Ounce Labs Delivers the Next Generation of Enterprise Security Source Code Analysis

Ounce Labs Delivers the Next Generation of Enterprise Security Source Code
Analysis
Ounce 6 Features Industry's First Fully Automated Triage Workflow to Deliver
Maximum Security Impact with Minimal Customization

WALTHAM, Mass., July 22 /PRNewswire/ -- Ounce Labs, the industry leader in
enterprise security source code analysis, today announced Ounce 6, the latest
version of its flagship product. As application security continues to be a
critical issue in today's enterprises, organizations looking to bridge the gap
between security and development are looking for the best tools to incorporate
security practices into the development lifecycle. Ounce 6 delivers the
industry's first fully automated workflow that provides maximum security
impact with minimal customization. It also offers substantial performance
improvements to power the analysis of large and complex applications and the
scalability enhancements to support Oracle(R) databases.
    Ounce 6 provides the only security source code analysis solution to meet
the demands of today's enterprises committed to eliminating business-critical
vulnerabilities in software. Industry-leading enhancements in Ounce 6 include:
    -- Automated "no-touch" developer triage:
       Only Ounce 6 automatically delivers confirmed vulnerabilities directly
to the developer's IDE as part of the SDLC build process.  Powered by the
Ounce Automation Server, this new capability helps eliminate the burden of
false positives and focuses developer effort on fixing vulnerabilities
quickly. Ounce Labs continues to offer developer plug-ins free of charge to
support implementation throughout the extended enterprise, whether these
developers are in house or outsourced.
    -- Collaborative "Team" Triage:
       Ounce 6 enables teams to collaborate effectively on large applications,
with the ability to merge results across a distributed team.  It also provides
an audit trail of changes, the ability to "roll back" to an earlier stage of
assessment, and integration with existing defect tracking systems for seamless
security scanning in the SDLC.
    -- 300% performance improvement:
       Significant advancements in the patented Ounce Core(TM) scanning
technology enable a substantial performance increase in the analysis of large
and complex applications that enterprises require, while scanning code over 1
million lines of code an hour. Only analysis of entire applications can ensure
the discovery of the design-level security issues that put data at risk and
PCI compliance in jeopardy.
    -- Integration with Oracle Database:
       To ease enterprise adoption further, Ounce 6 can now utilize the Oracle
database for improved scalability and enterprise fit.
    -- Integration with SlickEdit:
       Integration of the SlickEdit(R) plug-in brings IDE-like capabilities to
the Ounce Security Analyst, providing the most powerful editing capabilities
and speedy navigation of source code. SlickEdit extends across a wide variety
of languages, improving the overall efficiency of triage and remediation.
    "The best way to ensure secure applications is to incorporate security
practices during development before applications are deployed to production,"
said Joseph Feiman, vice president and Gartner Fellow at Gartner.  "When
selecting application security testing technologies, enterprises should
evaluate how these products integrate into popular development and testing
studios, the number of analyzed programming languages, and speed and accuracy
of testing capabilities."
    Ounce 6 also delivers:
    -- Open Assessment API:
       Customers can leverage their existing investments in best-of-breed
security and SDLC tools with this ability to extend the Ounce solution. Unlike
other vendors, Ounce does not require organizations to replace their preferred
tools to realize the full benefit of combined analysis from application
firewall and penetration testing solutions.
    -- Security Knowledgebase expansion:
       With the addition of coverage for JDK 1.5, BEA WebLogic 9, and
expansion of ASP Classic coverage, the industry's most comprehensive
knowledgebase meets the demanding requirements of a multi-language enterprise
portfolio.
    -- Additional Scanning Improvements:
       Ounce's leading analysis technology has been enhances to support the
flexible scanning of non-buildable projects, to enable remediation even when
complete applications are unavailable; expanded analysis, supporting
configuration and XML files; and a "click-and-go" configuration wizard to
speed project setup and initial analysis.
    "Ounce provides us with the most accurate and actionable results in the
industry," said Dr. Tarek Nabhan, Products Division Manager, ITWorx. "Ounce
makes it easy for our developers and analysts to quickly implement the
necessary changes to the software, helping us to deliver the most secure
software possible, on time. We have reduced development costs, improved
security, and enhanced even further the confidence our customers place in us."
    "As software applications continue to grow in complexity and size with
multi-tier layers that are developed by geographically distributed workgroups
or by offshore developers, the likelihood of flaws and exploitable
vulnerabilities increases," said Hugh Scandrett, president and CEO of Ounce
Labs. "Thousands of Ounce users at customers including 50% of the Fortune Top
20 will benefit from these new enterprise capabilities that drive the
elimination of business-critical software vulnerabilities across a broad
portfolio of applications."
    Availability
    Ounce 6 will be generally available in early August. For more information
or to see a product demonstration, please contact Ounce Labs at 781.290.5333
or 866.33.OUNCE (68623), or visit our website at www.ouncelabs.com.
    About Ounce Labs, Inc.
    Ounce Labs' industry-leading enterprise security source code analysis
solutions enable organizations to quickly analyze a wide portfolio of
applications, identifying and prioritizing business-critical vulnerabilities.
Ounce's patented code analysis delivers actionable results with minimal
customization. Ounce's open and flexible workflow integrates seamlessly into
customers' existing infrastructure, enabling both the security and development
teams to collaborate for maximum value from the analysis findings. Only Ounce
delivers the enterprise scalability and automation to help organizations such
as EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Government Accountability
Office, Unisys and VeriSign, strengthen application security and protect
confidential information enterprise-wide. Ounce also helps organizations to
verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and
others. For more information, please visit www.ouncelabs.com.
    Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United
States and other countries. Other product or service names mentioned herein
are the trademarks of their respective owners.
    MEDIA CONTACTS:    Peter Crosby                Brenda Menard
                       Ounce Labs                  Davies Murphy Group
                       781.547.7012                781.418.2435
                       Peter.Crosby@ouncelabs.com  ounce@daviesmurphy.com
                       http://www.ouncelabs.com    http://www.daviesmurphy.com

SOURCE  Ounce Labs

Peter Crosby of Ounce Labs, +1-781-547-7012, Peter.Crosby@ouncelabs.com; or
Brenda Menard of Davies Murphy Group, +1-781-418-2435, ounce@daviesmurphy.com,
for Ounce Labs