FFIEC News

Ounce Labs Enhances Source Code Analysis Product to Integrate Security Into the Software Development Lifecycle

(Jan 16, 2008)-- Ounce Labs announced the latest version of its award-winning source code analysis software. The enhanced product delivers scan automation and reporting capabilities to help enterprises more easily incorporate source code analysis (SCA) into their own software development lifecycle (SDLC).

Ounce has enhanced its source code analysis product by adding the Ounce Automation Server to provide seamless integration of security into build environments wherever developers choose to implement it within the SDLC. The Ounce Automation Server provides the ability to automatically scan, define, publish and report on the security of application code during development.

Ounce is also providing support for the Apache Maven project management and automation software with a plug-in designed to help developers extend the build process to include security. The Ounce/Maven Plug-In is a free-standing command line interface that helps Maven users deliver security through source code analysis within their build environments. The Ounce/Maven Plug-in allows developers to initiate Ounce scan operations, generate a report of scan results, and publish and save reports.

In addition, Ounce is contributing the Ounce/Maven Plug-in to the open-source community. The module will be hosted at open-source project repository Codehaus, which can be found online at www.codehaus.org. "Secure programming is not always paramount in the minds of software developers," said Brian Fox from the Apache Maven project. "The Agile way to use these tools is via build system integration that provides automatic scanning and reporting on a regular basis. Integrating advanced tools into a build is unfortunately a frequent barrier to adoption. By donating the Ounce/Maven Plug-in, Ounce is enabling the open source community to work together to leverage the Maven plug-in platform to provide drop-in integration and scanning of all projects using Maven."

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Share or bookmarklet this web page at: