OUNCE LABS FOUNDER PRESENTS PRACTICAL SOFTWARE SECURITY GUIDANCE FOR FEDERAL AND IT AUDIT COMMUNITIES

Jack Danahy Invited to Demonstrate Real-World Solutions for Reducing Software Risk

Waltham, MA, August 8, 2006 – Ounce Labs, the leader in software security assurance, today announced that its founder and Chief Technology Officer, Jack Danahy, has been invited to offer expert guidance on software security this month for the 2006 Air Force Information Technology Conference (AFITC) and the Institute for Internal Auditors’ Risk and Control Conference. Based on his extensive experience as an IT security professional and later building solutions for software security, Danahy’s presentations will focus on what organizations are currently doing to successfully reduce software risk and assure that proper security measures are taken.

On Monday, August 13 at 2:30 pm, Danahy will present “Software Assurance: DoD Implementation of Source Code Vulnerability Analysis” for a broad Department of Defense audience at the AFITC in Montgomery, AL. The session will describe how specific Ounce Labs federal customers are using source code analysis technology to write more secure software, certify the security of outsourced software development, and enforce software security requirements among vendors through contract language.

The following week, he will present “Primary Controls for Software Security” at the IIA Risk and Control Conference in Palm Beach, FL. In this session, on Monday, August 20 at 2:15 pm, Danahy will explain the fundamental controls that auditors should verify are in place for any Internet-facing system. Drawing from a range of auditing and security standards as well as customer cases, Danahy will offer a framework for assessing critical controls such as data encryption, authentication, access control, and logging.

“ There is currently much discussion in the security field about the dangers of software security vulnerabilities, but very little guidance on how organizations can implement practical solutions,” said Danahy. “For example, fixing a buffer overflow is pointless if you’re not enforcing a strong encryption policy for your data storage software. Our customers are integrating effective security measures into their existing development, certification, and audit processes, and I’m pleased to share these success stories to help other organizations achieve similar results.”

About Ounce Labs, Inc. Ounce Labs™, the leader in software security assurance, delivers products that allow customers to manage software risk in applications across the enterprise, down to individual lines of code. The Ounce solution features patents-pending analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete analysis, the fastest time-to-value, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. For more information, please visit www.ouncelabs.com.

###

CONTACT:
Ounce Labs
Jake Messier
781.547.7031 (o)
774-368-0094 (m)
jake.messier@ouncelabs.com