GENERAL FAQ'S:


I'm a security executive, why do I need Ounce?

Executives use Ounce Labs to gain insight into the state of application security in the organization and to focus security efforts most effectively. The security dashboard provides at-a-glance metrics and information that empower you to track the efficiency and efficacy of your security investment.

I'm a project manager, why do I need Ounce?

As a project manager, you can use Ounce Labs to gain insight into your project's security state and to focus the energies of your teams most effectively. The V-Density™ metric offers a consistent, objective measurement by which to set thresholds and acceptance criteria for project teams, set and manage security acceptance criteria for outsourced providers, and monitor progress.

I'm a QA engineer, why do I need Ounce?

Ounce separates real vulnerabilities from potential ones, allowing QA organizations to rapidly triage vulnerabilities identified in assessed code, interactively analyze confirmed vulnerabilities, and assign those flaws for action. Ounce is tightly integrated with leading defect tracking systems to deliver confirmed software vulnerabilities directly to the developer desktop for rapid remediation.

I'm a developer, why do I need Ounce?

Engineering organizations use the detailed vulnerability information from the Ounce Developer Plug-in to make immediate fixes to the code at their desktop in Microsoft Visual Studio and Eclipse, before those vulnerabilities become both damaging to customer relationships and increasingly expensive to repair in the field. Developers can also scan code on their desktop to validate security prior to check-in.

I'm an auditor, why do I need Ounce?

With regulations and compliance frameworks demanding increasingly granular security software assurance information from organizations, Ounce's metrics-based reporting offers a level of insight into enterprise-wide software security not previously available. The Software Security Profile details security mechanisms that impact the code, while the customizable snapshot and trend reports prove the organization's progress over time.

How does Ounce fit into an overall security strategy?

Ounce Labs begins at the source, analyzing source code and reporting on identified security vulnerabilities, enabling better management of schedule, budget and priorities. Firewalls, antivirus and intrusion prevention products are all designed to minimize the risk that a flaw could be exploited. They are vital parts of a network infrastructure, but do not truly address the fundamental issue of the vulnerabilities in source code, and are not specifically designed to secure the billions of lines of code upon which businesses run. Ounce Labs is a critical part of a robust security strategy, helping organizations address these vulnerabilities and better manage their risk.

I'm already performing manual code review, do I still need Ounce Labs?

Manual code reviews provide valuable insight into the security of applications, but are feasible only for a fraction of the applications that drive your business due to the cost and time involved. Ounce allows you to analyze millions of lines of code in minutes and provides a detailed security vulnerability assessment as well as suggestions to correct the code and reduce your liability. Ounce's V-Density™ metric allows you to identify and remediate the vulnerabilities in your most mission-critical applications.

Can the Ounce solution be used as an education tool for developers on secure programming best practices?

Yes. Through the remediation information provided by the Security Knowledgebase, developers gain secure programming best practices training in the context of their daily work.

How can I try the Ounce solution?

For more information, please contact us at info@ouncelabs.com.

Back to Top