SOURCE: Ounce Labs

July 18, 2007 09:27 ET

Ounce Labs Establishes Advanced Research Team

Enlists Leading Security Experts to Raise Awareness of Software Security and Develop Best Practices

WALTHAM, MA--(Marketwire - July 18, 2007) - Ounce Labs, the industry leader in software risk management, today announced the formation of an Advanced Research Team (ART), a team of leading security experts dedicated to raising the awareness of software security and the development of best practices for incorporating application security into the software development lifecycle. The team will conduct research and develop practical methods that organizations can use to analyze and eliminate software security vulnerabilities and strengthen enterprise security.

Enterprises today depend on software applications to run their businesses, but many applications contain vulnerabilities that can be exploited by hackers to gain access to private and sensitive information. With application-level attacks on the rise, organizations are looking for expert advice and guidance on how to proactively identify and eliminate existing security vulnerabilities and prevent future vulnerabilities from being created.

"Understanding and managing risk in application software takes deliberate effort. We've brought together industry-leading software security experts to play a key role in increasing the security of today and tomorrow's business critical software," said Hugh Scandrett, CEO of Ounce Labs. "The Advanced Research Team is focused on helping organizations implement best practices, catch common mistakes, and make the security process more efficient and consistent."

The Advanced Research Team members include:

Ryan Berg, Co-Founder and Chief Scientist for Ounce Labs. In addition to advancing the state of the art in application security technologies, Ryan is also an instructor and author in the fields of security, risk management, and secure development processes. He holds patents and has patents pending in multi-language security assessment, kernel-level security, intermediary security assessment language, and secure remote communication protocols. In the late 1990s, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity's appliance-based managed firewall and security services.

Dinis Cruz. With an extensive career in source code security, penetration testing and security curriculum development, Cruz is one of the world's foremost consultants on application security. He has achieved prominence with his role in OWASP, the Open Web Application Security Project, as a board member and their Chief Security Evangelist. He also acts as a senior security consultant and trainer for companies such as Foundstone, Vigilar and Infosys.

Cristian Borlovan. Borlovan's extensive experience in the successful design and implementation of complex enterprise J2EE systems gives him a comprehensive perspective on the software development lifecycle and how it relates to security. He applies risk management and proactive security principles to assist clients in all stages of the software development lifecycle in the analysis, refinement, and creation of software development artifacts and processes. Borlovan has experience developing enterprise security frameworks and his research background includes efforts for the Air Force Research Laboratory (AFRL), Wright-Patterson around software reverse engineering.

Bruce Mayhew. Mayhew has 20 years of software development experience, focusing for the last 8 years on application security. Mayhew created an application security practice and training curriculum for large financial institutions and has been a Web Application Security Course instructor for the SANS Institute, as well as other corporate training environments. He was instrumental in bringing WebGoat, a training application used to teach web application security principles to individuals that are new to web application security, to OWASP and currently leads the WebGoat project.

All four members of the Advanced Research Team will be in attendance at Black Hat USA 2007 Briefings and Training held at Caesars Palace in Las Vegas, July 28th - August 2nd. For more information or to speak with an Advanced Research Team expert, please contact Jake Messier at 866.336.8623 or

About Ounce Labs, Inc.

Ounce Labs™ solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and Verisign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Contact Information