IBM on Monday introduced new source-code-scanning software designed to spot security bugs as programs are being written.

The software was developed as an enhancement to the Rational AppScan product line that IBM picked up last year in its purchase of security software vendor Watchfire.

Watchfire's AppScan software could find bugs in applications once they were up and running, but using technology from its research labs, IBM has now enhanced the product so it can spot flaws throughout the software development process. "We're taking that technology and we're building new releases of it, which will allow customers to take a more preemptive approach," said Scott Hebner, vice president of market management with IBM's Rational Software group.

By fixing bugs earlier, companies can save money. A flaw that may cost just US$25 to fix as the program is being written can cost perhaps $16,000 to fix after the software has gone live, Hebner said.

With these new bug-finding tools IBM is now competing with source-code security analysis vendors such as Fortify and Ounce Labs, said Chenxi Wang, an analyst with Forrester Research.

By integrating source-code analysis tools with its Rational Integrated Development Environment (IDE), IBM hopes to make it easier for developers to use these products. In the past, developers have steered clear of security tools because they tended to be inaccurate or were not rolled into their IDEs, Hebner said.

IBM's new AppScan products include a Developer Edition, Build Edition and Tester Server product, all available Monday. Pricing starts at $2,650 per developer license.

The IDG News Service is a Network World affiliate.