Ounce Labs Enhances Source Code AnalysisOunce Labs Enhances Source Code Analysis
Ounce Labs enhances source code analysis product to integrate security into software development; company contributes to open source community
January 15, 2008
WALTHAM, Mass. -- Ounce Labs, the industry leader in software risk analysis, today announced the latest version of its award-winning source code analysis software. The enhanced product delivers scan automation and reporting capabilities to help enterprises more easily incorporate source code analysis (SCA) into their own software development lifecycle (SDLC).
Ounce has enhanced its source code analysis product by adding the Ounce Automation Server to provide seamless integration of security into build environments wherever developers choose to implement it within the SDLC. The Ounce Automation Server provides the ability to automatically scan, define, publish and report on the security of application code during development.
Ounce is also providing support for the Apache Maven project management and automation software with a plug-in designed to help developers extend the build process to include security. The Ounce/Maven Plug-In is a free-standing command line interface that helps Maven users deliver security through source code analysis within their build environments. The Ounce/Maven Plug-in allows developers to initiate Ounce scan operations, generate a report of scan results, and publish and save reports.
In addition, Ounce is contributing the Ounce/Maven Plug-in to the open-source community. The module will be hosted at open-source project repository Codehaus, which can be found online at www.codehaus.org. "Secure programming is not always paramount in the minds of software developers," said Brian Fox from the Apache Maven project. "The Agile way to use these tools is via build system integration that provides automatic scanning and reporting on a regular basis. Integrating advanced tools into a build is unfortunately a frequent barrier to adoption. By donating the Ounce/Maven Plug-in, Ounce is enabling the open source community to work together to leverage the Maven plug-in platform to provide drop-in integration and scanning of all projects using Maven."
"Ounce is continuing to champion the advancement of secure software development by providing a new open-source plug-in for Maven. The transparency of development in the open source community makes it well-suited for our approach to source code analysis that includes focusing on security as a core requirement, not an afterthought," said Jack Danahy, chief technical officer and co-founder of Ounce Labs. "The addition of this new capability is another example of our ongoing commitment to help organizations and enterprises easily add security into their development processes without disrupting or delaying timelines."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Modernize your Security Operations with Human-Machine Intelligence
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums