Ounce Labs Simplifies Regulatory and Policy Compliance With New SmartAudit

Ounce 4.2 Audit and Reporting Console Drives Security Compliance to the Line of Code

Ounce Labs, the leader in software security assurance, today announced the release of Ounce 4.2, featuring the SmartAudit(TM) automated report generation for software security analysts, development managers, and risk management auditors. SmartAudit translates the results of Ounce's extensive source code security analysis into comprehensive audit reports that measure compliance with software security best practices and regulatory requirements.

"There are a number of industry references for what constitutes secure software, so it's often difficult for companies to demonstrate the security of their applications, whether in development, outsourced or in production," said Brent Huston, CEO of MicroSolved. "By generating compliance reports automatically, Ounce's SmartAudit enables users to quickly and thoroughly test their software at the code level and prove that it meets the requirements of auditors, partners, customers, or other key stakeholders. This helps us all make better business decisions when it comes to protecting critical data and resources."

SmartAudit uses Ounce's superior source code vulnerability analysis results to power a series of reports that provide a detailed picture of compliance to a security, development, or audit executive. Each SmartAudit report features:

--  Security Compliance Report Card: an at-a-glance, top-line view of the
    compliance state of an application.
--  Detailed Security Audit Review: across all vulnerability categories,
    including both coding errors and the design flaws that most critically
    endanger data privacy and operational integrity, such as errors in
    encryption, logging, and access control.
--  SmartAudit Drill-Down: direct access to the non-compliant source code
    for further analysis and remediation prioritization and assignment.
    

The initial SmartAudit reports that will be offered include:

1. OWASP Top Ten: Identifies the existence and location in the source code of any of the Top 10 most critical web application security vulnerabilities, a list complied by the Open Web Application Security Project.

2. Software Security Profile: Provides an overall view of the security state of an application, across every major vulnerability category.

Ounce Labs will continue to develop additional reports for the SmartAudit suite in future releases according to changing software security requirements and industry demand.

"SmartAudit is groundbreaking because for the first time, developers will understand how their code affects compliance, and auditors will be able to better understand the root causes of many kinds of non-compliance," said Jack Danahy, CTO and founder of Ounce Labs. "This is a unique and significant advantage to organizations that want to develop and run certifiably secure software."

Ounce 4.2 will be generally available on February 28, 2007.

About Ounce Labs, Inc.

Ounce Labs(TM), the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending source code analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete results, the fastest time-to-results, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com