PRODUCT FAQ'S:

• What does Ounce 5.0 do?
• What is the Ounce Labs product suite?
• What is V-Density™?
• How can I use V-Density™?
• What kind of vulnerabilities do you discover?

What does Ounce 5.0 do?

Ounce 5.0 sets the industry standard in source code vulnerability analysis, allowing customers to achieve measurable, business-level results with their software risk analysis programs. Ounce 5.0 helps you to:

• Quickly identify the most serious security risks: Ounce’s patented analysis capabilities identify the most critical coding errors and design flaws.
• Maximize the effectiveness of your security stakeholders: The fastest time-to-results streamlines security efforts throughout the SDLC, for all stakeholders.
• Manage risk across your enterprise portfolio: Centralized dashboards and policy management capabilities allow at-a-glance information about your software risk, enterprise-wide.

What is the Ounce Labs product suite?

The Ounce Labs product suite is comprised of:

• Ounce Core, the foundation of Ounce's industry-leading analysis, featuring our patented source code vulnerability scanning engine, Security Knowledgebase, and multi-application assessment database.
• Ounce Security Analyst, which provides audit and QA teams all the tools required to perform assessments, triage results, and assign remediation, including integration with defect tracking systems (DTS).
• Ounce Portfolio Manager, which enables users to track metrics-based results and make informed decisions to mitigate risk across an application portfolio, whether in development or deployed across an enterprise.
• Ounce Developer Remediation Plug-in, an IDE-integrated module which allows developers to access detailed vulnerability information and make immediate fixes to the code at their desktop in Microsoft Visual Studio, Eclipse and IBM Rational Application Developer (RAD) 6.0 and 7.0. The Plug-in is provided free of charge to enable maximum deployment throughout the development organization, to effect remediation at the earliest and least costly stage of the development life cycle.
• Ounce Developer Assessment Plug-in, an IDE-integrated module that includes free remediation capabilities plus the ability to scan code for critical vulnerabilities and confirm completed fixes.

What is V-Density™?

The key metric at the heart of the Ounce solution is V-Density™ (vulnerability density), a numerical expression that enables a consistent, reliable, precise way to evaluate the vulnerability of your applications. V-Density is calculated by relating the number and criticality of vulnerabilities to the size of application or project being analyzed.

How can I use V-Density™?

The V-Density™ (vulnerability density) metric enables security decision makers to weigh the vulnerability of each application against its criticality to your business, and decide where to focus your security investment. You may decide to wrap it, rewrite it, or replace it, but armed with the metrics provided by Ounce Labs, it will be an informed decision that is right for your business.

What kind of vulnerabilities do you discover?

• Coding errors (Buffer overflows, privilege escalation, race conditions, input validation errors, SQL injection vulnerabilities, cross site scripting errors, and other errors of that kind in Java.)
• Design Flaws (for example, proper implementation of access control)
• Policy Violations (for example, is cryptography in use and is it strong enough?)

 

Back to Top