June 28, 2004
- Waltham, MA
Ounce Labs, Inc., the leader in software vulnerability analysis and management, today announced the general availability of Prexis v. 2.0, the Company’s automated source code vulnerability analysis product for enterprise-wide software vulnerability management. Powered by Ounce Labs’ revolutionary patents-pending Contextual Analysis technology, Prexis rapidly scans application source code and identifies coding flaws that leave critical applications vulnerable to attack and exploitation. Large enterprises, independent software vendors, and outsourcers use Prexis to understand the risk posed by their applications, address that risk proactively, and report on progress in remediation efforts over time to auditors and regulators.
Prexis represents a visionary new sector of security solution directly addressing the rising concern over vulnerable applications. There is a clear and growing demand from business executives, industry experts, and legislators to effectively address the risk posed by coding flaws. Using Prexis’ in-depth software vulnerability reports, executives, managers, and developers can now instantly understand and eliminate the vulnerabilities in critical applications throughout the enterprise. Ounce Labs’ new V-Density™ (vulnerability density) metric provides a precise, measurable, and consistent way to evaluate the risk posed by vulnerable applications. The vulnerability metric also helps executives and managers prioritize remediation and protection efforts. Prexis is present from the earliest point of the software lifecycle to prioritize and eliminate critical application vulnerabilities earlier, and at the lowest cost possible.
“Using the information gathered through automated contextual analysis of source code, security executives can finally measure and understand the vulnerability of their applications,” said Ounce Labs’ CEO Jack Danahy. “Managers can also use Prexis data to determine the vulnerability of their projects from in-house and outsourced providers, while developers can identify the vulnerabilities in their code and learn how to fix them. This product changes the approach to understanding and addressing the security of applications at every level of the organization.”
"Enterprises that set security priorities without detailed vulnerability information are simply shooting in the dark,” observed John Pescatore, Vice President at Gartner Research. “Enterprises need to drive commercial and custom software to be more secure, requiring application vulnerability metrics to support mission-critical decisions. Stop counting attacks and start closing vulnerabilities."
“Prexis provides source code vulnerability data that is tremendously valuable to Foundstone’s security practice,” stated Mark Curphey, consulting director at Foundstone and founder of OWASP (The Open Web Application Security Project). “Our security teams are able to more efficiently and effectively focus their security evaluation and remediation efforts on the vulnerabilities Prexis uncovers. Additionally, we are able to use the progress and vulnerability reporting to keep our customers apprised
of the security state of their applications.”