SOURCE: Ounce Labs

March 26, 2007 07:47 ET

Ounce Labs Contributes to First SANS Institute Security Professional Certification

Software Security Assurance Leader Lends Expertise to Test Programmer Knowledge

WALTHAM, MA -- (MARKET WIRE) -- March 26, 2007 -- Ounce Labs, the leader in Software Security Assurance, today announced its involvement with the SANS Institute's first certification examinations for programming professionals to gain GIAC Secure Software Professional (GSSP) status. GIAC is the SANS core certification program and stands for Global Information Assurance Certification. Ounce Labs was one of eighteen enterprise partners used to ensure the exam provided a focused approach for programming professionals who want to identify the gaps in their secure coding, skills and knowledge.

"The security industry has always relied on SANS as a source of expert opinion, guidance, and training. We are happy that SANS has looked to Ounce Labs, and our expertise, to assist in the development of the Certified Application Security Professional program," said Ryan Berg, Co-Founder and Chief Scientist of Ounce Labs. "This program will help to strengthen the entire software development industry, and as the secure coding market grows, we look forward to working with SANS to expand and further enhance the certification standards."

The examinations cover four specific programming language suites: C/C++, Java/JSP, Perl/PHP and .NET/ASP. The exams are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities.

"SANS recognizes that as organized crime groups and terrorists have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications, the requirement for secure coding skills has grown. This certification program will help organizations that employ programmers address that need," said Alan Paller, director of Research at the SANS Institute. "With the right skills, programmers can reduce the risk of losses caused by cyber attacks, and the certification will allow security-aware programmers to stand out in an increasingly competitive marketplace."

SANS offers resources to help candidates prepare for the exam, including lists of books, practice tests and the SANS sites.

About the SANS Institute

SANS is the most trusted and the largest source for information security training and certification in the world. Its 55,000 alumni, which includes over 14,000 who have passed challenging certification examinations, lead security teams and efforts in more than 80 countries around the world. In 2005, SANS won unanimous approval from the Maryland Higher Education Commission, to grant Master of Science degrees in Information Security Engineering and Information Security Management.

SANS also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system -- the Internet Storm Center. SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 250,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. For more information contact Steven Crofts, Director of Vendor and Media Programs (

About Ounce Labs, Inc.

Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete analysis, the fastest time-to-value, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Contact Information

    Jake Messier
    Ounce Labs
    781.547.7031 (o)
    774.368.0094 (c)
    Email Contact