Ounce Labs announced the release of Ounce 4.2, featuring the SmartAudit automated report generation tool for security analysts, development manager and risk management auditors.
SmartAudit translates the results of Ounce's source code security analysis into comprehensive audit reports that measure compliance with software security best practices and regulatory requirements.
Each SmartAudit report features the following:
- Security Compliance Report Card: This is an at-a-glance, top-line view of the compliance state of an application.
- Detailed Security Audit Review: This runs across all vulnerability categories, including both coding errors and the design flaws that most critically endanger data privacy and operational integrity, such as errors in encryption, logging and access control.
- SmartAudit Drill-Down: Direct access to the non-compliant source code for further analysis and remediation prioritization and assignment.
The initial SmartAudit reports that will be offered include the following:
- OWASP Top 10: This report identifies the existence and location in the source code of any of the top 10 most critical Web application security vulnerabilities, a list complied by the Open Web Application Security Project.
- Software Security Profile: This report provides an overall view of the security state of an application, across every major vulnerability category.
Ounce Labs will continue to develop additional reports for the SmartAudit suite in future releases according to changing software security requirements and industry demand.
Ounce 4.2 will be generally available Feb. 28, 2007.