Customer Case Studies

Service Provider: ITWORX

 

Customer Profile

ITWorx, based in Egypt, is a professional IT services firm focusing on IT solutions development for Global 2000 companies, and custom application development for some of the biggest names in software. The company offers Portals, Business Intelligence, SOA, and Application Development Outsourcing services for Financial Service firms, Educational institutions, Telecommunication operators, and ISVs in North America, Europe, and the Middle East.

Challenges:

With its Global 2000 customer list, ITWorx has become one of the largest software professional services company in Egypt, delivering more than 300 applications a year to organizations around the world. The chain of trust that results from being a software supplier to the world’s leading organizations is the highest priority for ITWorx. They view this deep-seated commitment to secure applications as a competitive advantage in the marketplace. As a result, they have made it a top priority to deliver applications that not only meet the business requirements of their customers, but are also designed and built to protect their confidential data. Secure data requires secure source code, and this knowledge led the company to investigate source code analysis tools to help secure their software development lifecycle (SDLC).

With hundreds of applications in development every year at ITWorx, it was vital that they find a solution that could snap-fit into their existing development processes, and run across large code bases and a broad spectrum of application types. They needed accurate and actionable results delivered directly to the security analyst and developer desktop. Additionally, the solution must have the flexibility and customization capabilities to fine-tune scans to fit the particular policy and compliance requirements of the wide variety of customers served by ITWorx. Finally, it needed to provide the reporting capabilities for ITWorx to validate the security of the solution to the customers they serve.

Why They Chose Ounce:

After an exhaustive evaluation of a number of source code analysis solutions, ITWorx selected Ounce. The Ounce solution offered the accuracy, actionability, and adaptability ITWorx needed to fit the demanding requirements of their security-conscious customers.

“After a series of exhaustive tests, it became clear that Ounce offered us the most accurate and actionable results in the industry,” said Dr. Tarek Nabhan, Products Division Manager for ITWorx. “Ounce also makes it easy for our developers and analysts to quickly implement the necessary changes to the software, helping us to deliver the most secure software possible, on time.”

• Accurate: With the unique ability to deliver one-click access to confirmed vulnerabilities to ITWorx’s security analysts and developers, Ounce ensures they can start remediation immediately on the most critical vulnerabilities. Ounce’s patented source code analysis technology identifies both the coding errors and design flaws that are an inevitable process of even the most rigorous software development. But with Ounce’s precise analysis and remediation advice, ITWorx is able to eliminate those security flaws before the software is delivered to the customer.
• Actionable: In order to be effective, Ounce had to fit into ITWorx’s existing development processes. The product’s tight integration into the IDE environment ensures that source code security became an integral part of the developer’s workflow, providing instant access to security code analysis results and remediation advice, at the line of code. Development costs are reduced by identifying and eliminating vulnerabilities during coding. Additionally, ITWorx’s security analysts are able to perform triage quickly and efficiently on all delivered code, providing them with a complete view of the security of the fully assembled code. The analysts can then use Ounce’s SmartAudit compliance reporting to validate that the security requirements for the project have been met before approving the code for delivery to the customer.
• Adaptable: With Ounce, ITWorx can customize the industry’s most in-depth security knowledgebase with the specific requirements of their wide range of customers. With a few clicks of the mouse, security analysts can add policy-specific items to the analysis, and can click directly to those results in Ounce’s findings. Additionally, Ounce is able to scan the largest code bases across a number of languages, ensuring that ITWorx can accommodate the wide range of application types they develop throughout the year. “Ounce has helped make source code security a demonstrable advantage that we offer to our customers,” says Dr. Nabhan. “We have reduced development costs, improved security, and enhanced even further the confidence our customers place in us.”