SOURCE: Ounce Labs

January 15, 2008 09:45 ET

Ounce Labs Enhances Source Code Analysis Product to Integrate Security Into the Software Development Lifecycle

Company Contributes Maven Plug-in to Open-Source Community

WALTHAM, MA--(Marketwire - January 15, 2008) - Ounce Labs, the industry leader in software risk analysis, today announced the latest version of its award-winning source code analysis software. The enhanced product delivers scan automation and reporting capabilities to help enterprises more easily incorporate source code analysis (SCA) into their own software development lifecycle (SDLC).

Ounce has enhanced its source code analysis product by adding the Ounce Automation Server to provide seamless integration of security into build environments wherever developers choose to implement it within the SDLC. The Ounce Automation Server provides the ability to automatically scan, define, publish and report on the security of application code during development.

Ounce is also providing support for the Apache Maven project management and automation software with a plug-in designed to help developers extend the build process to include security. The Ounce/Maven Plug-In is a free-standing command line interface that helps Maven users deliver security through source code analysis within their build environments. The Ounce/Maven Plug-in allows developers to initiate Ounce scan operations, generate a report of scan results, and publish and save reports.

In addition, Ounce is contributing the Ounce/Maven Plug-in to the open-source community. The module will be hosted at open-source project repository Codehaus, which can be found online at "Secure programming is not always paramount in the minds of software developers," said Brian Fox from the Apache Maven project. "The Agile way to use these tools is via build system integration that provides automatic scanning and reporting on a regular basis. Integrating advanced tools into a build is unfortunately a frequent barrier to adoption. By donating the Ounce/Maven Plug-in, Ounce is enabling the open source community to work together to leverage the Maven plug-in platform to provide drop-in integration and scanning of all projects using Maven."

"Ounce is continuing to champion the advancement of secure software development by providing a new open-source plug-in for Maven. The transparency of development in the open source community makes it well-suited for our approach to source code analysis that includes focusing on security as a core requirement, not an afterthought," said Jack Danahy, chief technical officer and co-founder of Ounce Labs. "The addition of this new capability is another example of our ongoing commitment to help organizations and enterprises easily add security into their development processes without disrupting or delaying timelines."

About Ounce Labs, Inc.

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues. Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, IBM, Intel, Lockheed Martin, GMAC, Eos Airlines, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. and Europe. For more information, please visit

Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.

Contact Information