• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Ounce Labs Announces Software Security Assessment-as-a-Service

Posted on: Tuesday, 12 May 2009, 08:00 CDT

Offering Makes Application Security Risk Assessment Affordable and Accessible for All Organizations

WALTHAM, Mass., May 12 /PRNewswire/ -- Ounce Labs, the industry leader in static application security testing (SAST), today announced its Assessment-as-a-Service (A3S) program, available since January, for organizations that lack the internal resources needed to perform application security assessments in-house. Working with a community of Certified Partners, Ounce Labs offers an affordable assessment-as-a-service delivery model for evaluating security vulnerabilities that put critical applications at risk. With A3S, Ounce Labs offers customers application security insight that leverages minimum internal resources to create an appropriate framework for the assessment of targeted applications and a plan to prioritize and eliminate vulnerabilities, all delivered with hands-on expert remediation assistance.

"Security of applications is a priority for nearly every organization, whether developing their applications in-house, outsourcing development to a third party, or acquiring open source software. Everyone's concern is the same: 'How can I make sure my business is relying on applications that are secure?'" said Joseph Feiman, VP and Gartner Fellow. "Software security assessments delivered as a service offer businesses access to application security testing, which might otherwise be beyond their reach due to budget or staff reductions."

The global economic downturn has forced IT security executives to struggle with budgetary pressures, and demonstrate the alignment between IT security projects and business goals amid heavy cost-cutting. They also face pressure to implement application security due to federal and industry compliance mandates including PCI, SOX, FISMA and HIPAA. Many businesses lack the IT resources needed to effectively implement all the security measures necessary to fully protect their data. Ounce Labs A3S is designed to augment internal resources by delivering application security assessments that allow organizations to secure critical applications at a fixed cost.

A3S allows organizations to pick a business-critical application and leverage external security experts to quickly assess that application's threat surface and recommend appropriate remediation. A3S enables organizations that are resource-constrained to take advantage of automated source code analysis, as well as the experience of the Ounce Certified Partner, at a price point that would otherwise be unavailable to them.

"The current economy is forcing companies to make difficult decisions about where to spend their money, but security remains a 'must have' investment. Organizations must be vigilant about data security. A security breach exposing sensitive data in today's environment will catastrophically effect a company's reputation for security and inevitably impact their bottom line," said Gary Jackson, CEO of Ounce Labs. "Even in larger businesses, IT departments are understaffed and developers aren't armed with the latest security know-how. With A3S, we've taken the next step in providing a new model for helping secure critical applications and providing access to application security expertise through our strong community of world-class security providers."

By analyzing a single critical application, businesses can use the assessment results to extrapolate vulnerabilities in other critical applications across their entire application portfolio, thereby increasing the value of a single analysis. The service can be delivered through Ounce or through one of the company's world-class Certified Partners. Pricing for a single application assessment sourced directly through Ounce is as follows:

• 0-100K Lines of Code - $4,900
• 100K - 250K Lines of Code - $7,900
• 250K - 500K Lines of Code - $10,990
• 500K+ Lines of Code - Custom pricing available

Pricing varies by Certified Partner based on their specific additional services afforded. For more information about Ounce Labs' assessment software security service, please visit: http://www.ouncelabs.com/partners/.

About Ounce Labs, Inc.

Ounce Labs' industry-leading Static Application Security Testing (SAST) suite brings enterprise-wide awareness of business critical vulnerabilities. With this ability to identify and prioritize issues, organizations have the information they need to address their greatest risks. Ounce's patented source code analysis delivers the scalability and automation to help organizations such as EDS, IBM, Intel, and Lockheed Martin strengthen application security and protect confidential information. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.

Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.

MEDIA CONTACTS: Jennifer Sullivan Ounce Labs 781.547.7013 jennifer.sullivan@ouncelabs.com www.ouncelabs.com Mark Daly Davies Murphy Group 781.418.2411 ounce@daviesmurphy.com http://www.daviesmurphy.com

SOURCE Ounce Labs

Source: PR Newswire

More News in this Category