Fortify addresses software security by looking at the software lifecycle, performing source code analysis, and eyeing security flaws for large-grade commercial applications used in fields such as financial services and telecommunications, said Jack. The company also simulates attacks and traces the IP addresses of persons attacking an application.

"At Fortify, we have a vision and our vision is safe computing for everyone and the way to get to that vision is to look at your software," Jack said.

Metallect's software creates a visual map of each application, scanning source code, metadata, unstructured data, and text files. "The job of our software is to read all that and understand how all these applications are interrelating," said Tom Hite, co-founder and CTO at Metallect.

Locating interdependencies enables software to be managed as a portfolio, according to Metallect. "When I make a change in software, how far-reaching will the effects be?" Hite asked, in explaining Metallect. The company, for example, will gauge the effects of exposing a service in an SOA.

Although Black Duck was the top choice of neither the audience nor the venture capitalists, the company is receiving funding from two of the venture capitalists represented on the panel: Apollo Strategy Group and Intel Capital. Fortify receives funding from the third venture capital firm represented on the panel, Kleiner Perkins Caufield & Byers.