Ounce Labs Delivers Measurable Software Risk Management with Prexis 3.0

Source code vulnerability analysis software expands management-level control and supported environments

Waltham, MA—February 7, 2005 — Ounce Labs, Inc., a leader in software vulnerability risk management, today announced version 3.0 of its source code vulnerability analysis software, Prexis. Prexis 3.0 features added support to assess Java and JSP programming languages and to run on Linux and Solaris platforms. To increase management-level control, the assessment and reporting capabilities now include the Software Security Profile, an audit checklist that verifies the implementation of critical security features.

“Measuring the risk posed by critical applications remains one of the biggest question marks for information and security executives,” said Jack Danahy, CEO of Ounce Labs. “Prexis enables them to quickly assess these levels and compare them to internal security thresholds or audit requirements. This automation drives down the costs of application security in measurement, management, and mitigation of risk.”

The Software Security Profile provides a detailed audit of critical security features in software. Managers and auditors use these reports to automatically verify that requirements such as encryption, access control, logging, and error handling have been implemented before certifying the software for deployment.

“Prexis gives us a complete picture of our software security across multiple products in development, spanning millions of lines of code,” said Rick Irving, President and CEO of Entegrity Solutions, Inc. “It makes our security review process much more efficient, and we can track progress from a management perspective with the Security Profile.”

Prexis minimizes the costs of potential security vulnerabilities by allowing users to immediately identify and fix them before they represent enterprise risk. Reports navigate remediation staff directly to each specific line of vulnerable code through Prexis’ integration with the top integrated development environments, including Microsoft Visual Studio .NET 2003.

“Ounce Labs’ integration of its technology with Visual Studio .NET 2003 demonstrates its commitment to helping our mutual customers address security issues in the early stages of development,” said Rick Samona, product manager in the .NET Framework and Developer Tools Marketing Group at Microsoft Corp.

“Increasing the security of software is a bottom line concern for enterprises, as it touches operations in every facet of business,” said John Pescatore, VP Distinguished Analyst, Internet Security for Gartner, Inc. “Testing and reviewing software for security during all phases of development has proven to be a viable, effective, and efficient way to greatly increase software security.”

Ounce Labs, Inc.

Ounce Labs, a leader in software vulnerability risk management, delivers technology that allows customers to manage software vulnerability risk across their organization and throughout the software development lifecycle. Ounce Labs is located in Waltham, Massachusetts. For more information, please visit http://www.ouncelabs.com.

All other product and company names herein may be trademarks of their respective owners.