US NAVY NETWORK WARFARE COMMAND DEMONSTRATES VALUE OF SOURCE CODE VULNERABILITY ANALYSIS WITH OUNCE LABS

"The analysis done by NetWarCom, teaming with JHU, shows that the capabilities offered by the Ounce solution represent significant military utility, and an absolute must-have for the US Navy,” said CDR Tony Parrillo, Director of the FORCEnet Execution Center. “The ability to automatically detect and manage vulnerabilities in software applications will greatly strengthen the Navy's defense in depth and ensure the warfighter receives the right information at the right time."

The evaluation was performed in technical support for the Navy’s Innovation and Experimentation Directorate of the Naval Network Warfare Command (NetWarCom) and the Program Executive Office Integrated Warfare Systems (PEO IWS) sponsor. According to a report written by the analysts at the APL, Ounce Labs had been chosen for this evaluation “based on a comparison of several candidate software packages and all known inspection mission requirements.”
Among the key findings of the evaluation, the report explains that the “[technology offered by] Ounce Labs is capable of automatically scanning large volumes of source code in a very short period of time and producing a very thorough assessment of the overall software product security and, by extension, its reliability.”

Proving valuable across a wide variety of customer installations, the Ounce software security solution has successfully scanned applications up to 50 million lines of code in a single assessment, distinguishing real vulnerabilities from potential ones and enabling users to immediately focus on the most critical issues. In addition to pinpointing the simple coding errors found by most source code analysis tools, Ounce also identifies application design flaws such as weak encryption, poor authentication, and lack of access control, which often lead to much more serious security breaches.

“Federal agencies, and the Department of Defense specifically, are quickly advancing the use of source code analysis technology to assure the security of their software,” said Hugh Scandrett, CEO of Ounce Labs. “By proving the cost, security, and operational benefits that Ounce Labs’ code analysis technology offers the Navy, the analysts at Johns Hopkins have helped set the business case for further deployment. This leadership demonstrated by the DoD is also a great model for success among our commercial customers.”

To detail the value of the Ounce solution specifically and source code analysis tools in general, the APL analysts explained that they can help the Department of Defense:

a. Reduce engineering manpower to maintain the system and its software.
b. Reduce the effort required to certify systems that contain software.
c. Decrease the risk that vulnerabilities exist in the delivered software.
d. Decrease the logistics cost by reducing the rework required to remove vulnerabilities.
e. Increase the sustainability by reducing the number of initial vulnerabilities.
f. Decrease the potential downtime of operational systems due to certain types of latent software bugs.

About Ounce Labs, Inc.
Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending source code analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete software vulnerability results, the fastest time-to-results, the only complete application portfolio management, and the greatest deployment flexibility. Customers using the Ounce software security solution include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

###

CONTACT:
Ounce Labs
Jake Messier
781.547.7031 (o)
774-368-0094 (m)
jake.messier@ouncelabs.com