quality testing functions to Rational's software delivery tools.

The two companies are no strangers: Watchfire's 800 customers include IBM, Dell, Sun Microsystems, and a host of others in the financial, pharmaceutical and entertainment industries. IBM's Global Services division is also a partner and reseller, according to Watchfire.

Other developers of application security testing tools include Cenzic and SPI Dynamics. Cenzic, in Santa Clara, California, has worked with application development tool specialist Borland Software in the past, and its current partners include IBM and Mercury Interactive, now a subsidiary of Hewlett-Packard.

Watchfire developed its WebXM auditing tool in house, but obtained its flagship AppScan product through the acquisition of Sanctum in July 2004.

IBM expects to close the deal in the third quarter, subject to regulatory approval.