Ounce Labs Enhances Source Code Analysis Product to Integrate Security Into the Software Development Lifecycle

  WALTHAM, MA, Jan 15 (MARKET WIRE) -- 
 Ounce Labs, the industry leader in software risk analysis, today
announced the latest version of its award-winning source code analysis software.
The enhanced product delivers scan automation and reporting capabilities to help
enterprisesmore easily incorporate source code analysis (SCA) into their own
software development lifecycle (SDLC).

    Ounce has enhanced its source code analysis product by adding the Ounce
Automation Server to provide seamless integration of security into build
environments wherever developers choose to implement it within the SDLC. The
Ounce Automation Server provides the ability to automatically scan, define,
publish and report on the security of application code during development.

    Ounce is also providing support for the Apache Maven project management
andautomation software with a plug-in designed to help developers extend the
build process to include security. The Ounce/Maven Plug-In is a
free-standing command line interface that helps Maven users deliver security
through source code analysis within their build environments. The Ounce/Maven
Plug-in allows developers to initiate Ounce scan operations, generate a report
of
scan results, and publish and save reports.

    In addition, Ounce is contributing the Ounce/Maven Plug-in to the
open-source
community. The module will be hosted at open-source project repository Codehaus,
which can be found online at www.codehaus.org. "Secure programming is not always
paramount in the minds of software developers," said Brian Fox from the Apache
Maven
project. "The Agile way to use these tools is via build system integration that
provides automatic scanning and reporting on a regular basis. Integrating
advanced tools into a build is unfortunately a frequent barrier to adoption.
By donating the Ounce/Maven Plug-in, Ounce is enabling the open source community
to
work together to leverage the Maven plug-in platform to provide drop-in
integration and scanning of all projects using Maven."

    "Ounce is continuing to champion the advancement of secure software
development by
providing a new open-source plug-in for Maven. The transparency of
development in the open source community makes it well-suited for our
approach to source code analysis that includes focusing on security as a core
requirement, not an afterthought," said Jack Danahy, chief technical officer and
co-founder of Ounce Labs. "The addition of this new capability is another
example of our ongoing commitment to help organizations and enterprises easily
add security into their development processes without disrupting or delaying
timelines."

    About Ounce Labs, Inc.

    Ounce Labs' solutions enable organizations to identify, prioritize and
eliminate business risk to the enterprise caused by software security
vulnerabilities. With Ounce Labs, organizations strengthen application security,
protect confidential information and verify compliance with both internal
policies and industry mandates such as PCI, FISMA, HIPAA and others.

    Ounce Labs' software analyzes application source code to provide the most
complete and accurate analysis of application vulnerabilities and their
relative priorities, enabling business users and IT professionals to
optimize their resources on resolving the most critical issues. Unique in
its ability to scale across an organization's entire portfolio of
applications, Ounce is used enterprise-wide by many of the world's most
security-conscious organizations, including AT&T, IBM, Intel, Lockheed Martin,
GMAC, Eos Airlines, the U.S. Government Accountability Office, Unisys and
VeriSign.

    Led by senior executives with deep enterprise software and security
expertise,
Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices
throughout the U.S. and Europe. For more information, please visit
www.ouncelabs.com.

    Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United
States
and other countries. Other product or service names mentioned herein are the
trademarks of their respective owners.

    

MEDIA CONTACTS:
Rachel O'Connell
Ounce Labs
781.547.7016
rachel.oconnell@ouncelabs.com
http://www.ouncelabs.com

Mark Daly
Davies Murphy Group
781.418.2411
ounce@daviesmurphy.com
http://www.daviesmurphy.com

Copyright 2008, Market Wire, All rights reserved.

-0-