"Security of applications is a priority for nearly every organization, whether developing their applications in-house, outsourcing development to a third party, or acquiring open source software. Everyone's concern is the same: 'How can I make sure my business is relying on applications that are secure?'" said Joseph Feiman, VP and Gartner Fellow. "Software security assessments delivered as a service offer businesses access to application security testing, which might otherwise be beyond their reach due to budget or staff reductions."
The global economic downturn has forced IT security executives to struggle with budgetary pressures, and demonstrate the alignment between IT security projects and business goals amid heavy cost-cutting. They also face pressure to implement application security due to federal and industry compliance mandates including PCI, SOX, FISMA and HIPAA. Many businesses lack the IT resources needed to effectively implement all the security measures necessary to fully protect their data. Ounce Labs A3S is designed to augment internal resources by delivering application security assessments that allow organizations to secure critical applications at a fixed cost.
A3S allows organizations to pick a business-critical application and leverage external security experts to quickly assess that application's threat surface and recommend appropriate remediation. A3S enables organizations that are resource-constrained to take advantage of automated source code analysis, as well as the experience of the Ounce Certified Partner, at a price point that would otherwise not be available to them.
"The current economy is forcing companies to make difficult decisions about where to spend their money, but security remains a 'must have' investment. Organizations must be vigilant about data security. A security breach exposing sensitive data in today's environment will catastrophically effect a company's reputation for security and inevitably impact their bottom line," said Gary Jackson, CEO of Ounce Labs. "Even in larger businesses, IT departments are understaffed and developers aren't armed with the latest security know-how. With A3S, we've taken the next step in providing a new model for helping secure critical applications and providing access to application security expertise through our strong community of world-class security providers."
By analyzing a single critical application, businesses can use the assessment results to extrapolate vulnerabilities in other critical applications across their entire application portfolio, thereby increasing the value of a single analysis. The service can be delivered through Ounce or through one of the company's world-class Certified Partners. Pricing for a single application assessment sourced directly through Ounce is as follows:
Pricing varies by Certified Partner based on their specific additional services afforded. For more information about Ounce Labs' assessment software security service, please visit: http://www.ouncelabs.com/partners/.