CENZIC AND OUNCE LABS ANNOUNCE PRODUCT INTEGRATION TO JOINTLY OFFER BEST OF BREED APPLICATION SECURITY ASSESSMENT AND SOURCE CODE ANALYSIS

Combined Technologies Accurately Pinpoint Exploitable Vulnerabilities at the Line of Code

Santa Clara, Calif. and Waltham, MA, October 9, 2006 – Cenzic, a leading provider of automated application security assessment and compliance solutions, and Ounce Labs, the leader in software security assurance, today announced product integration that will give customers the most definitive software risk analysis and remediation guidance available. Drawing on both dynamic and static analysis techniques, the integration will offer even greater accuracy and broader explanation of assessment results throughout the software development lifecycle. Both companies have also agreed to partner on joint marketing and reselling of each other’s products.

“Detecting and correcting security vulnerabilities early in the application development life cycle, prior to deployment and operations, results in significant risk and cost reduction” said Joseph Feiman, Research VP with Gartner, Inc. “Leading vendors will offer solutions that integrate detection and remediation features directly into the development and/or testing platforms, so that users will access them without ever leaving their familiar development or testing/QA environments.”

Customers using both Ounce and Cenzic Hailstorm will be able to accurately identify exploitable application vulnerabilities and trace each one directly to the flawed line of code for remediation. This unmatched level of analysis enables users to immediately identify their most critical and exploitable software flaws, investigate them in full detail, and take appropriate steps for remediation.

“The Ounce Labs team shares our vision in terms of the importance of implementing innovative and accurate solutions to strengthen applications proactively, and as early in the application development process as possible,” said John Weinschenk, president and CEO of Cenzic. “The combination of our application assessment offering with their source code analysis technology creates a powerful one-two punch for security professionals seeking to safely use the web as a mission critical business platform.”

“Comprehensive and actionable analysis of software vulnerabilities is extremely important to our customers, and integrating with Cenzic’s powerful analysis helps us continue to meet this need,” said Hugh Scandrett, president and CEO of Ounce Labs. “As targeted attacks on web applications grow in frequency and severity, this integrated approach is the most efficient, effective way to reduce exposure and ensure data privacy and integrity.”

About Cenzic
Cenzic is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first Software as a Service (SaaS) to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.

About Ounce Labs, Inc.
Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending source code analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete software vulnerability results, the fastest time-to-results, the only complete application portfolio management, and the greatest deployment flexibility. Customers using the Ounce software security solution include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

###

CONTACT:
Kulesa Public Relations (on behalf of Cenzic)
Angelique Faul
513-233-2994
angelique@kulesapr.com

Ounce Labs
Jake Messier
781.547.7031 (o)
774-368-0094 (m)
jake.messier@ouncelabs.com