HOME |LOGIN | SUBMIT

Ounce Labs News

Ounce Labs Delivers the Next Generation of Enterprise Security Source Code Analysis

WALTHAM, Mass., July 22 PRNewswire — Ounce Labs, the industry leader in enterprise security source code analysis, today announced Ounce 6, the latest version of its flagship product. As application security continues to be a critical issue in today's enterprises, organizations looking to bridge the gap between security and development are looking for the best tools to incorporate security practices into the development lifecycle. Ounce 6 delivers the industry's first fully automated workflow that provides maximum security impact with minimal customization. It also offers substantial performance improvements to power the analysis of large and complex applications and the scalability enhancements to support Oracle(R) databases.

Ounce 6 provides the only security source code analysis solution to meet the demands of today's enterprises committed to eliminating business-critical vulnerabilities in software. Industry-leading enhancements in Ounce 6 include:

— Automated "no-touch" developer triage:

Only Ounce 6 automatically delivers confirmed vulnerabilities directly to the developer's IDE as part of the SDLC build process. Powered by the Ounce Automation Server, this new capability helps eliminate the burden of false positives and focuses developer effort on fixing vulnerabilities quickly. Ounce Labs continues to offer developer plug-ins free of charge to support implementation throughout the extended enterprise, whether these developers are in house or outsourced.

— Collaborative "Team" Triage:

Ounce 6 enables teams to collaborate effectively on large applications, with the ability to merge results across a distributed team. It also provides an audit trail of changes, the ability to "roll back" to an earlier stage of assessment, and integration with existing defect tracking systems for seamless security scanning in the SDLC.

— 300% performance improvement:

Significant advancements in the patented Ounce Core(TM) scanning technology enable a substantial performance increase in the analysis of large and complex applications that enterprises require, while scanning code over 1 million lines of code an hour. Only analysis of entire applications can ensure the discovery of the design-level security issues that put data at risk and PCI compliance in jeopardy.

— Integration with Oracle Database:

To ease enterprise adoption further, Ounce 6 can now utilize the Oracle database for improved scalability and enterprise fit.

— Integration with SlickEdit:

Integration of the SlickEdit(R) plug-in brings IDE-like capabilities to the Ounce Security Analyst, providing the most powerful editing capabilities and speedy navigation of source code. SlickEdit extends across a wide variety of languages, improving the overall efficiency of triage and remediation.

"The best way to ensure secure applications is to incorporate security practices during development before applications are deployed to production," said Joseph Feiman, vice president and Gartner Fellow at Gartner. "When selecting application security testing technologies, enterprises should evaluate how these products integrate into popular development and testing studios, the number of analyzed programming languages, and speed and accuracy of testing capabilities."

Ounce 6 also delivers:

— Open Assessment API:

Customers can leverage their existing investments in best-of-breed security and SDLC tools with this ability to extend the Ounce solution. Unlike other vendors, Ounce does not require organizations to replace their preferred tools to realize the full benefit of combined analysis from application firewall and penetration testing solutions.

— Security Knowledgebase expansion:

With the addition of coverage for JDK 1.5, BEA WebLogic 9, and expansion of ASP Classic coverage, the industry's most comprehensive knowledgebase meets the demanding requirements of a multi-language enterprise portfolio.

— Additional Scanning Improvements:

Ounce's leading analysis technology has been enhances to support the flexible scanning of non-buildable projects, to enable remediation even when complete applications are unavailable; expanded analysis, supporting configuration and XML files; and a "click-and-go" configuration wizard to speed project setup and initial analysis.

"Ounce provides us with the most accurate and actionable results in the industry," said Dr. Tarek Nabhan, Products Division Manager, ITWorx. "Ounce makes it easy for our developers and analysts to quickly implement the necessary changes to the software, helping us to deliver the most secure software possible, on time. We have reduced development costs, improved security, and enhanced even further the confidence our customers place in us."

"As software applications continue to grow in complexity and size with multi-tier layers that are developed by geographically distributed workgroups or by offshore developers, the likelihood of flaws and exploitable vulnerabilities increases," said Hugh Scandrett, president and CEO of Ounce Labs. "Thousands of Ounce users at customers including 50% of the Fortune Top 20 will benefit from these new enterprise capabilities that drive the elimination of business-critical software vulnerabilities across a broad portfolio of applications."

Availability

Ounce 6 will be generally available in early August. For more information or to see a product demonstration, please contact Ounce Labs at 781.290.5333 or 866.33.OUNCE (68623), or visit our website at www.ouncelabs.com.

About Ounce Labs, Inc.

Ounce Labs' industry-leading enterprise security source code analysis solutions enable organizations to quickly analyze a wide portfolio of applications, identifying and prioritizing business-critical vulnerabilities. Ounce's patented code analysis delivers actionable results with minimal customization. Ounce's open and flexible workflow integrates seamlessly into customers' existing infrastructure, enabling both the security and development teams to collaborate for maximum value from the analysis findings. Only Ounce delivers the enterprise scalability and automation to help organizations such as EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Government Accountability Office, Unisys and VeriSign, strengthen application security and protect confidential information enterprise-wide. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.

Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.

MEDIA CONTACTS: Peter Crosby Brenda Menard Ounce Labs Davies Murphy Group 781.547.7012 781.418.2435 Peter.Crosby@ouncelabs.com ounce@daviesmurphy.com http://www.ouncelabs.com http://www.daviesmurphy.com

SOURCE Ounce Labs

Search Our News Using Google Search

Can't find what you want? Try using Google:

	Enter your search terms Submit search form
	Web www.digital50.com

Advertisements

Search ADN: Business Information

Recommended Additional Search Terms

• Computer/Electronics
• Multimedia/Online/Internet
• High Tech Security
• Internet Technology
• Computer Software
• Ounce Labs
• Massachusetts

Home | About Us | Services | Copyright | Terms of Use | Terms of Sale | Privacy | Contact Us | Submit News

American Digital Networks, All Rights Reserved 2000-2007