Maximize the effectiveness of your security stakeholders

You need to know: Are we effectively leveraging the source code analysis information provided by our security analysts? Are my developers trained in secure coding best practices? Do my auditors and executives have precise, defensible answers to their questions?

Software security does not just exist within a single departmental silo, but it is in fact an enterprise responsibility, touching security analysts, developers, executives and auditors alike. Ounce is specifically designed to fit seamlessly into existing workflow processes and deliver precise, relevant information to all stakeholders, throughout the organization.

Ounce for ...


... the Security Analyst:

  • Wizard-based project configuration simplifies setup, even in incomplete environments
  • Integration with email and defect tracking systems allow rapid prioritization, triage and communication of critical issues
  • SmartTrace™ technology graphically traces the flow of information through software, highlighting areas of greatest concern
  • Easily customize and enforce security policies throughout the lifecycle
SmartTrace: Teach Ounce Your Policies with a Click
Use Ounce's unique SmartTrace technology to interactively investigate insecure call paths. Rapidly diagnose security issues as well as customize Ounce's vulnerability detection rules to your particular coding policies. The Ounce solution delivers maximum ease-of-use to speed your implementation and results.

SmartTraceFull

... the Developer:

  • Free IDE plug ins for Microsoft® Visual Studio® .NET 2003 and 2005, Eclipse, and Rational Application Developer (RAD) 6.0 and 7.0 allow developers to click directly to vulnerable code and eliminate the risk, right on the desktop
  • Industry-leading knowledgebase speeds remediation and provides on-the-job training in secure coding best practices

 

... the Auditor:

  • Detailed reporting provides comprehensive Software Security Profiles as well as customizable snapshot and trend reports to prove progress and adherence to corporate security policies.
  • SmartAudit™ 'report cards' prove compliance with industry regulations and best practices
  • Flexible deployment model allows audit of code across departments, across outsourcers, around the globe.

 

... the Executive:
Best-in-class, centralized Portfolio Manager security dashboard allows you to:

  • Quickly identify applications with the highest risk factors
  • Define priorities according to business importance
  • Drill down to analysis details where useful
  • Track the progress of teams and vendors

Manage risk consistently across your enterprise portfolio >>

SIGN UP FOR OUR RISK
MANAGEMENT NEWSLETTER

view latest issue

"Strong visualization and reporting capabilities mean that Ounce Labs' security scanner won't confuse the developers it was meant to help."

SD Times 100