Customer Case Studies

Defense: Global Defense Systems Integrator

Customer

This global defense systems integrator builds some of the globe's most trusted and widely deployed defense systems.

Challenges:

Realizing the value of securing the development lifecycle, they initiated a secure coding initiative program to select and deploy a solution which could effectively add software security best practices throughout the development lifecycle, and across diverse platforms and languages. This was part of a larger defense-in-depth strategy, which calls for layers of security from the perimeter, down to the application layer.

Why They Chose Ounce:

Unlike other layers of security, Ounce identified and assisted in the remediation of defects at the source. This was facilitated by the range of supported platforms and languages, including IBM® AIX®, Linux®, Windows®, and Solaris®. In addition to Java™, JSP™ and Microsoft® ASP.Net code. Ounce was also able to accurately analyze older languages such as classic ASP and unmanaged C.

The organization's developers embraced the Ounce Developer Plug-ins for Eclipse™, IBM® Rational® and Microsoft® Visual Studio® IDEs because of their ability to deliver confirmed vulnerabilities and confidence level indicators, addressing the false positive issue that plagued other products. Integration with the change management system allowed security vulnerabilities to be handled with the same process used to assign other types of code defects.

The ease of deployment required less training and delivered faster time to productivity. Accurate code analysis and advanced security reporting capabilities allowed faster time to remediation. These capabilities decreased the cost of remediation in software under development as well as vulnerabilities in deployed applications. All of which drive significant cost savings by addressing software vulnerabilities throughout the development lifecycle.