Automated security tool finds flaws in enterprise apps Staff

Enhancements to the Ounce source code analysis tool will help companies analyze large enterprise applications quickly for security flaws, according to Ounce Labs.

Ounce 6.0, available in early August, uses an automation server to automatically scan applications, providing prioritization and developer assignments without human intervention and delivering only confirmed vulnerabilities to the developer desktop, said Jack Danahy, CTO and founder of Ounce Labs.

"People want to do various types of triage," he said. "We've received more requests for automated triage."

To satisfy those requests, Ounce 6 includes Developer Triage and Team Triage. Developer Triage enables developers to act quickly on the most serious vulnerabilities, while Team Triage allows team members other than developers to look at the assessment data, make decisions, and merge data back into the system.

Ounce 6 also gives developers the ability to access analytic functions and give security analysts developer capabilities in the analyst framework.

"What we found out is sometimes the person doing triage is also the lead developer and would like to see the analyst functionality in the developer world. And we have security analysts who want developer tools," Danahy said. "The suite is much more flexible for the individual role players who want to take advantage of it."

For more information about Ounce 6, visit

Requires Free Membership to View

Ounce Labs' Web site.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: