Ounce Labs Positioned in Leaders Quadrant in First Static Application Security Testing Magic Quadrant

Leading Analyst Firm Recognizes Ounce Labs for Completeness of Vision and Ability to Execute

WALTHAM, Mass., Feb. 18 /PRNewswire/ — Ounce Labs, the industry leader in enterprise static application security testing (SAST), today announced that the company is positioned in the leaders quadrant in the first Gartner Magic Quadrant for Static Application Security Testing.(1) In addition to this recognition, Ounce Labs was recently named a “Champion” in the Application Security Market Update from Bloor Research and also received a fourth patent in source code analysis and security, validating the company’s continuing commitment to product innovation.

“In my opinion, Gartner’s assessment of the static analysis space will prove to be a valuable tool to organizations that are just embarking on their own software security strategy,” said Mark Merkow, Director, IT Security Architecture for a leading American credit card issuer and an Ounce Labs customer. “This appears to me to further validate the application security landscape, and its viable players, and should help businesses accelerate their product adoption. Especially now, when many organizations outsource development, use existing open source code or their own internal development staff, none of us can be too careful when securing our organizational assets.”

According to Gartner, “SAST for security vulnerabilities should be a mandatory requirement for all IT organizations that develop or procure applications. Although the market is relatively new and consolidating, enterprises must adopt SAST technologies and processes because the need is strategic.”

“Incorporating security throughout our entire development lifecycle is important to Sterling Commerce to ensure our broad portfolio of solutions meets the security demands of our 30,000-plus customers,” said Janice Scanzio, vice president of Quality Assurance, Sterling Commerce, an AT&T Company. “SAST enables security vulnerability detection early in the application lifecycle. Ounce Labs provides us with a robust tool for regularly and efficiently scanning our code for vulnerabilities, enabling us to resolve security vulnerabilities.”

“Our position in the leaders quadrant in this inaugural SAST Magic Quadrant is in my opinion a direct result of our commitment to making affordable source code analysis tools available to every organization to improve the speed and accuracy of code review,” said Gary Jackson, CEO of Ounce Labs. “Our customers’ success is not only our top focus, it’s what sets us apart from others. Whether organizations leverage our product offerings and services, or those offered through strong Ounce partners like Cigital, our customers know they have the best enterprise-level source code analysis products available on the market today to help safeguard their brand. As evidenced by data breaches at companies like Heartland Payment Systems, RBS Worldpay, Hannaford Brothers and TJX Companies, the security risks posed by insecure software are great, and the critical information software carries, stores, and delivers needs to be better protected.”

Ounce Labs’ enterprise source code analysis technology — in use by many Fortune 500 companies, leading e-commerce companies and financial institutions — helps provide insight into potential business-critical software vulnerabilities across a broad portfolio of applications. The company’s solutions help organizations by giving them the visibility and remediation advice necessary to navigate their application landscape to protect confidential information and support compliance efforts with both internal policies and industry mandates.

About Gartner Magic Quadrant

The Gartner Magic Quadrant is copyrighted 2009 by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Ounce Labs, Inc.

Ounce Labs’ industry-leading Static Application Security Testing (SAST) suite brings enterprise-wide awareness of business critical vulnerabilities. With this ability to identify and prioritize issues, organizations have the information they need to address their greatest risks. Ounce’s patented source code analysis delivers the scalability and automation to help organizations such as EDS, IBM, Intel, and Lockheed Martin strengthen application security and protect confidential information. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.

Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.

(1) Gartner, Inc., “Magic Quadrant for Static Application Security Testing,” 1Q09, J. Feiman, N. MacDonald, February 6, 2009.

    Media       Jennifer Sullivan                Brenda Menard
    Contacts:   Ounce Labs                       Davies Murphy Group
                781.547.7013                     781.418.2435
                jennifer.sullivan@ouncelabs.com  ounce@daviesmurphy.com
                http://www.ouncelabs.com         http://www.daviesmurphy.com

SOURCE Ounce Labs