Ounce Labs Launches New Application Security Assessment-As-A-Service

A3S program aimed at organizations that lack the internal resources needed to perform application security assessments in-house

May 12, 2009

3 Min Read


WALTHAM, Mass. " May 12, 2009 " Ounce Labs, the industry leader in static application security testing (SAST), today announced its Assessment-as-a-Service (A3S) program for organizations that lack the internal resources needed to perform application security assessments in-house. Working with a community of Certified Partners, Ounce Labs offers an affordable assessment-as-a-service delivery model for evaluating security vulnerabilities that put critical applications at risk. With A3S, Ounce Labs offers customers application security insight that leverages minimum internal resources to create an appropriate framework for the assessment of targeted applications and a plan to prioritize and eliminate vulnerabilities, all delivered with hands-on expert remediation assistance.

"Security of applications is a priority for nearly every organization, whether developing their applications in-house, outsourcing development to a third party, or acquiring open source software. Everyone's concern is the same: 'How can I make sure my business is relying on applications that are secure?'" said Joseph Feiman, VP and Gartner Fellow. "Software security assessments delivered as a service offer businesses access to application security testing, which might otherwise be beyond their reach due to budget or staff reductions."

The global economic downturn has forced IT security executives to struggle with budgetary pressures, and demonstrate the alignment between IT security projects and business goals amid heavy cost-cutting. They also face pressure to implement application security due to federal and industry compliance mandates including PCI, SOX, FISMA and HIPAA. Many businesses lack the IT resources needed to effectively implement all the security measures necessary to fully protect their data. Ounce Labs A3S is designed to augment internal resources by delivering application security assessments that allow organizations to secure critical applications at a fixed cost.

A3S allows organizations to pick a business-critical application and leverage external security experts to quickly assess that application's threat surface and recommend appropriate remediation. A3S enables organizations that are resource-constrained to take advantage of automated source code analysis, as well as the experience of the Ounce Certified Partner, at a price point that would otherwise not be available to them.

"The current economy is forcing companies to make difficult decisions about where to spend their money, but security remains a 'must have' investment. Organizations must be vigilant about data security. A security breach exposing sensitive data in today's environment will catastrophically effect a company's reputation for security and inevitably impact their bottom line," said Gary Jackson, CEO of Ounce Labs. "Even in larger businesses, IT departments are understaffed and developers aren't armed with the latest security know-how. With A3S, we've taken the next step in providing a new model for helping secure critical applications and providing access to application security expertise through our strong community of world-class security providers."

By analyzing a single critical application, businesses can use the assessment results to extrapolate vulnerabilities in other critical applications across their entire application portfolio, thereby increasing the value of a single analysis. The service can be delivered through Ounce or through one of the company's world-class Certified Partners. Pricing for a single application assessment sourced directly through Ounce is as follows:

  • 0-100K Lines of Code " $4,900

    • 100K " 250K Lines of Code " $7,900

    • 250K " 500K Lines of Code " $10,990

    • 500K+ Lines of Code " Custom pricing available

      Pricing varies by Certified Partner based on their specific additional services afforded. For more information about Ounce Labs' assessment software security service, please visit: http://www.ouncelabs.com/partners/.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights