SOURCE: Ounce Labs

June 04, 2007 06:52 ET

Ounce Labs Announces Ounce 5.0; Enterprise-Level Security Enhancements and Support for Critical Industry Regulations and Best Practices

Ounce 5.0 Delivers Industry's Only Solution That Supports PCI's Privacy and Security Requirements, OWASP Top 10 2007 and CWE Compliance Standards

WASHINGTON, DC--(Marketwire - June 4, 2007) - Gartner IT Security Summit -- Ounce Labs™, the industry leader in software risk analysis, today announced the availability of Ounce 5.0, with new enterprise-focused features designed to support critical business issues, including compliance with the Payment Card Industry (PCI) Data Security Standard, the Open Web Application Security Project (OWASP) Top 10 2007 and mapping to the Common Weakness Enumeration (CWE) vulnerability database. These and other enterprise-level enhancements in Ounce 5.0 enable organizations to radically reduce the potential for security breaches by making it possible to identify, prioritize and eliminate application vulnerabilities across their entire software portfolio. These often-overlooked software vulnerabilities are what cyber-criminals use to gain access to customer data and other confidential business information.

Ounce 5.0 is the first solution to support both the Privacy (Requirement 3) and Security (Requirement 6) sections of the PCI standard, which requires the protection of customer credit card information and the security assessment of software applications across retail, financial services and other industries.

"The objectives of the newly formed PCI Security Vendor Alliance are to educate the community about the technology available to help merchants address emerging threats and find ways to apply the standard more efficiently within their business as part of their efforts to achieve compliance with the PCI Data Security Standard," said David Taylor, President of the PCI Council. "Ounce Labs helps merchants achieve compliance by enabling them to review all custom application code for common vulnerabilities, which will become a PCI DSS requirement on June 30, 2008."

Ounce 5.0 also delivers the industry's most comprehensive support for best practices standards, including detailed reports identifying application vulnerabilities defined by the OWASP Top 10 2007 and the CWE specification published by Mitre Corp.

According to industry analysts, as many as 80 percent of companies will suffer an application security incident by 2009. This growing threat -- along with compliance requirements such as the PCI standard -- requires that organizations more tightly integrate application security methods, tools, standards and best practices into their software development life cycles. Ounce 5.0 serves as the catalyst for this kind of initiative by providing a cross-application enterprise-wide solution for eliminating existing security vulnerabilities and preventing future ones.

"Software vulnerabilities are the unlocked windows that identity thieves look for when attempting to steal sensitive data. If enterprises eliminate these vulnerabilities, they minimize their risk of suffering the kinds of security breaches we read about in the news every day," said Hugh Scandrett, President and CEO of Ounce Labs. "Ounce 5.0 is the only solution that provides support for what are currently some of the most business-critical security regulations and standards including PCI, OWASP and CWE. This gives our customers the assurance that their applications are protected from the widest range of vulnerabilities, which can substantially reduce their risk of inadvertently exposing confidential information, such as customer credit card or employee social security numbers."

New Features

In addition to the new compliance-specific reporting capabilities, new enhancements in Ounce 5.0 include more granular vulnerability analysis, pattern-based semantic analysis and improved ability to triage vulnerabilities. These features make it easier for organizations to concentrate on resolving application vulnerabilities with the greatest business impact, improving developer productivity and reducing the need to expend resources on less critical issues.

This latest release includes increased support for Java Struts and Microsoft .NET 2.0, as well as LDAP support for organizations that use Microsoft Active Directory Server to authenticate users accessing application development environments. Ounce 5.0 can also generate Ounce reports in Portable Document Format (PDF) files which can be shared with application security stakeholders who don't require access to an Ounce environment.

Ounce 5.0 is scheduled for general availability on July 11, 2007.

About Ounce Labs, Inc.

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Contact Information