Enhancements to the Ounce source code analysis tool will help companies analyze large enterprise applications quickly
for security flaws, according to Ounce Labs.
Ounce 6.0, available in early August, uses an automation server to automatically scan applications, providing prioritization and developer assignments without human intervention and delivering only confirmed vulnerabilities to the developer desktop, said Jack Danahy, CTO and founder of Ounce Labs.
"People want to do various types of triage," he said. "We've received more requests for automated triage."
To satisfy those requests, Ounce 6 includes Developer Triage and Team Triage. Developer Triage enables developers to act quickly on the most serious vulnerabilities, while Team Triage allows team members other than developers to look at the assessment data, make decisions, and merge data back into the system.
Ounce 6 also gives developers the ability to access analytic functions and give security analysts developer capabilities in the analyst framework.
"What we found out is sometimes the person doing triage is also the lead developer and would like to see the analyst functionality in the developer world. And we have security analysts who want developer tools," Danahy said. "The suite is much more flexible for the individual role players who want to take advantage of it."
For more information about Ounce 6, visit Ounce Labs' Web site.