SOURCE: Ounce Labs

October 10, 2007 07:52 ET

Ounce Labs Joins PCI Security Standards Council

Application Security Vendor Participates in Leading Security Standards Organization to Help Enterprises Protect Information

WALTHAM, MA--(Marketwire - October 10, 2007) - Ounce Labs, the industry leader in software risk management, today announced it has joined the Payment Card Industry (PCI) Security Standards Council as a Participating Organization. This announcement reinforces Ounce's commitment to help organizations create secure applications, protect confidential data and comply with the requirements of the PCI Data Security Standard (DSS), a major industry requirements document intended to improve security throughout the entire payment card transaction process.

As a member of the PCI Security Standards Council, Ounce Labs will play an active role in facilitating future refinements of the PCI Standard, as well as make ongoing contributions to the PCI community of practitioners, vendors, software developers and auditors through educational collateral, Webinars, and participation in specialized subcommittees.

"Our goal at Ounce is to eliminate the risk that customers' confidential information will be compromised by a security breach, resulting in identity theft," said Hugh Scandrett, president and CEO of Ounce Labs. "We look forward to working with the Council on future iterations of the standard, and ensuring that our application security solution continues to help organizations not just comply with PCI, but strengthen their overall application development and security processes."

Ounce Labs' flagship product, Ounce 5.0, is the first solution to support both the Privacy (Requirement 3) and Security (Requirement 6) sections of the PCI standard, which requires the protection of customer credit card information and the security assessment of software applications across retail, financial services and other industries. Ounce 5.0 delivers the industry's most comprehensive support for best practices standards, including detailed reports identifying application vulnerabilities defined by the OWASP Top 10 2007 and the CWE specification published by Mitre Corp.

"The Council is pleased to have Ounce Labs join us in our efforts to strengthen payment security," said Bob Russo, general manager of the PCI Security Standards Council. "Our Participating Organizations are a key feedback group, providing input on future initiatives and helping to shape the future of payment transaction data security."

About Ounce Labs, Inc.

Ounce Labs™ solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and Verisign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the world. For more information, please visit

Ounce Labs, SmartAudit, and SmartTrace are trademarks or registered trademarks of Ounce Labs in the United States and other countries. All other trademarks are the property of their respective owners.

Contact Information