February 9, 2004
- Waltham, MA
Ounce Labs, Inc., leading-edge provider of application security solutions, today announced that it secured $6 million in Series A funding from Greylock and Commonwealth Capital Ventures. The company’s Prexis family of products delivers precise vulnerability metrics that security executives, managers, and developers need to understand and manage the vulnerabilities in their applications. The company also announced today the appointment of Greg Dunne as Vice President of Sales.
“Security is more than an IT concern, it is a business concern. Ounce Labs was founded to deliver a new level of application vulnerability insight,” said Jack Danahy, CEO of Ounce Labs. “Everyone, from senior executives to application developers, needs to focus their time and money on their most critical application security problems, and they must be able to measure and report on their progress. Security cannot be managed without metrics and business-level insight, and that is the information that Ounce Labs delivers.”
New regulatory requirements and the explosive growth in outsourcing are driving the need to measure, track, and report on the security of critical applications. Ounce Labs’ products locate and categorize vulnerabilities in application source code using patents-pending contextual analysis technology. Applications are then rated by vulnerability density (V-Density™) to enable comparative analysis and progress reporting. These results appear in tailored interactive reports for security officers, project managers, and application developers.
“Jack Danahy and the team at Ounce Labs have spent their careers successfully delivering solutions to a variety of security problems,” said David Aronoff, general partner at Greylock. “Ounce Labs has identified a strong demand for a reliable means of objectively assessing risks and prioritizing security investments. As established investors in the security market, we absolutely agree.”
“As the trend towards outsourced development grows, CSOs and CIOs need a way to evaluate the security of the code being delivered,” stated Brian Kelly, director of the Guiliani Advanced Security Center at Ernst & Young. “Precise, reliable metrics can set a threshold for security acceptance criteria that hold outsourcers accountable.”
"Enterprises that set security priorities without detailed vulnerability information are simply shooting in the dark,” observed John Pescatore, Vice President at Gartner Research. “Enterprises need to drive commercial and custom software to be more secure, requiring application vulnerability metrics to support mission-critical decisions."
“Our research has shown a new focus on regulatory compliance is driving the market demand to demonstrate consistent, provable progress in security,” observed Justin Perreault, general partner at Commonwealth Capital Ventures. “Our experience with Jack and his team shows that their approach, and the metrics that they generate, are a clear and consistent solution to this requirement.”