|
| |
|
|
|
Newsletters |
Your Gateway to a Fast
Changing World
Product News Alerts |
 |
Receive similar stories and other customized
news to keep you in the know on the products shaping
industry. |
Subscribe Free Today
Subscribe View
Sample |
Industrial
Market Trends
Has Got It |
- Latest developments
- Trends
- Best practices
- Opinions & Commentary
|
 |
Get Ahead.
Get IMT.
Subscribe Free Today
Subscribe View
Sample |
|
|
|
|
Ounce Labs Delivers the Next Generation of Enterprise Security Source Code Analysis
Ounce 6 Features Industry's First Fully Automated Triage Workflow to Deliver Maximum Security Impact with Minimal Customization
WALTHAM, Mass., July 22-- Ounce Labs, the industry leader in enterprise security source code analysis, today announced Ounce 6, the latest version of its flagship product. As application security continues to be a critical issue in today's enterprises, organizations looking to bridge the gap between security and development are looking for the best tools to incorporate security practices into the development lifecycle. Ounce 6 delivers the industry's first fully automated workflow that provides maximum security impact with minimal customization. It also offers substantial performance improvements to power the analysis of large and complex applications and the scalability enhancements to support Oracle® databases.
Ounce 6 provides the only security source code analysis solution to meet the demands of today's enterprises committed to eliminating business-critical vulnerabilities in software. Industry-leading enhancements in Ounce 6 include:
-- Automated "no-touch" developer triage:
Only Ounce 6 automatically delivers confirmed vulnerabilities directly to the developer's IDE as part of the SDLC build process. Powered by the Ounce Automation Server, this new capability helps eliminate the burden of false positives and focuses developer effort on fixing vulnerabilities quickly. Ounce Labs continues to offer developer plug-ins free of charge to support implementation throughout the extended enterprise, whether these developers are in house or outsourced.
-- Collaborative "Team" Triage:
Ounce 6 enables teams to collaborate effectively on large applications, with the ability to merge results across a distributed team. It also provides an audit trail of changes, the ability to "roll back" to an earlier stage of assessment, and integration with existing defect tracking systems for seamless security scanning in the SDLC.
-- 300% performance improvement:
Significant advancements in the patented Ounce Core(TM) scanning technology enable a substantial performance increase in the analysis of large and complex applications that enterprises require, while scanning code over 1 million lines of code an hour. Only analysis of entire applications can ensure the discovery of the design-level security issues that put data at risk and PCI compliance in jeopardy.
-- Integration with Oracle Database:
To ease enterprise adoption further, Ounce 6 can now utilize the Oracle database for improved scalability and enterprise fit.
-- Integration with SlickEdit:
Integration of the SlickEdit® plug-in brings IDE-like capabilities to the Ounce Security Analyst, providing the most powerful editing capabilities and speedy navigation of source code. SlickEdit extends across a wide variety of languages, improving the overall efficiency of triage and remediation.
"The best way to ensure secure applications is to incorporate security practices during development before applications are deployed to production," said Joseph Feiman, vice president and Gartner Fellow at Gartner. "When selecting application security testing technologies, enterprises should evaluate how these products integrate into popular development and testing studios, the number of analyzed programming languages, and speed and accuracy of testing capabilities."
Ounce 6 also delivers:
-- Open Assessment API:
Customers can leverage their existing investments in best-of-breed security and SDLC tools with this ability to extend the Ounce solution. Unlike other vendors, Ounce does not require organizations to replace their preferred tools to realize the full benefit of combined analysis from application firewall and penetration testing solutions.
-- Security Knowledgebase expansion:
With the addition of coverage for JDK 1.5, BEA WebLogic 9, and expansion of ASP Classic coverage, the industry's most comprehensive knowledgebase meets the demanding requirements of a multi-language enterprise portfolio.
-- Additional Scanning Improvements:
Ounce's leading analysis technology has been enhances to support the flexible scanning of non-buildable projects, to enable remediation even when complete applications are unavailable; expanded analysis, supporting configuration and XML files; and a "click-and-go" configuration wizard to speed project setup and initial analysis.
"Ounce provides us with the most accurate and actionable results in the industry," said Dr. Tarek Nabhan, Products Division Manager, ITWorx. "Ounce makes it easy for our developers and analysts to quickly implement the necessary changes to the software, helping us to deliver the most secure software possible, on time. We have reduced development costs, improved security, and enhanced even further the confidence our customers place in us."
"As software applications continue to grow in complexity and size with multi-tier layers that are developed by geographically distributed workgroups or by offshore developers, the likelihood of flaws and exploitable vulnerabilities increases," said Hugh Scandrett, president and CEO of Ounce Labs. "Thousands of Ounce users at customers including 50% of the Fortune Top 20 will benefit from these new enterprise capabilities that drive the elimination of business-critical software vulnerabilities across a broad portfolio of applications."
Availability
Ounce 6 will be generally available in early August. For more information or to see a product demonstration, please contact Ounce Labs at 781.290.5333 or 866.33.OUNCE (68623), or visit our website at www.ouncelabs.com.
About Ounce Labs, Inc.
Ounce Labs' industry-leading enterprise security source code analysis solutions enable organizations to quickly analyze a wide portfolio of applications, identifying and prioritizing business-critical vulnerabilities. Ounce's patented code analysis delivers actionable results with minimal customization. Ounce's open and flexible workflow integrates seamlessly into customers' existing infrastructure, enabling both the security and development teams to collaborate for maximum value from the analysis findings. Only Ounce delivers the enterprise scalability and automation to help organizations such as EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Government Accountability Office, Unisys and VeriSign, strengthen application security and protect confidential information enterprise-wide. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.
Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.
CONTACT:
Peter Crosby of Ounce Labs
+1-781-547-7012
Peter.Crosby@ouncelabs.com
Brenda Menard of Davies Murphy Group
+1-781-418-2435
ounce@daviesmurphy.com for Ounce Labs
Web site: http://www.ouncelabs.com/
http://www.daviesmurphy.com/
Contacts:
General Information:
Peter Crosby
USA
Phone: 1-781-547-7012
 E-mail this person
Company Information:
Name: Ounce Labs, Inc.
Address: 100 Fifth Avenue
City: Waltham
State: MA
ZIP: 02451
Country: USA
Phone: 781-290-5333
http://www.ouncelabs.com
|
del.icio.us
DIGG
Facebook
Reddit
StumbleUpon
Twitter
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
