SOURCE: Ounce Labs

December 05, 2006 08:59 ET

Ounce Labs Announces Integration With IBM Rational Software Delivery Platform 7, Desktop Products, Delivering Source Code Security Analysis to the Distributed Developer Desktop

Free Plug-In Adds Comprehensive Security Review and Remediation to IBM Rational Application Developer IDE

WALTHAM, MA -- (MARKET WIRE) -- December 5, 2006 -- Ounce Labs today announced that its flagship product, Ounce 4, has been integrated with the IBM Rational Software Delivery Platform 7.0, desktop products, providing a plug-in for IBM Rational Application Developer (RAD) IDE. With the Ounce 4 plug-in, developers are now able to access and remediate source code vulnerability information from within their IBM RAD 7 integrated development environment, free of charge. The Ounce functionality makes security an integral part of IBM's emphasis on enabling overall lifecycle quality in this latest release of their Rational product line.

The Ounce solution presents the most accurate and complete software security vulnerability results using the company's advanced analysis engine and the industry's largest software vulnerability knowledgebase. The Ounce analysis eliminates false positives by distinguishing real versus potential security vulnerabilities, and then prioritizes them according to criticality. With the RAD 7 integration, developers perform vulnerability scans on their desktop, or import pre-assigned vulnerabilities through Ounce 4's existing integration with IBM Rational ClearQuest. Developers then access Ounce's detailed results and remediation guidance to eliminate software security vulnerabilities within their existing development environment. Detailed information can be found at

"Simply relying on typical quality tools will not ensure that your applications are secure, and it is vital that each developer be empowered to make their code as secure as possible," said Hugh Scandrett, CEO of Ounce Labs. "With IBM, we deliver to our joint customers an integrated solution that makes security part of effective governance in the software lifecycle, but with a minimal impact on the development schedule."

"Application security is a discipline different from network security. It will not be adequately addressed until application development (AD) professionals admit that application security, not just application functionality, is their direct responsibility," states Joseph Feiman, Vice President of Research with Gartner, in his November 2006 research note, Application Developers Should Assume Responsibility for Application Security. "Development groups will find they are missing delivery schedules because applications were rejected -- unless AD groups take responsibility for detecting and fixing vulnerabilities."

Licenses for the Developer Plug-in are free, so organizations can maximize the impact of security efforts by granting unlimited personnel access to software security assessment results, vulnerability descriptions, and remediation advice.

About Ounce Labs, Inc.

Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending source code analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete software vulnerability results, the fastest time-to-results, the only complete application portfolio management, and the greatest deployment flexibility. Customers using the Ounce software security solution include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Contact Information

    Peter Crosby
    Ounce Labs
    781.547.7012 (o)
    617.285.7685 (m)
    Email Contact