October 24, 2006
- Waltham, MA
Ounce Labs, the leader in software security assurance, today announced that its software has been reviewed by the Johns Hopkins University Applied Physics Laboratory (JHU/APL) and recommended for deployment throughout the Department of Defense (DoD). Citing the DoD's reliance on software and the importance of eliminating potential security vulnerabilities, the analysts who conducted the evaluation found that Ounce Labs' source code analysis technology would offer significant benefits to project costs, efficiency, and overall security.
"The analysis done by NetWarCom, teaming with JHU, shows that the capabilities offered by the Ounce solution represent significant military utility, and an absolute must-have for the US Navy," said CDR Tony Parrillo, Director of the FORCEnet Execution Center. "The ability to automatically detect and manage vulnerabilities in software applications will greatly strengthen the Navy's defense in depth and ensure the warfighter receives the right information at the right time."
The evaluation was performed in technical support for the Navy's Innovation and Experimentation Directorate of the Naval Network Warfare Command (NetWarCom) and the Program Executive Office Integrated Warfare Systems (PEO IWS) sponsor. According to a report written by the analysts at the APL, Ounce Labs had been chosen for this evaluation "based on a comparison of several candidate software packages and all known inspection mission requirements."
Among the key findings of the evaluation, the report explains that the "[technology offered by] Ounce Labs is capable of automatically scanning large volumes of source code in a very short period of time and producing a very thorough assessment of the overall software product security and, by extension, its reliability."
Proving valuable across a wide variety of customer installations, the Ounce software security solution has successfully scanned applications up to 50 million lines of code in a single assessment, distinguishing real vulnerabilities from potential ones and enabling users to immediately focus on the most critical issues. In addition to pinpointing the simple coding errors found by most source code analysis tools, Ounce also identifies application design flaws such as weak encryption, poor authentication, and lack of access control, which often lead to much more serious security breaches.
"Federal agencies, and the Department of Defense specifically, are quickly advancing the use of source code analysis technology to assure the security of their software," said Hugh Scandrett, CEO of Ounce Labs. "By proving the cost, security, and operational benefits that Ounce Labs' code analysis technology offers the Navy, the analysts at Johns Hopkins have helped set the business case for further deployment. This leadership demonstrated by the DoD is also a great model for success among our commercial customers."
To detail the value of the Ounce solution specifically and source code analysis tools in general, the APL analysts explained that they can help the Department of Defense:
- Reduce engineering manpower to maintain the system and its software.
- Reduce the effort required to certify systems that contain software.
- Decrease the risk that vulnerabilities exist in the delivered software.
- Decrease the logistics cost by reducing the rework required to remove vulnerabilities.
- Increase the sustainability by reducing the number of initial vulnerabilities.
- Decrease the potential downtime of operational systems due to certain types of latent software bugs.