Ounce Labs Announces Software Security Assessment-as-a-Service

Makes application security risk assessment accessible and affordable for all organizations

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the this vendor's statements.

Ounce Labs has announced its Assessment as a Service (A3S) program. Available since January, A3S was created for organizations that lack the internal resources needed to perform application security assessments in-house. Working with a community of Certified Partners, Ounce Labs offers an affordable assessment-as-a-service delivery model for assessing security vulnerabilities that put critical applications at risk. Applications are by their nature complex, as are the business problems that they are intended to solve. With A3S, Ounce Labs offers customers affordable application security insight that leverages minimum customer internal resources to create an appropriate framework and priorities for the assessment of targeted applications delivered with hands-on expert remediation assistance.

The global economic downturn has forced IT security executives to struggle with budget pressures, and demonstrate the alignment between IT security projects and business goals amid heavy cost cutting. They also face pressure to implement application security due to federal and industry compliance mandates including PCI, SOX, FISMA, and HIPAA. Many businesses lack the IT resources needed to effectively implement all the security measures necessary to fully protect their data. Ounce Labs A3S is designed to augment internal resources by delivering application security assessments that allow organizations to secure critical applications at a fixed cost.

A3S allows organizations to pick a business-critical application and leverage external security experts to quickly assess that application’s threat surface and recommend appropriate remediation. A3S enables organizations that are resource-constrained to take advantage of automated source code analysis, as well as the experience of the Ounce Certified Partner, at a price point that would otherwise not be available to them.

“The current economy is forcing companies to make difficult decisions about where to spend their money, but security remains a “must have” investment. Organizations must be vigilant about data security. A security breach exposing sensitive data in today’s environment will catastrophically effect a company’s reputation for security and inevitably impact their bottom line,” said Gary Jackson, CEO of Ounce Labs. “Even in larger businesses, IT departments are understaffed and developers aren’t armed with the latest security know-how. With A3S, we’ve taken the next step in providing a new model for helping secure critical applications and providing access to application security expertise through our strong community of world-class security providers.”

By analyzing a single critical application, businesses can use the assessment results to extrapolate vulnerabilities in other critical applications across their entire application portfolio, thereby increasing the value of a single analysis. The service can be delivered through Ounce or through one of the company’s certified partners. Pricing for a single application assessment sourced directly through Ounce is:

  • 0-100K Lines of Code - $4,900
  • 100K – 250K Lines of Code - $7,900
  • 250K – 500K Lines of Code - $10,990
  • 500K+ Lines of Code - Custom pricing available

Pricing varies by certified partner based on specific additional services afforded. For more information on Ounce Labs’ assessment software security service, please visit: www.ouncelabs.com/partners.