OUNCE LABS RECEIVES 5 STAR RATING FROM SC MAGAZINE

Ounce 5.0 Delivers Industry's Only Solution That Supports PCI's Privacy and Security Requirements, OWASP Top 10 2007 and CWE Compliance Standards

WALTHAM, MA -- August 16, 2007 – Ounce Labs, the industry leader in software risk management, today announced that its solution has been awarded 5 out of 5 stars for its Overall Rating in a recent independent SC Magazine review of web application vulnerability analysis products. Ounce received a total 29 out of a possible 30 stars, the highest among all competing products and received top honors in numerous categories such as Features, Performance, Value Support and Documentation.

According to the review, the issue of application vulnerability has been “brought to the forefront” by the Payment Card Industry (PCI) Data Security Standard (DSS) requirement that application vulnerability assessment be performed to mitigate risk. An effective analysis tool will be able to identify vulnerabilities at various stages in the Software Development Life Cycle (SDLC), enabling developers to fix them before they become a liability to the organization and ensuring compliance with industry standards and best practices.

In the Ounce review, the authors stated, “for any organization which uses a System Development Life Cycle (SDLC), this product should be a welcome addition.” Evaluation criteria used in the review included ease of use, number of vulnerabilities uncovered, number of false positives reported, whether remediation steps were offered and if the product uninstalled cleanly.

“Today’s organizations need to tightly integrate application security methods, tools, standards and best practices into their software development life cycles to combat security related incidents and meet compliance requirements such as the PCI standard,” said Hugh Scandrett, president and CEO of Ounce Labs. “The results of this review illustrate that we’re providing an industry-leading solution that eliminates existing security vulnerabilities and prevents future ones.”

Only Ounce Labs solution has been designed from the ground up to provide executives, security analysts, developers auditors and managers with the answers they need to manage the risk from vulnerable software. Ounce Labs' patented software risk analysis solution helps developers, IT managers, security auditors and compliance managers to:

• Quickly identify the most serious security risks: Ounce's patented analysis capabilities identify the most critical coding errors and design flaws.
• Maximize the effectiveness of all security stakeholders: The fastest time-to-results streamlines security efforts throughout the SDLC.
• Manage risk across an enterprise portfolio: Centralized dashboards and policy management capabilities allow at-a-glance information about your software risk, enterprise-wide.

For the complete SC Magazine review, please visit http://www.scmagazine.com/us/products/productdetails/474daafe-dbee-d788-8f05-4eec96293fa4/SECPEN/ounce-4-application-vulnerability-assessment-2007/.

About SC Magazine
SC Magazine (www.scmagazine.com) provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies.

About Ounce Labs, Inc.
Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

###

Media Contacts:

Jake Messier
Ounce Labs
781.547.7031
Email Contact
http://www.ouncelabs.com

Robert Craig
Davies Murphy Group
+1.781.418.2414
Email Contact
http://www.daviesmurphy.com