It might lack a fulltime CEO but HP still has an open wallet. The company has announced its intention to buy software assurance company Fortify Software.

As usual for a deal with a private company, the financials have not been made public, but the buy will give HP access to the small but growing market for static line-by-line software security analysis pioneered by Fortify.

The idea of analysing code for security flaws as part of a compliance and assurance approach to development has attractions for companies unable or unwilling to set up an entire inhouse system to do the same job. Software assurance is a sort of advisory outsourcing for code analysis.

“Businesses operate in a world of increasing security and compliance challenges, and the applications and services that they rely on are core to the problem and the solution,” said HP vice president of Software and Solutions, Bill Veghte.

“With Fortify’s leadership in static application security analysis combined with HP’s expertise in dynamic application security analysis, organizations will have a best-in-class solution to improve the security of their applications and services.”

Fortify will continue as a standalone service in the short term before being swallowed up as part of HP’s wider Business Technology Optimisation channel.

Fortify has argued that cloud software is no less in need of the sort of analysis that can be provided by its technology than any other software.

Founded in 2003, Fortify Software competes with rivals such as Veracode.