Enterprise Automation
Portfolio Security, Simplified

Understanding and effectively acting on security risks in your software demands a source code analysis solution with enterprise-scale features that automate and consolidate the process across your organization. Out of the box, Ounce provides the power and flexibility that enterprises require to speed your implementation and seamlessly integrate into your existing processes.

  • MANAGE PROCESS AND POLICIES CENTRALLY
    Set, push, and enforce consistent policies and empower enterprise-wide metrics and reporting with a centralized policy and assessment database.

  • SCANS THAT SCALE
    Ounce’s patented design makes it the only security source code analysis solution that can provide coverage across a broad portfolio of the largest and most complex applications, across a wide range of languages currently including Java, JSP, C, C++, .NET (C#, ASP.NET, VB.NET), Classic ASP (JavaScript/VBScript), and Visual Basic 6. A solution you won’t outgrow.

  • BUILD SECURITY IN, AUTOMATICALLY: The Ounce Automation Server seamlessly integrates security source code analysis into your development process, a foundation for your secure SDLC. Automate scans, findings,, and project reporting , all from a command line interface.

  • BRIDGE THE DEVELOPMENT-SECURITY GAP
    Ounce technology empowers a partnership between development and security that ensures each has the information they need to perform most efficiently and effectively.  For example, Ounce SmartAudit Profile Reports provide the security analyst with application design information crucial to a proper assessment. Likewise, with Ounce remediation guidance, developers learn secure coding practices while fixing vulnerabilities. Flexible triage and remediation provides an automated flow of information between the security team and development team. You choose the triage and remediation workflow best for your teams.

  • HOLD OUTSOURCERS ACCOUNTABLE
    The Ounce solution provides organizations with an accurate and efficient way to certify outsourced applications. Build security requirements into your outsourcing contracts, and use Ounce to ensure your acceptance criteria has been met. Incorporate third party developers into your secure SDLC through free Ounce plug-ins. Publish scan results and remediation lists to outside teams through customized compliance reports, and monitor project progress through Ounce’s online software portfolio. 
     
  • FREE IDE PLUG-INS FOR FLEXIBLE DEPLOYMENT
    Deploy wherever the code is. Free IDE plug-ins remove the barriers to deployment across the enterprise and beyond, to outsourced providers or other 3rd parties Centralized “push-and-play” deployment make enterprise-wide implementations practical and efficient. Also, Ounce’s Mobile Auditor version means security analysts can work where the code is.  Plug-ins are available for Microsoft® Visual Studio® .NET 2003, 2005 and 2008, Eclipse 3.1, 3.2, and 3.3, and Rational Application Developer (RAD) 6.0 and 7.0.

WHY OUNCE?
Enterprise Automation | Smarter Results | Open Architecture

 

"Ounce makes it easy for our developers and analysts to quickly implement the necessary changes to the software, helping us to deliver the most secure software possible, on time."

Dr. Tarek Nabhan Products Division Manager ITWorx