| |
In response to customer demand for a
solution that mitigates threats to critical data, Ounce Labs recently
announced the 4.0 release of its software security assurance product
suite, now formally renamed Ounce.
Ounce 4.0 represents a major advancement
in source code vulnerability analysis. This new release integrates
seamlessly with the software
development lifecycle (SDLC), enables the fastest time-to-results,
and features even greater assessment accuracy and completeness.
Customers also benefit from an innovative licensing model. The Ounce
solution
is comprised of:
|
Ounce Core™, the source code vulnerability scanning
engine, Security Knowledgebase, and multi-application assessment
database |
 |
|
|
Ounce Security Analyst™, a
workbench to analyze, isolate, and take action on priority vulnerabilities |
|
|
Ounce Developer Plug-in™,
an IDE-integrated module offered free of charge, to help developers
understand and address critical vulnerabilities at the line of
code |
|
|
|
Ounce Portfolio Manager™,
a multi-application dashboard to manage risk enterprise-wide. |
|
What’s New in Ounce 4.0:
The new Ounce solution provides unique value to customers by delivering:
|
|
The Most Accurate and Complete
Results
With Ounce 4.0, users have access to the most accurate and complete
vulnerability data, with the ability to immediately focus on
confirmed vulnerabilities across the widest range of risks with
100% confidence. The Ounce Security Profile provides detailed
information on major coding and design flaws in Java, C/C++ and
.NET such as insufficient cryptography, logging, and access control.
And Ounce’s customizable pattern-based
semantic analysis allows organizations to include items unique to their organization
in every scan of their software. |
|
|
|
The Fastest Time to Results
By providing a streamlined vulnerability triage feature, the
Ounce Security Analyst allows organizations to focus on real,
critical vulnerabilities without having to sift through hundreds
or thousands of false positives – or false negatives.
Additionally, integration with leading defect tracking
systems allows users to build security remediation assignments directly
into the developer’s day through existing tools, accelerating
time between detection and remediation |
|
|
|
Complete Portfolio Management
Through the Ounce Portfolio Manager, a comprehensive reporting
dashboard of customizable application groups, customers can
look at aggregated data from multiple sources, ensuring a cross-enterprise
view of an entire software portfolio, not simply a single project
or application. The Portfolio Manager’s advanced,
metrics-based reporting of vulnerability detail and trend data provides at-a-glance
status information as well as demonstrating improvement over
time. |
|
|
|
The Most Deployment flexibility
Ounce 4.0 offers seamless integration into software development
lifecycle through its integration with leading IDEs such as
Visual Studio and Eclipse, as well as with defect tracking
systems. Customers can now add security analysis and remediation
into the developer’s day without disrupting their current
processes, allowing them to scan code, pinpoint flaws, remediate
vulnerabilities, learn secure coding best practices all from
their desktop. These Developer Plug-in clients are provided
free of charge, allowing the organization to maximize the impact
of their security efforts with unlimited access to assessment
results, vulnerability descriptions, and remediation advice. |
|
|
Ounce 4.0 will be generally available in August 2006. For more
information, visit http://www.ouncelabs.com/solutions-software-portfolio-security.html
|
