SOURCE: Ounce Labs, Inc.

April 16, 2007 12:39 ET

Ounce Labs Achieves Product Recognition From Network Computing Magazine

Automated Source Code Techniques Evaluated From Development Perspective

WALTHAM, MA -- (MARKET WIRE) -- April 16, 2007 -- Ounce Labs, the leader in software security assurance, today announced that the April 16th issue of Network Computing Magazine contains an analysis of the Automated Source Code Scanner market as well as a review of the products therein. "It seems enterprise IT is finally grasping the liability insecure coding practices represent. Data protection and application-software security were chosen as the most critical issues through 2008 in the 2006 CSI/FBI Computer Crime and Security Survey, above policy and regulatory compliance, and identity theft/data-leakage prevention," stated the April 16th NCM article.

"This article again verifies that not only is source code analysis an integral part of the application software development life cycle but that the Ounce solution should be a part of any forward-thinking company's in-depth security strategy," said Hugh Scandrett, president and CEO of Ounce Labs. "We approach application security from an enterprise perspective and provide tools for developers, as reviewed by NCM, and stakeholders beyond the developer including executives, auditors, and QA professionals. In fact, 70% of Ounce's customers have switched to our product from other previously purchased products, after evaluating Ounce in the context of their specific environment and workflow, enabling them to more effectively manage risk across the lifecycle."

The article's author lauded Ounce 4.1 for its range of supporting analysis on AIX, Linux, Windows, Solaris and integration with Visual Studio 2003 and 2005, Eclipse ad IBM's Rational environment. The author also found Ounce Labs' language support an "impressive lineup of Java, JSP, C/C++, and ASP.Net (C# and VB.Net)."

During the testing phase specifically looking for vulnerabilities in C/C++, Java and C#, the author tested for True-positive ratios, which are those vulnerabilities correctly detected; False-negative ratios, where vulnerabilities are missed; and False-positive ratios, those which are incorrectly earmarked as vulnerable. "What makes Ounce unique, however, is that it has a confidence level specifically for validated findings, appropriately named 'vulnerability.' We found that almost any finding marked at this level was genuine vulnerability," stated the review.

About Ounce Labs, Inc.

Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete analysis, the fastest time-to-value, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Contact Information

    Jake Messier
    Ounce Labs
    781.547.7031 (o)
    774.368.0094 (m)
    Email Contact