I'm a security executive, why do I need Ounce?
Executives use Ounce Labs to gain insight into the state of application security in the organization and to focus security efforts most effectively. The security dashboard provides at-a-glance metrics and information that empower you to track the efficiency and efficacy of your security investment.
I'm a project manager, why do I need Ounce?
As a project manager, you can use Ounce Labs to gain insight into your project's security state and to focus the energies of your teams most effectively. The Ounce suite provides consistent, objective insight into your applications, allowing you to set thresholds and acceptance criteria for project teams and outsourced providers alike, and monitor progress over time.
I'm a QA engineer, why do I need Ounce?
Ounce separates real vulnerabilities from potential ones, allowing QA organizations to rapidly triage vulnerabilities identified in assessed code, interactively analyze confirmed vulnerabilities, and assign those flaws for action. Ounce is tightly integrated with leading defect tracking systems to deliver confirmed software vulnerabilities directly to the developer desktop for rapid remediation.
I'm a developer, why do I need Ounce?
Engineering organizations use the detailed vulnerability information from the Ounce Developer Plug-in to make immediate fixes to the code at their desktop, before those vulnerabilities become both damaging to customer relationships and increasingly expensive to repair in the field. Developers can also scan code on their desktop to validate security prior to check-in.
I'm a security analyst or security auditor, why do I need Ounce?
With regulations and compliance frameworks demanding increasingly granular application security information from organizations, Ounce's metrics-based reporting offers a level of insight into enterprise-wide software security not previously available. The SmartAuditTM reports provide insight into the security status of your code in line with industry standards such as the OWASP Top 10 and PCI Data Security Standard, as well as allowing you to customize those reports to align with your own internal processes.
How does Ounce fit into an overall application security strategy?
An application security strategy can be thought of as something of a continuum, applying traditional security techniques first while getting closer and closer to the code over time. A great - and fast - way to protect your most critical applications is to surround them with a web application firewall (WAF). This gives you some initial protection while determining which applications need to be focused on first. Penetration testing and source code analysis help you to further refine the levels of insight you have into your applications, allowing you to effectively prioritize and address your greatest risks.
I'm already performing manual code reviews, do I still need Ounce Labs?
Manual code reviews provide valuable insight into the security of applications, but are feasible only for a fraction of the applications that drive your business due to the cost and time involved. Ounce allows you to analyze millions of lines of code in minutes in a standard, repeatable way, and provides a detailed security vulnerability assessment as well as suggestions to correct the code and reduce your liability.
Can the Ounce solution be used as an education tool for developers on secure programming best practices?
Yes. Through the remediation information provided by the Security Knowledgebase, developers gain secure programming best practices training in the context of their daily work.
