PatchLink has announced plans to acquire application security company SecureWave for an undisclosed sum.

The deal is being structured as a merger, with SecureWave shareholders getting shares in the new company in return for their current holding. However, this is more than a passive acquisition - one of SecureWave’s founding shareholders, Mangrove Capital Partners, is to be given a seat on the merged board. Both companies are privately-held which makes price disclosure unlikely.

This means two small but notable endpoint-related companies have been bought out in a week. On June 13, it was announced that SonicWall was acquiring SSL vendor Aventail for $25 million.

In this latest acquisition, buying Securewave represents a new departure for PatchLink, which does not currently have application security products to sell with its patching and vulnerability management software.

Securewave’s SecureEXE, in particular, is a good example of a ‘whitelisting’ application, an area some see as the future of software security. The software identifies authorised applications and allows only these to run, thereby excluding malware without the need for signature-based detection.

"This emphasis on fixing problems before they occur will create a significant market for integrated security policy and remediation management. A proactive stance will also reduce security risk across the enterprise. PatchLink’s acquisition of SecureWave provides solutions to reduce risk,” the official released quoted IDC analyst Charles Kolodgy as saying.

Neither company qualifies as startup fodder, despite their private ownership. PatchLink has been around since 1991, and even SecureWave – the most notable tech company to come out of Luxembourg – was founded as long ago as 1996. The newly combined company will have 230 employees, large for a private outfit.