HIPAA News

Ounce Labs Announces Ounce 5.0; Enterprise-Level Security Enhancements and Support for Critical Industry Regulations and Best Practices

(June 04, 2007)-- Ounce Labs, announced the availability of Ounce 5.0, with new enterprise-focused features designed to support critical business issues, including compliance with the Payment Card Industry (PCI) Data Security Standard, the Open Web Application Security Project (OWASP) Top 10 2007 and mapping to the Common Weakness Enumeration (CWE) vulnerability database. These and other enterprise-level enhancements in Ounce 5.0 enable organizations to radically reduce the potential for security breaches by making it possible to identify, prioritize and eliminate application vulnerabilities across their entire software portfolio. These often-overlooked software vulnerabilities are what cyber-criminals use to gain access to customer data and other confidential business information.

Ounce 5.0 is the first solution to support both the Privacy (Requirement 3) and Security (Requirement 6) sections of the PCI standard, which requires the protection of customer credit card information and the security assessment of software applications across retail, financial services and other industries.

"The objectives of the newly formed PCI Security Vendor Alliance are to educate the community about the technology available to help merchants address emerging threats and find ways to apply the standard more efficiently within their business as part of their efforts to achieve compliance with the PCI Data Security Standard," said David Taylor, President of the PCI Council. "Ounce Labs helps merchants achieve compliance by enabling them to review all custom application code for common vulnerabilities, which will become a PCI DSS requirement on June 30, 2008."

Ounce 5.0 also delivers the industry's most comprehensive support for best practices standards, including detailed reports identifying application vulnerabilities defined by the OWASP Top 10 2007 and the CWE specification published by Mitre Corp.

According to industry analysts, as many as 80 percent of companies will suffer an application security incident by 2009. This growing threat -- along with compliance requirements such as the PCI standard -- requires that organizations more tightly integrate application security methods, tools, standards and best practices into their software development life cycles. Ounce 5.0 serves as the catalyst for this kind of initiative by providing a cross-application enterprise-wide solution for eliminating existing security vulnerabilities and preventing future ones.

"Software vulnerabilities are the unlocked windows that identity thieves look for when attempting to steal sensitive data. If enterprises eliminate these vulnerabilities, they minimize their risk of suffering the kinds of security breaches we read about in the news every day," said Hugh Scandrett, President and CEO of Ounce Labs. "Ounce 5.0 is the only solution that provides support for what are currently some of the most business-critical security regulations and standards including PCI, OWASP and CWE. This gives our customers the assurance that their applications are protected from the widest range of vulnerabilities, which can substantially reduce their risk of inadvertently exposing confidential information, such as customer credit card or employee social security numbers."

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.

Share or bookmarklet this web page at: