SOFTWARE ASSURANCE FAQ'S:

What is software assurance?

Software assurance is the set of processes and activities set in place to ensure that software systems within an organization comply with internal and external requirements, standards and procedures. The need for software assurance arises out of necessity to control costs, adhere to timelines, and minimize risks of software not performing as intended or posing security risks to the organization.

Why is it important for an organization to implement software assurance for security?

Internet-facing systems represent a significant security risk to the organization. They help meet customer and competitive needs, but they also provide a primary avenue for attackers to evade protective system barriers. Once an attack has exploited a vulnerability in a Web application, the application's server loses its reliability, subjects data to compromise or destruction, and can become a base for launching attacks against other systems within the organization's network or against other Internet systems.

Software assurance for security is a significant element of compliance with the laws, regulations, and policies that govern an organization and its data. Weak software security can represent, for example, a significant control deficiency in terms of compliance with the Sarbanes-Oxley Act; potentially compromising the reliability of financial information and reporting.

How does Ounce software aid in the software assurance process?

Ounce products allow customers to verify that software meets their defined security requirements. Ounce Labs' enterprise-level source code risk analysis provides reliable metrics necessary to manage software risk, enforce security policies, enhance audit capabilities, and track compliance efforts. Ounce pinpoints specific software design errors and coding flaws to simplify remediation during any phase of the development lifecycle, enabling the software security assurance process.

For more information on software security assurance for security, please refer to the Ounce Labs' Software Security Assurance Framework.

Back to Top